[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 42.326878][ T26] audit: type=1800 audit(1554679160.097:25): pid=7819 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 42.365321][ T26] audit: type=1800 audit(1554679160.107:26): pid=7819 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 42.415149][ T26] audit: type=1800 audit(1554679160.107:27): pid=7819 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.115' (ECDSA) to the list of known hosts. 2019/04/07 23:19:30 fuzzer started 2019/04/07 23:19:33 dialing manager at 10.128.0.26:34543 2019/04/07 23:19:33 syscalls: 2408 2019/04/07 23:19:33 code coverage: enabled 2019/04/07 23:19:33 comparison tracing: enabled 2019/04/07 23:19:33 extra coverage: extra coverage is not supported by the kernel 2019/04/07 23:19:33 setuid sandbox: enabled 2019/04/07 23:19:33 namespace sandbox: enabled 2019/04/07 23:19:33 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/07 23:19:33 fault injection: enabled 2019/04/07 23:19:33 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/07 23:19:33 net packet injection: enabled 2019/04/07 23:19:33 net device setup: enabled 23:21:57 executing program 0: syzkaller login: [ 200.035694][ T7983] IPVS: ftp: loaded support on port[0] = 21 23:21:57 executing program 1: [ 200.164905][ T7983] chnl_net:caif_netlink_parms(): no params data found [ 200.274417][ T7983] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.290366][ T7983] bridge0: port 1(bridge_slave_0) entered disabled state [ 200.298462][ T7983] device bridge_slave_0 entered promiscuous mode [ 200.307775][ T7983] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.315310][ T7983] bridge0: port 2(bridge_slave_1) entered disabled state [ 200.323721][ T7983] device bridge_slave_1 entered promiscuous mode [ 200.342633][ T7986] IPVS: ftp: loaded support on port[0] = 21 [ 200.355978][ T7983] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 200.366744][ T7983] bond0: Enslaving bond_slave_1 as an active interface with an up link 23:21:58 executing program 2: [ 200.417389][ T7983] team0: Port device team_slave_0 added [ 200.441671][ T7983] team0: Port device team_slave_1 added [ 200.544050][ T7983] device hsr_slave_0 entered promiscuous mode 23:21:58 executing program 3: [ 200.640663][ T7983] device hsr_slave_1 entered promiscuous mode [ 200.721687][ T7989] IPVS: ftp: loaded support on port[0] = 21 [ 200.733755][ T7986] chnl_net:caif_netlink_parms(): no params data found [ 200.764431][ T7983] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.771800][ T7983] bridge0: port 2(bridge_slave_1) entered forwarding state [ 200.779699][ T7983] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.786867][ T7983] bridge0: port 1(bridge_slave_0) entered forwarding state [ 200.909270][ T7992] IPVS: ftp: loaded support on port[0] = 21 [ 200.915903][ T7986] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.927903][ T7986] bridge0: port 1(bridge_slave_0) entered disabled state [ 200.936767][ T7986] device bridge_slave_0 entered promiscuous mode [ 200.963563][ T7986] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.971865][ T7986] bridge0: port 2(bridge_slave_1) entered disabled state [ 200.979794][ T7986] device bridge_slave_1 entered promiscuous mode 23:21:58 executing program 4: [ 201.035939][ T7983] 8021q: adding VLAN 0 to HW filter on device bond0 [ 201.059100][ T7986] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 201.114414][ T7986] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 201.183370][ T7986] team0: Port device team_slave_0 added [ 201.192839][ T7986] team0: Port device team_slave_1 added [ 201.202590][ T3484] bridge0: port 1(bridge_slave_0) entered disabled state [ 201.222629][ T3484] bridge0: port 2(bridge_slave_1) entered disabled state [ 201.232345][ T3484] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 201.273049][ T7983] 8021q: adding VLAN 0 to HW filter on device team0 [ 201.280071][ T3484] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 201.290093][ T3484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 201.335759][ T7989] chnl_net:caif_netlink_parms(): no params data found [ 201.349893][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 201.359529][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 201.370517][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.377723][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state 23:21:59 executing program 5: [ 201.394310][ T7995] IPVS: ftp: loaded support on port[0] = 21 [ 201.463343][ T7986] device hsr_slave_0 entered promiscuous mode [ 201.510650][ T7986] device hsr_slave_1 entered promiscuous mode [ 201.568975][ T3484] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 201.577619][ T3484] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 201.586415][ T3484] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.593480][ T3484] bridge0: port 2(bridge_slave_1) entered forwarding state [ 201.616176][ T7999] IPVS: ftp: loaded support on port[0] = 21 [ 201.691988][ T7989] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.699233][ T7989] bridge0: port 1(bridge_slave_0) entered disabled state [ 201.710483][ T7989] device bridge_slave_0 entered promiscuous mode [ 201.718106][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 201.727706][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 201.736468][ T7992] chnl_net:caif_netlink_parms(): no params data found [ 201.787471][ T7992] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.794687][ T7992] bridge0: port 1(bridge_slave_0) entered disabled state [ 201.802856][ T7992] device bridge_slave_0 entered promiscuous mode [ 201.810075][ T7989] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.817776][ T7989] bridge0: port 2(bridge_slave_1) entered disabled state [ 201.827931][ T7989] device bridge_slave_1 entered promiscuous mode [ 201.856927][ T7992] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.864358][ T7992] bridge0: port 2(bridge_slave_1) entered disabled state [ 201.872439][ T7992] device bridge_slave_1 entered promiscuous mode [ 201.902561][ T7989] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 201.915208][ T7989] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 201.926298][ T7992] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 201.938930][ T7992] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 201.949582][ T7991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 201.959025][ T7991] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 201.967575][ T7991] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 202.018005][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 202.026922][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 202.035458][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 202.044439][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 202.056650][ T7992] team0: Port device team_slave_0 added [ 202.067335][ T7992] team0: Port device team_slave_1 added [ 202.153310][ T7992] device hsr_slave_0 entered promiscuous mode [ 202.221010][ T7992] device hsr_slave_1 entered promiscuous mode [ 202.272133][ T7989] team0: Port device team_slave_0 added [ 202.282692][ T7989] team0: Port device team_slave_1 added [ 202.299568][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 202.308808][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 202.326151][ T7983] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 202.393763][ T7989] device hsr_slave_0 entered promiscuous mode [ 202.440998][ T7989] device hsr_slave_1 entered promiscuous mode [ 202.511559][ T7986] 8021q: adding VLAN 0 to HW filter on device bond0 [ 202.574234][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 202.582334][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 202.597809][ T7983] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 202.609223][ T7986] 8021q: adding VLAN 0 to HW filter on device team0 [ 202.628978][ T7995] chnl_net:caif_netlink_parms(): no params data found [ 202.665634][ T7999] chnl_net:caif_netlink_parms(): no params data found [ 202.716661][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 202.726561][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 202.740848][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.747888][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 202.756237][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 202.766558][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 202.775047][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.782152][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 202.789731][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 202.798322][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 202.806770][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 202.815374][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 202.824055][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 202.832830][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 202.841365][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 202.849554][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 202.861051][ T7992] 8021q: adding VLAN 0 to HW filter on device bond0 [ 202.868076][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 202.876155][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 202.929697][ T7992] 8021q: adding VLAN 0 to HW filter on device team0 [ 202.964819][ T3484] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready 23:22:00 executing program 0: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000100), 0x49) sendmsg$can_bcm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x5, 0x0, 0x0, {0x0, 0x2710}, {0x77359400}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "3ce93489ca47e9a5"}}, 0x48}}, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x5, 0xb40, 0x0, {0x77359400}, {0x0, 0x7530}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "4059ea17b4fe0178b375245e7e98a0ba3283f0ca57f16ead33dd659d48114c58b45a2b76edb29428a4bcc8ac493663e6d195de50385ce6c4317c291aa77c17f3"}}, 0x80}}, 0x0) sendmsg$can_bcm(r0, &(0x7f0000002f40)={0x0, 0x0, &(0x7f0000002f00)={&(0x7f0000002e80)={0x7, 0x0, 0x0, {0x0, 0x7530}, {}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "58a5bd49977432a5"}}, 0x48}}, 0x0) [ 202.980380][ T3484] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 202.988680][ T3484] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 202.996922][ T3484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 203.005691][ T7986] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 203.037807][ T7995] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.053275][ T7995] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.064186][ T7995] device bridge_slave_0 entered promiscuous mode [ 203.074304][ T7995] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.081664][ T7995] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.089282][ T7995] device bridge_slave_1 entered promiscuous mode [ 203.111679][ T7995] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 203.120077][ T7999] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.127638][ T7999] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.136736][ T7999] device bridge_slave_0 entered promiscuous mode [ 203.145485][ T7999] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.152955][ T7999] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.160896][ T7999] device bridge_slave_1 entered promiscuous mode [ 203.179019][ T7995] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 203.208931][ T7995] team0: Port device team_slave_0 added [ 203.216553][ T7991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 203.225409][ T7991] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 203.233983][ T7991] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.241089][ T7991] bridge0: port 1(bridge_slave_0) entered forwarding state [ 203.259553][ T7991] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 203.281993][ T7986] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 203.296868][ T7999] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 203.310176][ T7995] team0: Port device team_slave_1 added [ 203.328700][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 203.337318][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 203.346453][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.353550][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 203.361893][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 203.387629][ T7992] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network 23:22:01 executing program 1: [ 203.415354][ T7992] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 203.439898][ T7999] bond0: Enslaving bond_slave_1 as an active interface with an up link 23:22:01 executing program 0: 23:22:01 executing program 1: [ 203.470211][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 23:22:01 executing program 0: 23:22:01 executing program 1: [ 203.521353][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 203.533939][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 203.548761][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready 23:22:01 executing program 0: 23:22:01 executing program 1: [ 203.568579][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 203.585012][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 203.594561][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 203.608918][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 203.619140][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 203.628913][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 203.639273][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 203.661071][ T7992] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 203.739323][ T7989] 8021q: adding VLAN 0 to HW filter on device bond0 [ 203.758148][ T7999] team0: Port device team_slave_0 added [ 203.792281][ T7995] device hsr_slave_0 entered promiscuous mode [ 203.840750][ T7995] device hsr_slave_1 entered promiscuous mode [ 203.899405][ T7989] 8021q: adding VLAN 0 to HW filter on device team0 [ 203.908066][ T7999] team0: Port device team_slave_1 added [ 203.929796][ T7991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 203.951110][ T7991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 204.022791][ T7999] device hsr_slave_0 entered promiscuous mode [ 204.041061][ T7999] device hsr_slave_1 entered promiscuous mode [ 204.081639][ T7991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 204.091397][ T7991] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 204.099661][ T7991] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.106753][ T7991] bridge0: port 1(bridge_slave_0) entered forwarding state [ 204.115001][ T7991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 204.123639][ T7991] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 204.132048][ T7991] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.139080][ T7991] bridge0: port 2(bridge_slave_1) entered forwarding state [ 204.147206][ T7991] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 204.163008][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 204.172270][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 204.205090][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 204.215688][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 204.224186][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 204.233396][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 204.243323][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 204.271825][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 204.280233][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 204.291275][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 204.299404][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 204.310928][ T7989] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 204.334548][ T7995] 8021q: adding VLAN 0 to HW filter on device bond0 [ 204.356002][ T7989] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 204.368824][ T7995] 8021q: adding VLAN 0 to HW filter on device team0 [ 204.379701][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 204.388181][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 204.410393][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 204.419056][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready 23:22:02 executing program 2: 23:22:02 executing program 0: [ 204.439160][ T2999] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.446280][ T2999] bridge0: port 1(bridge_slave_0) entered forwarding state [ 204.460934][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 204.487261][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 204.508845][ T2999] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.515986][ T2999] bridge0: port 2(bridge_slave_1) entered forwarding state [ 204.538148][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 204.575553][ T7991] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 204.584038][ T7991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 204.593005][ T7991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 204.602061][ T7991] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 204.614152][ T7991] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 204.622815][ T7991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 204.631790][ T7991] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 204.653019][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 204.663587][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 204.673161][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 204.681900][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 204.696811][ T7999] 8021q: adding VLAN 0 to HW filter on device bond0 [ 204.705527][ T7995] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 204.723371][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 204.731154][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 204.747947][ T7999] 8021q: adding VLAN 0 to HW filter on device team0 [ 204.759098][ T7995] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 204.766715][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 204.775554][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 204.784670][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.791768][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 204.799673][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 204.837944][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 204.846810][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 204.856139][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.863236][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 204.872132][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 204.880822][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 204.901024][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 204.916555][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 204.925280][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready 23:22:02 executing program 4: [ 204.944496][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 204.954146][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 204.963293][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 204.976948][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 205.001516][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 205.012131][ T7999] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 205.028413][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready 23:22:02 executing program 5: 23:22:02 executing program 1: 23:22:02 executing program 3: 23:22:02 executing program 0: 23:22:02 executing program 2: 23:22:02 executing program 4: [ 205.057094][ T7999] 8021q: adding VLAN 0 to HW filter on device batadv0 23:22:02 executing program 3: 23:22:02 executing program 4: 23:22:02 executing program 2: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000001140)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x800, 0x20000000209, 0x0, 0xffffffffffffffff}) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000000)=0x1) 23:22:03 executing program 1: 23:22:03 executing program 5: 23:22:03 executing program 0: 23:22:03 executing program 4: [ 205.335241][ T3433] ion_buffer_destroy: buffer still mapped in the kernel 23:22:03 executing program 0: 23:22:03 executing program 1: 23:22:03 executing program 3: 23:22:03 executing program 5: 23:22:03 executing program 4: 23:22:03 executing program 2: 23:22:03 executing program 3: 23:22:03 executing program 1: 23:22:03 executing program 0: 23:22:03 executing program 5: 23:22:03 executing program 2: 23:22:03 executing program 4: 23:22:03 executing program 3: 23:22:03 executing program 0: 23:22:03 executing program 5: 23:22:03 executing program 1: 23:22:03 executing program 4: 23:22:03 executing program 2: 23:22:03 executing program 3: 23:22:03 executing program 5: 23:22:03 executing program 4: 23:22:03 executing program 1: 23:22:03 executing program 0: 23:22:03 executing program 3: 23:22:03 executing program 2: 23:22:03 executing program 5: 23:22:03 executing program 1: 23:22:03 executing program 4: 23:22:03 executing program 0: 23:22:03 executing program 2: 23:22:03 executing program 3: 23:22:04 executing program 5: 23:22:04 executing program 0: 23:22:04 executing program 1: 23:22:04 executing program 3: 23:22:04 executing program 2: 23:22:04 executing program 4: 23:22:04 executing program 5: 23:22:04 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a6b6) r3 = socket$inet(0x2, 0x3, 0x7) r4 = socket$packet(0x11, 0x4000000000000003, 0x300) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000240)='ip6gretap0\x00', 0x10) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f00000000c0)={0x0, 0x0, 0xfffffffffffffffc}, 0x4) connect$inet(r2, &(0x7f0000000180)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 23:22:04 executing program 4: syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x6, 0x4400) sched_setscheduler(0x0, 0x5, 0x0) rseq(&(0x7f0000000700)={0x0, 0x0, 0x0, 0x7}, 0x20, 0x0, 0x0) ioctl$DRM_IOCTL_AGP_ACQUIRE(0xffffffffffffffff, 0x6430) ioctl$FIDEDUPERANGE(0xffffffffffffffff, 0xc0189436, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000044ff8)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000bc000)=@abs, 0x8) setsockopt$sock_timeval(r1, 0x1, 0x15, &(0x7f0000000000)={0x0, 0x2710}, 0x10) sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0x0) ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x10003, 0x80011, r2, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, 0x0, 0x48805) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x8000001a, 0x0, 0x0, 0x1010000) openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0) 23:22:04 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000005000)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000240)={0x53, 0x0, 0x6, 0x0, @buffer={0x5, 0xee, &(0x7f00000002c0)=""/238}, &(0x7f0000000200)="da88aa5af197", 0x0, 0x0, 0x0, 0x0, 0x0}) 23:22:04 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") r1 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x0) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x84000, 0x0) ioctl$TIOCMSET(r2, 0x5418, &(0x7f0000000080)=0x200) ioctl$VIDIOC_SUBDEV_S_FMT(r2, 0xc0585605, &(0x7f00000000c0)={0x1, 0x0, {0x5, 0x3f, 0x2024, 0xb, 0x5, 0xf, 0x0, 0x7}}) ioctl$BLKTRACETEARDOWN(r1, 0x227f, 0x0) 23:22:04 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_pts(r0, 0x0) write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x35b) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x17}) ioctl$BLKIOOPT(0xffffffffffffffff, 0x1279, &(0x7f0000000140)) 23:22:04 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000040)=0x6) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000000)={0xffffffffffffff1b, 0x12, 0x100000000000000}, 0xfffffefd) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x32, 0xffffffffffffffff, 0x0) [ 206.669643][ C0] hrtimer: interrupt took 26499 ns 23:22:04 executing program 2: creat(&(0x7f0000000100)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000000)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xa00000000, 0x0, 0x10000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, 0x0) [ 206.694435][ T8165] check_preemption_disabled: 3 callbacks suppressed [ 206.694468][ T8165] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/8165 [ 206.711216][ T8165] caller is sk_mc_loop+0x1d/0x210 [ 206.716261][ T8165] CPU: 1 PID: 8165 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 206.725314][ T8165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 206.735376][ T8165] Call Trace: [ 206.738695][ T8165] dump_stack+0x172/0x1f0 [ 206.743054][ T8165] __this_cpu_preempt_check+0x246/0x270 [ 206.743082][ T8165] sk_mc_loop+0x1d/0x210 [ 206.743106][ T8165] ip_mc_output+0x2ef/0xf70 [ 206.743133][ T8165] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 206.743146][ T8165] ? __ip_make_skb+0xf15/0x1820 [ 206.743159][ T8165] ? ip_append_data.part.0+0x170/0x170 [ 206.743172][ T8165] ? dst_release+0x62/0xb0 [ 206.777318][ T8165] ? __ip_make_skb+0xf93/0x1820 [ 206.782179][ T8165] ip_local_out+0xc4/0x1b0 [ 206.786614][ T8165] ip_send_skb+0x42/0xf0 [ 206.790870][ T8165] ip_push_pending_frames+0x64/0x80 [ 206.796075][ T8165] raw_sendmsg+0x1e6d/0x2f20 [ 206.800685][ T8165] ? compat_raw_getsockopt+0x100/0x100 [ 206.806185][ T8165] ? finish_task_switch+0x146/0x780 [ 206.811403][ T8165] ? ___might_sleep+0x163/0x280 [ 206.816259][ T8165] ? __might_sleep+0x95/0x190 [ 206.821260][ T8165] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 206.821276][ T8165] ? aa_sk_perm+0x288/0x880 [ 206.821291][ T8165] ? _raw_spin_unlock_irq+0x5e/0x90 [ 206.821312][ T8165] ? finish_task_switch+0x146/0x780 23:22:04 executing program 2: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000400)) r2 = epoll_create(0x8) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000001c0)={0x20102001}) [ 206.841803][ T8165] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 206.847363][ T8165] inet_sendmsg+0x147/0x5e0 [ 206.851872][ T8165] ? compat_raw_getsockopt+0x100/0x100 [ 206.857338][ T8165] ? inet_sendmsg+0x147/0x5e0 [ 206.862023][ T8165] ? ipip_gro_receive+0x100/0x100 [ 206.867056][ T8165] sock_sendmsg+0xdd/0x130 [ 206.871484][ T8165] kernel_sendmsg+0x44/0x50 [ 206.875995][ T8165] sock_no_sendpage+0x116/0x150 [ 206.880845][ T8165] ? sock_kfree_s+0x70/0x70 [ 206.885360][ T8165] inet_sendpage+0x44a/0x630 [ 206.889948][ T8165] kernel_sendpage+0x95/0xf0 [ 206.894528][ T8165] ? inet_sendmsg+0x5e0/0x5e0 [ 206.899203][ T8165] sock_sendpage+0x8b/0xc0 [ 206.903634][ T8165] ? pipe_lock+0x6e/0x80 [ 206.907890][ T8165] pipe_to_sendpage+0x299/0x370 [ 206.912739][ T8165] ? kernel_sendpage+0xf0/0xf0 [ 206.917502][ T8165] ? direct_splice_actor+0x1a0/0x1a0 [ 206.922801][ T8165] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 206.929033][ T8165] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 206.935101][ T8165] __splice_from_pipe+0x395/0x7d0 [ 206.940128][ T8165] ? direct_splice_actor+0x1a0/0x1a0 [ 206.945415][ T8165] ? direct_splice_actor+0x1a0/0x1a0 [ 206.950700][ T8165] splice_from_pipe+0x108/0x170 [ 206.955547][ T8165] ? splice_shrink_spd+0xd0/0xd0 [ 206.960487][ T8165] ? apparmor_file_permission+0x25/0x30 [ 206.966027][ T8165] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 206.972265][ T8165] ? security_file_permission+0x94/0x380 [ 206.977894][ T8165] generic_splice_sendpage+0x3c/0x50 [ 206.983173][ T8165] ? splice_from_pipe+0x170/0x170 [ 206.988189][ T8165] do_splice+0x70a/0x13c0 [ 206.992526][ T8165] ? opipe_prep.part.0+0x2d0/0x2d0 [ 206.997635][ T8165] ? __fget_light+0x1a9/0x230 [ 207.002308][ T8165] __x64_sys_splice+0x2c6/0x330 [ 207.007165][ T8165] do_syscall_64+0x103/0x610 [ 207.011845][ T8165] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 207.017727][ T8165] RIP: 0033:0x4582b9 [ 207.021624][ T8165] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 207.041221][ T8165] RSP: 002b:00007fe2be914c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 207.049632][ T8165] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 207.057691][ T8165] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 207.065662][ T8165] RBP: 000000000073bfa0 R08: 0000000000010005 R09: 0000000000000000 [ 207.073630][ T8165] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe2be9156d4 [ 207.081604][ T8165] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff 23:22:04 executing program 5: openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000440)='/dev/sequencer2\x00', 0x201000000001, 0x0) openat$mixer(0xffffffffffffff9c, &(0x7f0000001bc0)='/dev/mixer\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file1\x00', &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'L+', 0x8}, 0x28, 0x1) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) fchdir(r0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x40242, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) ioctl$UI_GET_VERSION(r1, 0x8004552d, &(0x7f0000000300)) umount2(&(0x7f0000000280)='./file0\x00', 0x0) ioctl(0xffffffffffffffff, 0x7, &(0x7f0000000500)="b5bddd38aaaa43a39d4d926f858a8e65255d3c82ebfa08202458d82b412a0a2c4b5be345abf0b79edf8b51bd45c63225aca0c056d93ab6926efa2f3d1b7a9e5391a4e28af9a4742ca28c61fba8bfa0423771f8d3618738566e408f71c9de91baa0169a817916147fec50e3aad1f8080faef49684b9859c143fe2279d548ebcacb6c04b71be37a8aa9fac94169dfbb117d191503bb37b9c6840c7b2e710b2e86ae3b52ba7265f25d9b4452dc2ca1210ce751ae4303ebe8614ffe7f6a9496e6162187e5c") ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0xfff, 0x200}) mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) [ 207.091343][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 207.091531][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 207.097242][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 207.103088][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 207.180359][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 207.186201][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 207.244293][ T8165] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/8165 [ 207.254185][ T8165] caller is sk_mc_loop+0x1d/0x210 [ 207.259274][ T8165] CPU: 0 PID: 8165 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 207.268297][ T8165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 207.278354][ T8165] Call Trace: [ 207.281658][ T8165] dump_stack+0x172/0x1f0 [ 207.286006][ T8165] __this_cpu_preempt_check+0x246/0x270 [ 207.291561][ T8165] sk_mc_loop+0x1d/0x210 [ 207.295816][ T8165] ip_mc_output+0x2ef/0xf70 [ 207.300330][ T8165] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 207.305448][ T8165] ? __ip_make_skb+0xf15/0x1820 [ 207.310303][ T8165] ? ip_append_data.part.0+0x170/0x170 [ 207.315768][ T8165] ? dst_release+0x62/0xb0 [ 207.320195][ T8165] ? __ip_make_skb+0xf93/0x1820 [ 207.325049][ T8165] ip_local_out+0xc4/0x1b0 [ 207.329471][ T8165] ip_send_skb+0x42/0xf0 [ 207.333721][ T8165] ip_push_pending_frames+0x64/0x80 [ 207.338921][ T8165] raw_sendmsg+0x1e6d/0x2f20 [ 207.343527][ T8165] ? compat_raw_getsockopt+0x100/0x100 [ 207.349005][ T8165] ? finish_task_switch+0x146/0x780 [ 207.354220][ T8165] ? ___might_sleep+0x163/0x280 [ 207.359077][ T8165] ? __might_sleep+0x95/0x190 [ 207.363766][ T8165] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 207.369399][ T8165] ? aa_sk_perm+0x288/0x880 [ 207.373902][ T8165] ? _raw_spin_unlock_irq+0x5e/0x90 [ 207.379095][ T8165] ? finish_task_switch+0x146/0x780 [ 207.384295][ T8165] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 207.389842][ T8165] inet_sendmsg+0x147/0x5e0 [ 207.394340][ T8165] ? compat_raw_getsockopt+0x100/0x100 [ 207.399790][ T8165] ? inet_sendmsg+0x147/0x5e0 [ 207.404462][ T8165] ? ipip_gro_receive+0x100/0x100 [ 207.409486][ T8165] sock_sendmsg+0xdd/0x130 [ 207.413899][ T8165] kernel_sendmsg+0x44/0x50 [ 207.418396][ T8165] sock_no_sendpage+0x116/0x150 [ 207.423243][ T8165] ? sock_kfree_s+0x70/0x70 [ 207.427760][ T8165] inet_sendpage+0x44a/0x630 [ 207.432355][ T8165] kernel_sendpage+0x95/0xf0 [ 207.436938][ T8165] ? inet_sendmsg+0x5e0/0x5e0 [ 207.441626][ T8165] sock_sendpage+0x8b/0xc0 [ 207.446037][ T8165] ? pipe_lock+0x6e/0x80 [ 207.450275][ T8165] pipe_to_sendpage+0x299/0x370 [ 207.455131][ T8165] ? kernel_sendpage+0xf0/0xf0 [ 207.459902][ T8165] ? direct_splice_actor+0x1a0/0x1a0 [ 207.465196][ T8165] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 207.471452][ T8165] ? anon_pipe_buf_release+0x1c6/0x270 [ 207.476934][ T8165] __splice_from_pipe+0x395/0x7d0 [ 207.481984][ T8165] ? direct_splice_actor+0x1a0/0x1a0 [ 207.487301][ T8165] ? direct_splice_actor+0x1a0/0x1a0 [ 207.492639][ T8165] splice_from_pipe+0x108/0x170 [ 207.497517][ T8165] ? splice_shrink_spd+0xd0/0xd0 [ 207.502480][ T8165] ? apparmor_file_permission+0x25/0x30 [ 207.508048][ T8165] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 207.514331][ T8165] ? security_file_permission+0x94/0x380 [ 207.520004][ T8165] generic_splice_sendpage+0x3c/0x50 [ 207.525307][ T8165] ? splice_from_pipe+0x170/0x170 [ 207.530348][ T8165] do_splice+0x70a/0x13c0 [ 207.534708][ T8165] ? opipe_prep.part.0+0x2d0/0x2d0 [ 207.539837][ T8165] ? __fget_light+0x1a9/0x230 [ 207.544536][ T8165] __x64_sys_splice+0x2c6/0x330 [ 207.549412][ T8165] do_syscall_64+0x103/0x610 [ 207.554018][ T8165] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 207.559923][ T8165] RIP: 0033:0x4582b9 [ 207.563827][ T8165] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 207.583438][ T8165] RSP: 002b:00007fe2be914c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 23:22:05 executing program 4: r0 = socket(0x10, 0x2, 0x0) sendto(r0, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) userfaultfd(0x3) ioctl$KVM_GET_FPU(0xffffffffffffffff, 0x81a0ae8c, &(0x7f0000000600)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) socket$inet6(0xa, 0x1000000000002, 0x0) r1 = syz_open_procfs(0x0, 0x0) getpid() sendfile(0xffffffffffffffff, r1, 0x0, 0x10001) openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f00000000c0)=""/85, 0x55}, {&(0x7f00000024c0)=""/4096, 0x1000}, {0x0}, {&(0x7f0000000480)=""/60, 0x3c}, {&(0x7f0000000280)=""/77, 0x4d}, {0x0}], 0x7, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x6, &(0x7f0000003700)={0x77359400}) [ 207.591860][ T8165] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 207.599842][ T8165] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 207.607828][ T8165] RBP: 000000000073bfa0 R08: 0000000000010005 R09: 0000000000000000 [ 207.615807][ T8165] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe2be9156d4 [ 207.623788][ T8165] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 207.632877][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 207.638698][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 207.645192][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 207.651044][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 207.658193][ T8165] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/8165 [ 207.667613][ T8165] caller is sk_mc_loop+0x1d/0x210 [ 207.672720][ T8165] CPU: 1 PID: 8165 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 207.672729][ T8165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 207.672734][ T8165] Call Trace: [ 207.672757][ T8165] dump_stack+0x172/0x1f0 [ 207.672780][ T8165] __this_cpu_preempt_check+0x246/0x270 [ 207.672795][ T8165] sk_mc_loop+0x1d/0x210 [ 207.672810][ T8165] ip_mc_output+0x2ef/0xf70 [ 207.672827][ T8165] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 207.672839][ T8165] ? __ip_make_skb+0xf15/0x1820 [ 207.672854][ T8165] ? ip_append_data.part.0+0x170/0x170 [ 207.672867][ T8165] ? dst_release+0x62/0xb0 [ 207.672880][ T8165] ? __ip_make_skb+0xf93/0x1820 [ 207.672895][ T8165] ip_local_out+0xc4/0x1b0 [ 207.672912][ T8165] ip_send_skb+0x42/0xf0 [ 207.672926][ T8165] ip_push_pending_frames+0x64/0x80 [ 207.672941][ T8165] raw_sendmsg+0x1e6d/0x2f20 [ 207.672963][ T8165] ? compat_raw_getsockopt+0x100/0x100 [ 207.672991][ T8165] ? finish_task_switch+0x146/0x780 [ 207.673015][ T8165] ? ___might_sleep+0x163/0x280 [ 207.673031][ T8165] ? __might_sleep+0x95/0x190 [ 207.673048][ T8165] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 207.673062][ T8165] ? aa_sk_perm+0x288/0x880 [ 207.673088][ T8165] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 207.733912][ T8165] inet_sendmsg+0x147/0x5e0 [ 207.733929][ T8165] ? compat_raw_getsockopt+0x100/0x100 [ 207.733948][ T8165] ? inet_sendmsg+0x147/0x5e0 [ 207.784495][ T8165] ? ipip_gro_receive+0x100/0x100 [ 207.784515][ T8165] sock_sendmsg+0xdd/0x130 [ 207.784537][ T8165] kernel_sendmsg+0x44/0x50 [ 207.823173][ T8165] sock_no_sendpage+0x116/0x150 [ 207.828046][ T8165] ? sock_kfree_s+0x70/0x70 [ 207.832576][ T8165] ? debug_check_no_obj_freed+0x211/0x444 [ 207.838338][ T8165] ? mark_held_locks+0xa4/0xf0 [ 207.843132][ T8165] inet_sendpage+0x44a/0x630 [ 207.847752][ T8165] kernel_sendpage+0x95/0xf0 [ 207.852361][ T8165] ? inet_sendmsg+0x5e0/0x5e0 [ 207.857059][ T8165] sock_sendpage+0x8b/0xc0 [ 207.861491][ T8165] ? lockdep_hardirqs_on+0x418/0x5d0 [ 207.866803][ T8165] pipe_to_sendpage+0x299/0x370 [ 207.871675][ T8165] ? kernel_sendpage+0xf0/0xf0 [ 207.876462][ T8165] ? direct_splice_actor+0x1a0/0x1a0 [ 207.881768][ T8165] ? __put_page+0x92/0xd0 [ 207.886116][ T8165] ? anon_pipe_buf_release+0x1c6/0x270 [ 207.891611][ T8165] __splice_from_pipe+0x395/0x7d0 [ 207.897173][ T8165] ? direct_splice_actor+0x1a0/0x1a0 [ 207.897195][ T8165] ? direct_splice_actor+0x1a0/0x1a0 [ 207.897216][ T8165] splice_from_pipe+0x108/0x170 [ 207.912618][ T8165] ? splice_shrink_spd+0xd0/0xd0 [ 207.912643][ T8165] ? apparmor_file_permission+0x25/0x30 [ 207.912666][ T8165] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 207.929370][ T8165] ? security_file_permission+0x94/0x380 [ 207.935013][ T8165] generic_splice_sendpage+0x3c/0x50 [ 207.940295][ T8165] ? splice_from_pipe+0x170/0x170 [ 207.945314][ T8165] do_splice+0x70a/0x13c0 [ 207.949646][ T8165] ? opipe_prep.part.0+0x2d0/0x2d0 [ 207.955242][ T8165] ? __fget_light+0x1a9/0x230 [ 207.959923][ T8165] __x64_sys_splice+0x2c6/0x330 [ 207.964780][ T8165] do_syscall_64+0x103/0x610 [ 207.969370][ T8165] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 207.975273][ T8165] RIP: 0033:0x4582b9 [ 207.979167][ T8165] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 207.998779][ T8165] RSP: 002b:00007fe2be914c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 208.007295][ T8165] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 208.015271][ T8165] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 208.023242][ T8165] RBP: 000000000073bfa0 R08: 0000000000010005 R09: 0000000000000000 [ 208.031212][ T8165] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe2be9156d4 [ 208.039181][ T8165] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff 23:22:05 executing program 0: fadvise64(0xffffffffffffffff, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000d40)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000240)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) 23:22:05 executing program 4: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000000)="120000001400e7ef007b0000f4afd7030a7c", 0x12, 0x0, 0x0, 0x0) [ 208.085890][ T8165] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/8165 [ 208.095427][ T8165] caller is sk_mc_loop+0x1d/0x210 [ 208.100639][ T8165] CPU: 0 PID: 8165 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 208.109664][ T8165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 208.119723][ T8165] Call Trace: [ 208.123025][ T8165] dump_stack+0x172/0x1f0 [ 208.127374][ T8165] __this_cpu_preempt_check+0x246/0x270 [ 208.132926][ T8165] sk_mc_loop+0x1d/0x210 [ 208.137177][ T8165] ip_mc_output+0x2ef/0xf70 [ 208.137199][ T8165] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 208.137213][ T8165] ? __ip_make_skb+0xf15/0x1820 [ 208.137239][ T8165] ? ip_append_data.part.0+0x170/0x170 [ 208.151759][ T8165] ? dst_release+0x62/0xb0 [ 208.151778][ T8165] ? __ip_make_skb+0xf93/0x1820 [ 208.151796][ T8165] ip_local_out+0xc4/0x1b0 [ 208.151814][ T8165] ip_send_skb+0x42/0xf0 [ 208.151829][ T8165] ip_push_pending_frames+0x64/0x80 [ 208.151844][ T8165] raw_sendmsg+0x1e6d/0x2f20 [ 208.151868][ T8165] ? compat_raw_getsockopt+0x100/0x100 [ 208.151897][ T8165] ? finish_task_switch+0x146/0x780 [ 208.151922][ T8165] ? ___might_sleep+0x163/0x280 [ 208.161774][ T8165] ? __might_sleep+0x95/0x190 [ 208.161794][ T8165] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 208.161809][ T8165] ? aa_sk_perm+0x288/0x880 [ 208.161832][ T8165] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 208.161850][ T8165] inet_sendmsg+0x147/0x5e0 [ 208.161863][ T8165] ? compat_raw_getsockopt+0x100/0x100 [ 208.161874][ T8165] ? inet_sendmsg+0x147/0x5e0 [ 208.161885][ T8165] ? ipip_gro_receive+0x100/0x100 [ 208.161901][ T8165] sock_sendmsg+0xdd/0x130 [ 208.161918][ T8165] kernel_sendmsg+0x44/0x50 [ 208.161936][ T8165] sock_no_sendpage+0x116/0x150 [ 208.161955][ T8165] ? sock_kfree_s+0x70/0x70 [ 208.258738][ T8165] ? debug_check_no_obj_freed+0x211/0x444 [ 208.264466][ T8165] ? mark_held_locks+0xa4/0xf0 [ 208.269238][ T8165] inet_sendpage+0x44a/0x630 [ 208.273835][ T8165] kernel_sendpage+0x95/0xf0 [ 208.278419][ T8165] ? inet_sendmsg+0x5e0/0x5e0 [ 208.283106][ T8165] sock_sendpage+0x8b/0xc0 [ 208.287516][ T8165] ? lockdep_hardirqs_on+0x418/0x5d0 [ 208.292795][ T8165] pipe_to_sendpage+0x299/0x370 [ 208.297646][ T8165] ? kernel_sendpage+0xf0/0xf0 [ 208.302405][ T8165] ? direct_splice_actor+0x1a0/0x1a0 [ 208.307693][ T8165] ? __put_page+0x92/0xd0 [ 208.312035][ T8165] ? anon_pipe_buf_release+0x1c6/0x270 [ 208.317524][ T8165] __splice_from_pipe+0x395/0x7d0 [ 208.322543][ T8165] ? direct_splice_actor+0x1a0/0x1a0 [ 208.327822][ T8165] ? direct_splice_actor+0x1a0/0x1a0 [ 208.333095][ T8165] splice_from_pipe+0x108/0x170 [ 208.337943][ T8165] ? splice_shrink_spd+0xd0/0xd0 [ 208.342885][ T8165] ? apparmor_file_permission+0x25/0x30 [ 208.348424][ T8165] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 208.354664][ T8165] ? security_file_permission+0x94/0x380 [ 208.360310][ T8165] generic_splice_sendpage+0x3c/0x50 [ 208.365604][ T8165] ? splice_from_pipe+0x170/0x170 [ 208.370650][ T8165] do_splice+0x70a/0x13c0 [ 208.374981][ T8165] ? opipe_prep.part.0+0x2d0/0x2d0 [ 208.380090][ T8165] ? __fget_light+0x1a9/0x230 [ 208.384768][ T8165] __x64_sys_splice+0x2c6/0x330 [ 208.389639][ T8165] do_syscall_64+0x103/0x610 [ 208.394221][ T8165] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 208.400358][ T8165] RIP: 0033:0x4582b9 [ 208.404260][ T8165] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 208.423864][ T8165] RSP: 002b:00007fe2be914c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 208.432274][ T8165] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 208.440243][ T8165] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 208.448211][ T8165] RBP: 000000000073bfa0 R08: 0000000000010005 R09: 0000000000000000 [ 208.456164][ T8165] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe2be9156d4 [ 208.464137][ T8165] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 208.474728][ T8165] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/8165 [ 208.484092][ T8165] caller is sk_mc_loop+0x1d/0x210 [ 208.484116][ T8165] CPU: 0 PID: 8165 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 208.498157][ T8165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 208.498163][ T8165] Call Trace: [ 208.498187][ T8165] dump_stack+0x172/0x1f0 [ 208.498213][ T8165] __this_cpu_preempt_check+0x246/0x270 [ 208.498230][ T8165] sk_mc_loop+0x1d/0x210 [ 208.498254][ T8165] ip_mc_output+0x2ef/0xf70 [ 208.521437][ T8165] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 208.521453][ T8165] ? __ip_make_skb+0xf15/0x1820 [ 208.521469][ T8165] ? ip_append_data.part.0+0x170/0x170 [ 208.521484][ T8165] ? dst_release+0x62/0xb0 [ 208.521500][ T8165] ? __ip_make_skb+0xf93/0x1820 [ 208.521517][ T8165] ip_local_out+0xc4/0x1b0 [ 208.521535][ T8165] ip_send_skb+0x42/0xf0 [ 208.521549][ T8165] ip_push_pending_frames+0x64/0x80 [ 208.521565][ T8165] raw_sendmsg+0x1e6d/0x2f20 [ 208.521588][ T8165] ? compat_raw_getsockopt+0x100/0x100 [ 208.530347][ T8165] ? finish_task_switch+0x146/0x780 [ 208.530377][ T8165] ? ___might_sleep+0x163/0x280 [ 208.530395][ T8165] ? __might_sleep+0x95/0x190 [ 208.530410][ T8165] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 208.530425][ T8165] ? aa_sk_perm+0x288/0x880 [ 208.530447][ T8165] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 208.530463][ T8165] inet_sendmsg+0x147/0x5e0 [ 208.530477][ T8165] ? compat_raw_getsockopt+0x100/0x100 [ 208.530488][ T8165] ? inet_sendmsg+0x147/0x5e0 [ 208.530500][ T8165] ? ipip_gro_receive+0x100/0x100 23:22:06 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000040)=0x6) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000000)={0xffffffffffffff1b, 0x12, 0x100000000000000}, 0xfffffefd) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x32, 0xffffffffffffffff, 0x0) [ 208.530518][ T8165] sock_sendmsg+0xdd/0x130 [ 208.530533][ T8165] kernel_sendmsg+0x44/0x50 [ 208.530549][ T8165] sock_no_sendpage+0x116/0x150 [ 208.530562][ T8165] ? sock_kfree_s+0x70/0x70 [ 208.530585][ T8165] ? debug_check_no_obj_freed+0x211/0x444 [ 208.546030][ T8165] ? mark_held_locks+0xa4/0xf0 [ 208.546053][ T8165] inet_sendpage+0x44a/0x630 [ 208.546076][ T8165] kernel_sendpage+0x95/0xf0 [ 208.546088][ T8165] ? inet_sendmsg+0x5e0/0x5e0 [ 208.546109][ T8165] sock_sendpage+0x8b/0xc0 [ 208.579210][ T8165] ? lockdep_hardirqs_on+0x418/0x5d0 [ 208.579233][ T8165] pipe_to_sendpage+0x299/0x370 [ 208.579251][ T8165] ? kernel_sendpage+0xf0/0xf0 [ 208.579267][ T8165] ? direct_splice_actor+0x1a0/0x1a0 [ 208.579293][ T8165] ? __put_page+0x92/0xd0 [ 208.589940][ T8165] ? anon_pipe_buf_release+0x1c6/0x270 [ 208.589961][ T8165] __splice_from_pipe+0x395/0x7d0 [ 208.589977][ T8165] ? direct_splice_actor+0x1a0/0x1a0 [ 208.589999][ T8165] ? direct_splice_actor+0x1a0/0x1a0 [ 208.590018][ T8165] splice_from_pipe+0x108/0x170 [ 208.599528][ T8165] ? splice_shrink_spd+0xd0/0xd0 [ 208.736731][ T8165] ? apparmor_file_permission+0x25/0x30 [ 208.742280][ T8165] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 208.748517][ T8165] ? security_file_permission+0x94/0x380 [ 208.754154][ T8165] generic_splice_sendpage+0x3c/0x50 [ 208.759449][ T8165] ? splice_from_pipe+0x170/0x170 [ 208.764473][ T8165] do_splice+0x70a/0x13c0 [ 208.768814][ T8165] ? opipe_prep.part.0+0x2d0/0x2d0 [ 208.773927][ T8165] ? __fget_light+0x1a9/0x230 [ 208.781460][ T8165] __x64_sys_splice+0x2c6/0x330 [ 208.786311][ T8165] do_syscall_64+0x103/0x610 [ 208.790903][ T8165] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 208.796788][ T8165] RIP: 0033:0x4582b9 [ 208.800678][ T8165] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 208.820309][ T8165] RSP: 002b:00007fe2be914c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 208.828724][ T8165] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 208.836696][ T8165] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 208.844650][ T8165] RBP: 000000000073bfa0 R08: 0000000000010005 R09: 0000000000000000 [ 208.852623][ T8165] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe2be9156d4 [ 208.860604][ T8165] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 208.890830][ T8165] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/8165 [ 208.900160][ T8165] caller is sk_mc_loop+0x1d/0x210 [ 208.905255][ T8165] CPU: 0 PID: 8165 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 208.914270][ T8165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 208.914276][ T8165] Call Trace: [ 208.914300][ T8165] dump_stack+0x172/0x1f0 [ 208.914323][ T8165] __this_cpu_preempt_check+0x246/0x270 [ 208.914339][ T8165] sk_mc_loop+0x1d/0x210 [ 208.914356][ T8165] ip_mc_output+0x2ef/0xf70 [ 208.914377][ T8165] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 208.937545][ T8165] ? __ip_make_skb+0xf15/0x1820 [ 208.937564][ T8165] ? ip_append_data.part.0+0x170/0x170 [ 208.937577][ T8165] ? dst_release+0x62/0xb0 [ 208.937606][ T8165] ? __ip_make_skb+0xf93/0x1820 [ 208.966097][ T8165] ip_local_out+0xc4/0x1b0 [ 208.966117][ T8165] ip_send_skb+0x42/0xf0 [ 208.966132][ T8165] ip_push_pending_frames+0x64/0x80 [ 208.966148][ T8165] raw_sendmsg+0x1e6d/0x2f20 [ 208.966172][ T8165] ? compat_raw_getsockopt+0x100/0x100 [ 208.989415][ T8165] ? finish_task_switch+0x146/0x780 [ 208.989444][ T8165] ? ___might_sleep+0x163/0x280 [ 208.989463][ T8165] ? __might_sleep+0x95/0x190 [ 209.009609][ T8165] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 209.015255][ T8165] ? aa_sk_perm+0x288/0x880 [ 209.019772][ T8165] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 209.019793][ T8165] inet_sendmsg+0x147/0x5e0 [ 209.019807][ T8165] ? compat_raw_getsockopt+0x100/0x100 [ 209.019826][ T8165] ? inet_sendmsg+0x147/0x5e0 [ 209.039948][ T8165] ? ipip_gro_receive+0x100/0x100 [ 209.044981][ T8165] sock_sendmsg+0xdd/0x130 [ 209.049403][ T8165] kernel_sendmsg+0x44/0x50 [ 209.053916][ T8165] sock_no_sendpage+0x116/0x150 [ 209.058767][ T8165] ? sock_kfree_s+0x70/0x70 [ 209.058789][ T8165] ? debug_check_no_obj_freed+0x211/0x444 [ 209.058820][ T8165] ? mark_held_locks+0xa4/0xf0 [ 209.073798][ T8165] inet_sendpage+0x44a/0x630 [ 209.078400][ T8165] kernel_sendpage+0x95/0xf0 [ 209.082994][ T8165] ? inet_sendmsg+0x5e0/0x5e0 [ 209.087683][ T8165] sock_sendpage+0x8b/0xc0 [ 209.092109][ T8165] ? lockdep_hardirqs_on+0x418/0x5d0 [ 209.097403][ T8165] pipe_to_sendpage+0x299/0x370 [ 209.102299][ T8165] ? kernel_sendpage+0xf0/0xf0 [ 209.107079][ T8165] ? direct_splice_actor+0x1a0/0x1a0 [ 209.112365][ T8165] ? __put_page+0x92/0xd0 [ 209.116695][ T8165] ? anon_pipe_buf_release+0x1c6/0x270 [ 209.122158][ T8165] __splice_from_pipe+0x395/0x7d0 [ 209.127189][ T8165] ? direct_splice_actor+0x1a0/0x1a0 [ 209.132485][ T8165] ? direct_splice_actor+0x1a0/0x1a0 [ 209.137797][ T8165] splice_from_pipe+0x108/0x170 [ 209.142667][ T8165] ? splice_shrink_spd+0xd0/0xd0 [ 209.147637][ T8165] ? apparmor_file_permission+0x25/0x30 [ 209.153200][ T8165] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 209.159478][ T8165] ? security_file_permission+0x94/0x380 [ 209.165137][ T8165] generic_splice_sendpage+0x3c/0x50 [ 209.170442][ T8165] ? splice_from_pipe+0x170/0x170 [ 209.175488][ T8165] do_splice+0x70a/0x13c0 [ 209.179852][ T8165] ? opipe_prep.part.0+0x2d0/0x2d0 [ 209.185247][ T8165] ? __fget_light+0x1a9/0x230 [ 209.189944][ T8165] __x64_sys_splice+0x2c6/0x330 [ 209.194823][ T8165] do_syscall_64+0x103/0x610 [ 209.199433][ T8165] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 209.205335][ T8165] RIP: 0033:0x4582b9 [ 209.209243][ T8165] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 209.228962][ T8165] RSP: 002b:00007fe2be914c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 209.237390][ T8165] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 209.245371][ T8165] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 209.253354][ T8165] RBP: 000000000073bfa0 R08: 0000000000010005 R09: 0000000000000000 [ 209.261334][ T8165] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe2be9156d4 [ 209.269334][ T8165] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 209.296739][ T8165] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/8165 [ 209.306274][ T8165] caller is sk_mc_loop+0x1d/0x210 [ 209.311416][ T8165] CPU: 1 PID: 8165 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 209.320449][ T8165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 209.330506][ T8165] Call Trace: [ 209.333804][ T8165] dump_stack+0x172/0x1f0 [ 209.338154][ T8165] __this_cpu_preempt_check+0x246/0x270 [ 209.343710][ T8165] sk_mc_loop+0x1d/0x210 [ 209.347964][ T8165] ip_mc_output+0x2ef/0xf70 [ 209.352479][ T8165] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 209.357672][ T8165] ? __ip_make_skb+0xf15/0x1820 [ 209.362556][ T8165] ? ip_append_data.part.0+0x170/0x170 [ 209.368009][ T8165] ? dst_release+0x62/0xb0 [ 209.372432][ T8165] ? __ip_make_skb+0xf93/0x1820 [ 209.377281][ T8165] ip_local_out+0xc4/0x1b0 [ 209.381704][ T8165] ip_send_skb+0x42/0xf0 [ 209.385958][ T8165] ip_push_pending_frames+0x64/0x80 [ 209.391166][ T8165] raw_sendmsg+0x1e6d/0x2f20 [ 209.395759][ T8165] ? compat_raw_getsockopt+0x100/0x100 [ 209.401205][ T8165] ? finish_task_switch+0x146/0x780 [ 209.406403][ T8165] ? ___might_sleep+0x163/0x280 [ 209.411253][ T8165] ? __might_sleep+0x95/0x190 [ 209.415909][ T8165] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 209.421522][ T8165] ? aa_sk_perm+0x288/0x880 [ 209.426003][ T8165] ? __lock_acquire+0x548/0x3fb0 [ 209.430925][ T8165] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 209.436450][ T8165] inet_sendmsg+0x147/0x5e0 [ 209.440933][ T8165] ? compat_raw_getsockopt+0x100/0x100 [ 209.446369][ T8165] ? inet_sendmsg+0x147/0x5e0 [ 209.451022][ T8165] ? ipip_gro_receive+0x100/0x100 [ 209.456028][ T8165] sock_sendmsg+0xdd/0x130 [ 209.460425][ T8165] kernel_sendmsg+0x44/0x50 [ 209.464910][ T8165] sock_no_sendpage+0x116/0x150 [ 209.469750][ T8165] ? sock_kfree_s+0x70/0x70 [ 209.474236][ T8165] ? do_raw_spin_unlock+0x57/0x270 [ 209.479337][ T8165] inet_sendpage+0x44a/0x630 [ 209.483913][ T8165] kernel_sendpage+0x95/0xf0 [ 209.488525][ T8165] ? inet_sendmsg+0x5e0/0x5e0 [ 209.493183][ T8165] sock_sendpage+0x8b/0xc0 [ 209.497579][ T8165] ? lockdep_hardirqs_on+0x418/0x5d0 [ 209.502862][ T8165] pipe_to_sendpage+0x299/0x370 [ 209.507693][ T8165] ? kernel_sendpage+0xf0/0xf0 [ 209.512447][ T8165] ? direct_splice_actor+0x1a0/0x1a0 [ 209.517723][ T8165] ? __put_page+0x92/0xd0 [ 209.522038][ T8165] ? anon_pipe_buf_release+0x1c6/0x270 [ 209.527490][ T8165] __splice_from_pipe+0x395/0x7d0 [ 209.532513][ T8165] ? direct_splice_actor+0x1a0/0x1a0 [ 209.537780][ T8165] ? direct_splice_actor+0x1a0/0x1a0 [ 209.543042][ T8165] splice_from_pipe+0x108/0x170 [ 209.547873][ T8165] ? splice_shrink_spd+0xd0/0xd0 [ 209.552802][ T8165] ? apparmor_file_permission+0x25/0x30 [ 209.558416][ T8165] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 209.564651][ T8165] ? security_file_permission+0x94/0x380 [ 209.570297][ T8165] generic_splice_sendpage+0x3c/0x50 [ 209.575577][ T8165] ? splice_from_pipe+0x170/0x170 [ 209.580590][ T8165] do_splice+0x70a/0x13c0 [ 209.584930][ T8165] ? opipe_prep.part.0+0x2d0/0x2d0 [ 209.590036][ T8165] ? __fget_light+0x1a9/0x230 [ 209.594695][ T8165] __x64_sys_splice+0x2c6/0x330 [ 209.599545][ T8165] do_syscall_64+0x103/0x610 [ 209.604128][ T8165] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 209.610000][ T8165] RIP: 0033:0x4582b9 [ 209.613876][ T8165] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 209.633478][ T8165] RSP: 002b:00007fe2be914c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 209.641870][ T8165] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 209.649839][ T8165] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 209.657801][ T8165] RBP: 000000000073bfa0 R08: 0000000000010005 R09: 0000000000000000 [ 209.665773][ T8165] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe2be9156d4 [ 209.673747][ T8165] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 209.684427][ T8165] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/8165 [ 209.695815][ T8165] caller is sk_mc_loop+0x1d/0x210 [ 209.700923][ T8165] CPU: 0 PID: 8165 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 209.709953][ T8165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 209.720018][ T8165] Call Trace: [ 209.723327][ T8165] dump_stack+0x172/0x1f0 [ 209.727679][ T8165] __this_cpu_preempt_check+0x246/0x270 [ 209.733245][ T8165] sk_mc_loop+0x1d/0x210 [ 209.737505][ T8165] ip_mc_output+0x2ef/0xf70 [ 209.742025][ T8165] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 209.747148][ T8165] ? __ip_make_skb+0xf15/0x1820 [ 209.752019][ T8165] ? ip_append_data.part.0+0x170/0x170 [ 209.757487][ T8165] ? dst_release+0x62/0xb0 [ 209.761921][ T8165] ? __ip_make_skb+0xf93/0x1820 [ 209.766788][ T8165] ip_local_out+0xc4/0x1b0 [ 209.771224][ T8165] ip_send_skb+0x42/0xf0 [ 209.775502][ T8165] ip_push_pending_frames+0x64/0x80 [ 209.780717][ T8165] raw_sendmsg+0x1e6d/0x2f20 [ 209.785330][ T8165] ? compat_raw_getsockopt+0x100/0x100 [ 209.790814][ T8165] ? finish_task_switch+0x146/0x780 [ 209.796037][ T8165] ? ___might_sleep+0x163/0x280 [ 209.800903][ T8165] ? __might_sleep+0x95/0x190 [ 209.805606][ T8165] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 209.811313][ T8165] ? aa_sk_perm+0x288/0x880 [ 209.815828][ T8165] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 209.821384][ T8165] inet_sendmsg+0x147/0x5e0 [ 209.825902][ T8165] ? compat_raw_getsockopt+0x100/0x100 [ 209.831409][ T8165] ? inet_sendmsg+0x147/0x5e0 [ 209.836098][ T8165] ? ipip_gro_receive+0x100/0x100 [ 209.841137][ T8165] sock_sendmsg+0xdd/0x130 [ 209.845571][ T8165] kernel_sendmsg+0x44/0x50 [ 209.850083][ T8165] sock_no_sendpage+0x116/0x150 [ 209.854937][ T8165] ? sock_kfree_s+0x70/0x70 [ 209.859438][ T8165] ? debug_check_no_obj_freed+0x211/0x444 [ 209.865180][ T8165] ? mark_held_locks+0xa4/0xf0 [ 209.869951][ T8165] inet_sendpage+0x44a/0x630 [ 209.874538][ T8165] kernel_sendpage+0x95/0xf0 [ 209.879376][ T8165] ? inet_sendmsg+0x5e0/0x5e0 [ 209.884057][ T8165] sock_sendpage+0x8b/0xc0 [ 209.888472][ T8165] ? lockdep_hardirqs_on+0x418/0x5d0 [ 209.904436][ T8165] pipe_to_sendpage+0x299/0x370 [ 209.909385][ T8165] ? kernel_sendpage+0xf0/0xf0 [ 209.914296][ T8165] ? direct_splice_actor+0x1a0/0x1a0 [ 209.920401][ T8165] ? __put_page+0x92/0xd0 [ 209.925428][ T8165] ? anon_pipe_buf_release+0x1c6/0x270 [ 209.931044][ T8165] __splice_from_pipe+0x395/0x7d0 [ 209.936262][ T8165] ? direct_splice_actor+0x1a0/0x1a0 [ 209.941705][ T8165] ? direct_splice_actor+0x1a0/0x1a0 [ 209.947330][ T8165] splice_from_pipe+0x108/0x170 [ 209.954840][ T8165] ? splice_shrink_spd+0xd0/0xd0 [ 209.960124][ T8165] ? apparmor_file_permission+0x25/0x30 [ 209.965738][ T8165] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 209.971991][ T8165] ? security_file_permission+0x94/0x380 [ 209.977613][ T8165] generic_splice_sendpage+0x3c/0x50 [ 209.982895][ T8165] ? splice_from_pipe+0x170/0x170 [ 209.987909][ T8165] do_splice+0x70a/0x13c0 [ 209.992224][ T8165] ? opipe_prep.part.0+0x2d0/0x2d0 [ 209.997312][ T8165] ? __fget_light+0x1a9/0x230 [ 210.002082][ T8165] __x64_sys_splice+0x2c6/0x330 [ 210.006953][ T8165] do_syscall_64+0x103/0x610 [ 210.011533][ T8165] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 210.017408][ T8165] RIP: 0033:0x4582b9 [ 210.021294][ T8165] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 210.040904][ T8165] RSP: 002b:00007fe2be914c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 210.049316][ T8165] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 210.057277][ T8165] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 210.065242][ T8165] RBP: 000000000073bfa0 R08: 0000000000010005 R09: 0000000000000000 [ 210.073210][ T8165] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe2be9156d4 [ 210.081174][ T8165] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 210.090673][ T8165] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/8165 [ 210.099988][ T8165] caller is sk_mc_loop+0x1d/0x210 [ 210.105092][ T8165] CPU: 1 PID: 8165 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 210.114133][ T8165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 210.124207][ T8165] Call Trace: [ 210.127489][ T8165] dump_stack+0x172/0x1f0 [ 210.131801][ T8165] __this_cpu_preempt_check+0x246/0x270 [ 210.137321][ T8165] sk_mc_loop+0x1d/0x210 [ 210.141541][ T8165] ip_mc_output+0x2ef/0xf70 [ 210.146022][ T8165] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 210.151107][ T8165] ? __ip_make_skb+0xf15/0x1820 [ 210.155936][ T8165] ? ip_append_data.part.0+0x170/0x170 [ 210.161370][ T8165] ? dst_release+0x62/0xb0 [ 210.165772][ T8165] ? __ip_make_skb+0xf93/0x1820 [ 210.170605][ T8165] ip_local_out+0xc4/0x1b0 [ 210.175000][ T8165] ip_send_skb+0x42/0xf0 [ 210.179218][ T8165] ip_push_pending_frames+0x64/0x80 [ 210.184395][ T8165] raw_sendmsg+0x1e6d/0x2f20 [ 210.189008][ T8165] ? compat_raw_getsockopt+0x100/0x100 [ 210.194455][ T8165] ? finish_task_switch+0x146/0x780 [ 210.199638][ T8165] ? ___might_sleep+0x163/0x280 [ 210.204470][ T8165] ? __might_sleep+0x95/0x190 [ 210.209127][ T8165] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 210.214738][ T8165] ? aa_sk_perm+0x288/0x880 [ 210.219223][ T8165] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 210.224748][ T8165] inet_sendmsg+0x147/0x5e0 [ 210.229242][ T8165] ? compat_raw_getsockopt+0x100/0x100 [ 210.234676][ T8165] ? inet_sendmsg+0x147/0x5e0 [ 210.239330][ T8165] ? ipip_gro_receive+0x100/0x100 [ 210.244348][ T8165] sock_sendmsg+0xdd/0x130 [ 210.248741][ T8165] kernel_sendmsg+0x44/0x50 [ 210.253222][ T8165] sock_no_sendpage+0x116/0x150 [ 210.258050][ T8165] ? sock_kfree_s+0x70/0x70 [ 210.262537][ T8165] ? debug_check_no_obj_freed+0x211/0x444 [ 210.268241][ T8165] ? mark_held_locks+0xa4/0xf0 [ 210.272985][ T8165] inet_sendpage+0x44a/0x630 [ 210.277587][ T8165] kernel_sendpage+0x95/0xf0 [ 210.282181][ T8165] ? inet_sendmsg+0x5e0/0x5e0 [ 210.286841][ T8165] sock_sendpage+0x8b/0xc0 [ 210.291238][ T8165] ? lockdep_hardirqs_on+0x418/0x5d0 [ 210.296502][ T8165] pipe_to_sendpage+0x299/0x370 [ 210.301332][ T8165] ? kernel_sendpage+0xf0/0xf0 [ 210.306075][ T8165] ? direct_splice_actor+0x1a0/0x1a0 [ 210.311347][ T8165] ? __put_page+0x92/0xd0 [ 210.315660][ T8165] ? anon_pipe_buf_release+0x1c6/0x270 [ 210.321102][ T8165] __splice_from_pipe+0x395/0x7d0 [ 210.326111][ T8165] ? direct_splice_actor+0x1a0/0x1a0 [ 210.331382][ T8165] ? direct_splice_actor+0x1a0/0x1a0 [ 210.336641][ T8165] splice_from_pipe+0x108/0x170 [ 210.341486][ T8165] ? splice_shrink_spd+0xd0/0xd0 [ 210.346494][ T8165] ? apparmor_file_permission+0x25/0x30 [ 210.352020][ T8165] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 210.358256][ T8165] ? security_file_permission+0x94/0x380 [ 210.363874][ T8165] generic_splice_sendpage+0x3c/0x50 [ 210.369143][ T8165] ? splice_from_pipe+0x170/0x170 [ 210.374149][ T8165] do_splice+0x70a/0x13c0 [ 210.378458][ T8165] ? opipe_prep.part.0+0x2d0/0x2d0 [ 210.383549][ T8165] ? __fget_light+0x1a9/0x230 [ 210.388202][ T8165] __x64_sys_splice+0x2c6/0x330 [ 210.393037][ T8165] do_syscall_64+0x103/0x610 [ 210.397615][ T8165] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 210.403490][ T8165] RIP: 0033:0x4582b9 [ 210.407363][ T8165] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 210.426951][ T8165] RSP: 002b:00007fe2be914c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 210.435349][ T8165] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 210.443307][ T8165] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 210.451282][ T8165] RBP: 000000000073bfa0 R08: 0000000000010005 R09: 0000000000000000 [ 210.459245][ T8165] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe2be9156d4 [ 210.467206][ T8165] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 210.478860][ T8165] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/8165 [ 210.488269][ T8165] caller is sk_mc_loop+0x1d/0x210 [ 210.493393][ T8165] CPU: 1 PID: 8165 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 210.502420][ T8165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 210.512462][ T8165] Call Trace: [ 210.515739][ T8165] dump_stack+0x172/0x1f0 [ 210.520051][ T8165] __this_cpu_preempt_check+0x246/0x270 [ 210.525574][ T8165] sk_mc_loop+0x1d/0x210 [ 210.529820][ T8165] ip_mc_output+0x2ef/0xf70 [ 210.534308][ T8165] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 210.539393][ T8165] ? __ip_make_skb+0xf15/0x1820 [ 210.544220][ T8165] ? ip_append_data.part.0+0x170/0x170 [ 210.549655][ T8165] ? dst_release+0x62/0xb0 [ 210.554065][ T8165] ? __ip_make_skb+0xf93/0x1820 [ 210.558892][ T8165] ip_local_out+0xc4/0x1b0 [ 210.563286][ T8165] ip_send_skb+0x42/0xf0 [ 210.567502][ T8165] ip_push_pending_frames+0x64/0x80 [ 210.572677][ T8165] raw_sendmsg+0x1e6d/0x2f20 [ 210.577246][ T8165] ? compat_raw_getsockopt+0x100/0x100 [ 210.582688][ T8165] ? finish_task_switch+0x146/0x780 [ 210.587876][ T8165] ? ___might_sleep+0x163/0x280 [ 210.592708][ T8165] ? __might_sleep+0x95/0x190 [ 210.597375][ T8165] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 210.602987][ T8165] ? aa_sk_perm+0x288/0x880 [ 210.607482][ T8165] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 210.613010][ T8165] inet_sendmsg+0x147/0x5e0 [ 210.617494][ T8165] ? compat_raw_getsockopt+0x100/0x100 [ 210.622954][ T8165] ? inet_sendmsg+0x147/0x5e0 [ 210.627630][ T8165] ? ipip_gro_receive+0x100/0x100 [ 210.632639][ T8165] sock_sendmsg+0xdd/0x130 [ 210.637053][ T8165] kernel_sendmsg+0x44/0x50 [ 210.641539][ T8165] sock_no_sendpage+0x116/0x150 [ 210.646371][ T8165] ? sock_kfree_s+0x70/0x70 [ 210.650860][ T8165] ? debug_check_no_obj_freed+0x211/0x444 [ 210.656587][ T8165] ? mark_held_locks+0xa4/0xf0 [ 210.661362][ T8165] inet_sendpage+0x44a/0x630 [ 210.665937][ T8165] kernel_sendpage+0x95/0xf0 [ 210.670504][ T8165] ? inet_sendmsg+0x5e0/0x5e0 [ 210.675167][ T8165] sock_sendpage+0x8b/0xc0 [ 210.679564][ T8165] ? lockdep_hardirqs_on+0x418/0x5d0 [ 210.684833][ T8165] pipe_to_sendpage+0x299/0x370 [ 210.689688][ T8165] ? kernel_sendpage+0xf0/0xf0 [ 210.694442][ T8165] ? direct_splice_actor+0x1a0/0x1a0 [ 210.699727][ T8165] ? __put_page+0x92/0xd0 [ 210.704038][ T8165] ? anon_pipe_buf_release+0x1c6/0x270 [ 210.709510][ T8165] __splice_from_pipe+0x395/0x7d0 [ 210.714532][ T8165] ? direct_splice_actor+0x1a0/0x1a0 [ 210.719795][ T8165] ? direct_splice_actor+0x1a0/0x1a0 [ 210.725060][ T8165] splice_from_pipe+0x108/0x170 [ 210.729888][ T8165] ? splice_shrink_spd+0xd0/0xd0 [ 210.734836][ T8165] ? apparmor_file_permission+0x25/0x30 [ 210.740381][ T8165] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 210.746609][ T8165] ? security_file_permission+0x94/0x380 [ 210.752226][ T8165] generic_splice_sendpage+0x3c/0x50 [ 210.757543][ T8165] ? splice_from_pipe+0x170/0x170 [ 210.762550][ T8165] do_splice+0x70a/0x13c0 [ 210.766859][ T8165] ? opipe_prep.part.0+0x2d0/0x2d0 [ 210.771953][ T8165] ? __fget_light+0x1a9/0x230 [ 210.776614][ T8165] __x64_sys_splice+0x2c6/0x330 [ 210.781454][ T8165] do_syscall_64+0x103/0x610 [ 210.786024][ T8165] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 210.791895][ T8165] RIP: 0033:0x4582b9 [ 210.795767][ T8165] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 210.815354][ T8165] RSP: 002b:00007fe2be914c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 210.823752][ T8165] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 210.831709][ T8165] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 210.840079][ T8165] RBP: 000000000073bfa0 R08: 0000000000010005 R09: 0000000000000000 23:22:08 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000040)=0x6) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000000)={0xffffffffffffff1b, 0x12, 0x100000000000000}, 0xfffffefd) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0x0) 23:22:08 executing program 4: 23:22:08 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000040)=0x6) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000000)={0xffffffffffffff1b, 0x12, 0x100000000000000}, 0xfffffefd) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 23:22:08 executing program 5: 23:22:08 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000005000)='/dev/sg#\x00', 0x0, 0x8002) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000240)={0x53, 0x0, 0x6, 0x0, @buffer={0x5, 0xee, &(0x7f00000002c0)=""/238}, &(0x7f0000000200)="da88aa5af197", 0x0, 0x0, 0x0, 0x0, 0x0}) 23:22:08 executing program 3: r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0xe0000400) r1 = accept4(r0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x1}, 0xfd4f) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000000100)={0x0, 0x4}, 0x8) [ 210.848029][ T8165] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe2be9156d4 [ 210.855977][ T8165] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff 23:22:08 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000006c0)=[{&(0x7f0000000000)=""/97, 0x61}], 0x1, 0x0) 23:22:08 executing program 4: 23:22:08 executing program 0: 23:22:08 executing program 4: 23:22:08 executing program 0: 23:22:08 executing program 5: 23:22:09 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000040)=0x6) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000000)={0xffffffffffffff1b, 0x12, 0x100000000000000}, 0xfffffefd) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0x0) 23:22:09 executing program 0: 23:22:09 executing program 4: 23:22:09 executing program 5: 23:22:09 executing program 3: 23:22:09 executing program 2: 23:22:09 executing program 4: 23:22:09 executing program 2: 23:22:09 executing program 5: 23:22:09 executing program 3: 23:22:09 executing program 0: 23:22:09 executing program 4: 23:22:10 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000040)=0x6) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000000)={0xffffffffffffff1b, 0x12, 0x100000000000000}, 0xfffffefd) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0x0) 23:22:10 executing program 2: 23:22:10 executing program 5: 23:22:10 executing program 3: 23:22:10 executing program 0: 23:22:10 executing program 4: 23:22:10 executing program 5: 23:22:10 executing program 2: 23:22:10 executing program 4: 23:22:10 executing program 3: 23:22:10 executing program 0: 23:22:10 executing program 4: 23:22:11 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000040)=0x6) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000000)={0xffffffffffffff1b, 0x12, 0x100000000000000}, 0xfffffefd) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0x0) 23:22:11 executing program 5: 23:22:11 executing program 0: 23:22:11 executing program 3: 23:22:11 executing program 2: 23:22:11 executing program 4: 23:22:11 executing program 3: 23:22:11 executing program 5: 23:22:11 executing program 0: 23:22:11 executing program 2: 23:22:11 executing program 4: 23:22:11 executing program 5: 23:22:12 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000040)=0x6) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000000)={0xffffffffffffff1b, 0x12, 0x100000000000000}, 0xfffffefd) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 23:22:12 executing program 0: 23:22:12 executing program 3: 23:22:12 executing program 2: 23:22:12 executing program 4: 23:22:12 executing program 5: 23:22:12 executing program 0: 23:22:12 executing program 2: 23:22:12 executing program 4: 23:22:12 executing program 3: 23:22:12 executing program 5: 23:22:12 executing program 3: 23:22:12 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000040)=0x6) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000000)={0xffffffffffffff1b, 0x12, 0x100000000000000}, 0xfffffefd) 23:22:12 executing program 2: 23:22:12 executing program 4: 23:22:12 executing program 0: 23:22:12 executing program 5: 23:22:12 executing program 3: 23:22:12 executing program 0: 23:22:12 executing program 5: 23:22:12 executing program 4: 23:22:12 executing program 2: 23:22:12 executing program 3: 23:22:13 executing program 3: 23:22:13 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000040)=0x6) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000000)={0xffffffffffffff1b, 0x12, 0x100000000000000}, 0xfffffefd) 23:22:13 executing program 4: r0 = socket(0x10, 0x2, 0xc) write(r0, &(0x7f0000594000)="1f0000000a06ff00fd4354c007110000f305010008000100020423dcffdf00", 0x1f) 23:22:13 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000340)={0x4, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, 0x0) 23:22:13 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'bridge_slave_0\x00\x04'}) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000080)={'bridge_slave_0\x00?', 0x22000000c0ffffff}) 23:22:13 executing program 5: mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x40031, 0xffffffffffffffff, 0x0) mmap(&(0x7f00000be000/0x3000)=nil, 0x3000, 0x4, 0x100132, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x3, &(0x7f0000000200)={0x0, @in={{0x2, 0x0, @remote}}}, 0x90) 23:22:13 executing program 3: [ 215.948192][ T8383] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 215.977047][ T8387] netlink: 'syz-executor.4': attribute type 1 has an invalid length. 23:22:13 executing program 3: [ 216.000500][ T8387] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.4'. 23:22:13 executing program 5: r0 = socket(0x10, 0x2, 0xc) write(r0, &(0x7f0000594000)="1f0000000806ff00fd4354c007110000f305010008000100020423dcffdf00", 0x1f) [ 216.051900][ T8387] netlink: 'syz-executor.4': attribute type 1 has an invalid length. 23:22:13 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000040)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0x0) 23:22:13 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$RTC_ALM_SET(0xffffffffffffffff, 0x40247007, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1f}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="660f382b1a0f01dfdde80f32d9e90f086665676426f7c5000000000f2245deef0f23f5", 0x23}], 0xaaaaaaaaaaaae88, 0x0, 0x0, 0x0) openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000140)='/dev/btrfs-control\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000002000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xffffffffffffff6a) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, &(0x7f0000000100)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cpuacct.usage_all\x00', 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 216.096783][ T8387] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.4'. [ 216.136906][ T8401] netlink: 'syz-executor.5': attribute type 1 has an invalid length. [ 216.196763][ T8401] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.5'. 23:22:14 executing program 5: socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) recvfrom$inet6(r1, &(0x7f00000001c0)=""/31, 0x1f, 0x100, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x6685) bind$inet(0xffffffffffffffff, 0x0, 0x0) pipe(0x0) setsockopt$TIPC_MCAST_REPLICAST(0xffffffffffffffff, 0x10f, 0x86) recvmsg$kcm(0xffffffffffffff9c, 0x0, 0x40000122) ioctl$sock_inet6_udp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f00000006c0)) socket$packet(0x11, 0x0, 0x300) socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000040)=0x3, 0x4) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) syz_genetlink_get_family_id$nbd(0x0) socket$inet6(0xa, 0x0, 0x0) shutdown(r1, 0x1) r2 = accept4(r0, 0x0, 0x0, 0x80000) sendto$inet6(r2, &(0x7f00000000c0), 0xfffffdda, 0x700, 0x0, 0x0) r3 = syz_open_dev$sndctrl(&(0x7f0000000200)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r3, 0xc0045516, &(0x7f0000000140)=0x100000008001) 23:22:14 executing program 3: r0 = socket(0x10, 0x2, 0xc) write(r0, &(0x7f0000594000)="1f0000000606ff00fd4354c007110000f305010008000100020423dcffdf00", 0x1f) [ 216.345104][ T8415] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 216.373655][ T8413] check_preemption_disabled: 6 callbacks suppressed [ 216.373684][ T8413] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/8413 [ 216.374029][ T8415] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.3'. [ 216.380853][ T8413] caller is ip6_finish_output+0x335/0xdc0 [ 216.405451][ T8413] CPU: 0 PID: 8413 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 216.414495][ T8413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 216.424575][ T8413] Call Trace: [ 216.427908][ T8413] dump_stack+0x172/0x1f0 [ 216.432269][ T8413] __this_cpu_preempt_check+0x246/0x270 [ 216.432302][ T8413] ip6_finish_output+0x335/0xdc0 [ 216.442791][ T8413] ip6_output+0x235/0x7f0 [ 216.442819][ T8413] ? ip6_finish_output+0xdc0/0xdc0 [ 216.442847][ T8413] ? ip6_fragment+0x3980/0x3980 [ 216.457169][ T8413] ip6_xmit+0xe41/0x20c0 [ 216.461436][ T8413] ? perf_trace_run_bpf_submit+0x138/0x190 [ 216.467288][ T8413] ? ip6_finish_output2+0x2550/0x2550 [ 216.472683][ T8413] ? mark_held_locks+0xf0/0xf0 [ 216.477517][ T8413] ? perf_trace_lock+0x510/0x510 [ 216.482487][ T8413] ? ip6_setup_cork+0x1870/0x1870 [ 216.487566][ T8413] inet6_csk_xmit+0x2fb/0x5d0 [ 216.492268][ T8413] ? inet6_csk_update_pmtu+0x190/0x190 [ 216.497737][ T8413] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 216.501465][ T8389] bridge0: port 1(bridge_slave_0) entered disabled state [ 216.504001][ T8413] ? csum_ipv6_magic+0x20/0x80 [ 216.504039][ T8413] __tcp_transmit_skb+0x1a32/0x3750 [ 216.521034][ T8413] ? __tcp_select_window+0x8b0/0x8b0 [ 216.526352][ T8413] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 216.532620][ T8413] ? tcp_fastopen_no_cookie+0xe0/0x190 [ 216.538096][ T8413] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 216.544363][ T8413] tcp_connect+0x1e47/0x4280 [ 216.548995][ T8413] ? tcp_push_one+0x110/0x110 [ 216.553690][ T8413] ? secure_tcpv6_ts_off+0x24f/0x360 [ 216.558993][ T8413] ? secure_dccpv6_sequence_number+0x280/0x280 [ 216.565161][ T8413] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 216.571424][ T8413] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 216.577682][ T8413] ? prandom_u32_state+0x13/0x180 [ 216.582737][ T8413] tcp_v6_connect+0x150b/0x20a0 [ 216.587611][ T8413] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 216.593033][ T8413] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 216.598335][ T8413] ? quarantine_reduce+0x172/0x1b0 [ 216.603464][ T8413] ? find_held_lock+0x35/0x130 [ 216.608259][ T8413] ? lock_downgrade+0x880/0x880 [ 216.613138][ T8413] __inet_stream_connect+0x83f/0xea0 [ 216.618433][ T8413] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 216.623736][ T8413] ? __inet_stream_connect+0x83f/0xea0 [ 216.629223][ T8413] ? inet_dgram_connect+0x2e0/0x2e0 [ 216.634432][ T8413] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 216.639820][ T8413] ? rcu_read_lock_sched_held+0x110/0x130 [ 216.645550][ T8413] ? kmem_cache_alloc_trace+0x354/0x760 [ 216.651100][ T8413] ? __lock_acquire+0x548/0x3fb0 [ 216.656040][ T8413] ? perf_trace_run_bpf_submit+0x138/0x190 [ 216.661872][ T8413] tcp_sendmsg_locked+0x231f/0x37f0 [ 216.667088][ T8413] ? mark_held_locks+0xf0/0xf0 [ 216.671869][ T8413] ? mark_held_locks+0xa4/0xf0 [ 216.676655][ T8413] ? tcp_sendpage+0x60/0x60 [ 216.681170][ T8413] ? lock_sock_nested+0x9a/0x120 [ 216.686114][ T8413] ? trace_hardirqs_on+0x67/0x230 [ 216.691146][ T8413] ? lock_sock_nested+0x9a/0x120