[ 37.499331][ T26] audit: type=1800 audit(1554673663.754:28): pid=7545 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 38.300906][ T26] audit: type=1800 audit(1554673664.644:29): pid=7545 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 38.321321][ T26] audit: type=1800 audit(1554673664.654:30): pid=7545 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 [....] startpar: service(s) returned failure: ssh ...[?25l[?1c7[FAIL8[?25h[?0c failed! Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.223' (ECDSA) to the list of known hosts. 2019/04/07 21:48:08 fuzzer started 2019/04/07 21:48:10 dialing manager at 10.128.0.26:34543 2019/04/07 21:48:10 syscalls: 2408 2019/04/07 21:48:10 code coverage: enabled 2019/04/07 21:48:10 comparison tracing: enabled 2019/04/07 21:48:10 extra coverage: extra coverage is not supported by the kernel 2019/04/07 21:48:10 setuid sandbox: enabled 2019/04/07 21:48:10 namespace sandbox: enabled 2019/04/07 21:48:10 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/07 21:48:10 fault injection: enabled 2019/04/07 21:48:10 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/07 21:48:10 net packet injection: enabled 2019/04/07 21:48:10 net device setup: enabled 21:50:18 executing program 0: r0 = socket$inet6(0x10, 0x1200000000003, 0x0) sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="5500000018007f7005fe01b2a4a270930a601480fea8430291040000390009003500500014000000080005001400081001f3678b80142314e9030b975668a5b16732009b1100b1df13000000fb0000000000000000", 0x55}], 0x1}, 0x0) syzkaller login: [ 191.938897][ T7733] IPVS: ftp: loaded support on port[0] = 21 21:50:18 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) openat$ashmem(0xffffffffffffff9c, 0x0, 0x0, 0x0) accept(0xffffffffffffffff, 0x0, &(0x7f0000000680)) listen(r0, 0x20000000) r1 = socket$inet6(0xa, 0x6, 0x0) lchown(0x0, 0x0, 0x0) connect$inet6(r1, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet6_int(r2, 0x29, 0xb, &(0x7f0000000040)=0x100000000001f, 0x4) sendmmsg(r2, &(0x7f0000003d40)=[{{&(0x7f0000001b00)=@l2={0x1f, 0x0, {0x0, 0x0, 0x0, 0x27000000}}, 0x80, 0x0, 0x0, &(0x7f0000001d40)}}, {{&(0x7f0000002300)=@nl, 0x80, &(0x7f0000003740), 0x0, &(0x7f00000037c0)}}], 0x2, 0x0) [ 192.087201][ T7733] chnl_net:caif_netlink_parms(): no params data found [ 192.177017][ T7733] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.200387][ T7733] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.209556][ T7733] device bridge_slave_0 entered promiscuous mode [ 192.219760][ T7733] bridge0: port 2(bridge_slave_1) entered blocking state 21:50:18 executing program 2: r0 = syz_open_dev$sndseq(&(0x7f0000000800)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r0, 0xc08c5336, &(0x7f0000000340)={0x0, 0x0, 0x0, 'queue0\x00'}) [ 192.227627][ T7733] bridge0: port 2(bridge_slave_1) entered disabled state [ 192.236802][ T7733] device bridge_slave_1 entered promiscuous mode [ 192.251342][ T7736] IPVS: ftp: loaded support on port[0] = 21 [ 192.308505][ T7733] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 192.347970][ T7733] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 192.418915][ T7733] team0: Port device team_slave_0 added [ 192.452287][ T7733] team0: Port device team_slave_1 added 21:50:18 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000240)="580000001400192340834b80043f679a10ffff7f4e32f61bcdf1e422000000000100804824ca945f64009400050028925aaa001f00000000008400f0fffeff2c707f8f00ff050000000010000100090a0000000000000000", 0x58}], 0x1) [ 192.565742][ T7733] device hsr_slave_0 entered promiscuous mode [ 192.623205][ T7733] device hsr_slave_1 entered promiscuous mode 21:50:19 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) read(r1, 0x0, 0x0) gettid() timer_create(0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) tkill(0x0, 0x0) [ 192.708282][ T7740] IPVS: ftp: loaded support on port[0] = 21 [ 192.712680][ T7733] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.721433][ T7733] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.729273][ T7733] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.736383][ T7733] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.748842][ T7742] IPVS: ftp: loaded support on port[0] = 21 [ 192.827089][ T7736] chnl_net:caif_netlink_parms(): no params data found [ 192.949446][ T7744] IPVS: ftp: loaded support on port[0] = 21 [ 192.968342][ T7736] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.980961][ T7736] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.989367][ T7736] device bridge_slave_0 entered promiscuous mode [ 193.000557][ T7736] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.008582][ T7736] bridge0: port 2(bridge_slave_1) entered disabled state [ 193.016809][ T7736] device bridge_slave_1 entered promiscuous mode 21:50:19 executing program 5: r0 = epoll_create1(0x0) r1 = socket(0x11, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000)={0xfffffffe8000201f}) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x0) fcntl$getown(r1, 0x9) epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0xe6) accept$packet(0xffffffffffffffff, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) bind$packet(r2, &(0x7f0000000140)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @remote}, 0x14) sendmmsg(r2, &(0x7f0000008a80), 0x400000000000328, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0) getgid() lstat(0x0, 0x0) getgid() [ 193.095232][ T7736] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 193.112688][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 193.133767][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 193.160753][ T7736] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 193.245123][ T7733] 8021q: adding VLAN 0 to HW filter on device bond0 [ 193.265035][ T7742] chnl_net:caif_netlink_parms(): no params data found [ 193.275648][ T7736] team0: Port device team_slave_0 added [ 193.299248][ T7736] team0: Port device team_slave_1 added [ 193.364892][ T7736] device hsr_slave_0 entered promiscuous mode [ 193.403232][ T7736] device hsr_slave_1 entered promiscuous mode [ 193.443277][ T7740] chnl_net:caif_netlink_parms(): no params data found [ 193.471485][ T7750] IPVS: ftp: loaded support on port[0] = 21 [ 193.487219][ T7742] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.496256][ T7742] bridge0: port 1(bridge_slave_0) entered disabled state [ 193.505015][ T7742] device bridge_slave_0 entered promiscuous mode [ 193.512650][ T7742] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.520509][ T7742] bridge0: port 2(bridge_slave_1) entered disabled state [ 193.528821][ T7742] device bridge_slave_1 entered promiscuous mode [ 193.582126][ T7740] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.589402][ T7740] bridge0: port 1(bridge_slave_0) entered disabled state [ 193.597402][ T7740] device bridge_slave_0 entered promiscuous mode [ 193.611871][ T7742] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 193.622133][ T7742] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 193.642408][ T7740] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.650740][ T7740] bridge0: port 2(bridge_slave_1) entered disabled state [ 193.659343][ T7740] device bridge_slave_1 entered promiscuous mode [ 193.668219][ T7737] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 193.676699][ T7737] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 193.744001][ T7742] team0: Port device team_slave_0 added [ 193.753522][ T7733] 8021q: adding VLAN 0 to HW filter on device team0 [ 193.776746][ T7742] team0: Port device team_slave_1 added [ 193.787206][ T7744] chnl_net:caif_netlink_parms(): no params data found [ 193.798236][ T7740] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 193.809209][ T7740] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 193.841564][ T7740] team0: Port device team_slave_0 added [ 193.860427][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 193.868929][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 193.877445][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.884509][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.907055][ T7740] team0: Port device team_slave_1 added [ 193.944439][ T7742] device hsr_slave_0 entered promiscuous mode [ 193.983441][ T7742] device hsr_slave_1 entered promiscuous mode [ 194.074495][ T7745] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 194.083341][ T7745] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 194.091621][ T7745] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.098779][ T7745] bridge0: port 2(bridge_slave_1) entered forwarding state [ 194.107345][ T7745] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 194.131117][ T7744] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.139235][ T7744] bridge0: port 1(bridge_slave_0) entered disabled state [ 194.149026][ T7744] device bridge_slave_0 entered promiscuous mode [ 194.156942][ T7744] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.164698][ T7744] bridge0: port 2(bridge_slave_1) entered disabled state [ 194.172302][ T7744] device bridge_slave_1 entered promiscuous mode [ 194.230549][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 194.244171][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 194.252625][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 194.261334][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 194.270031][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 194.335665][ T7740] device hsr_slave_0 entered promiscuous mode [ 194.373261][ T7740] device hsr_slave_1 entered promiscuous mode [ 194.438554][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 194.447059][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 194.455661][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 194.467091][ T7733] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 194.478391][ T7733] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 194.487846][ T7744] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 194.500614][ T7744] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 194.526862][ T7744] team0: Port device team_slave_0 added [ 194.533875][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 194.542179][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 194.559178][ T7750] chnl_net:caif_netlink_parms(): no params data found [ 194.583547][ T7744] team0: Port device team_slave_1 added [ 194.624097][ T7733] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 194.686707][ T7744] device hsr_slave_0 entered promiscuous mode [ 194.753322][ T7744] device hsr_slave_1 entered promiscuous mode [ 194.840238][ T7736] 8021q: adding VLAN 0 to HW filter on device bond0 [ 194.868498][ T7742] 8021q: adding VLAN 0 to HW filter on device bond0 [ 194.897231][ T7744] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.904346][ T7744] bridge0: port 2(bridge_slave_1) entered forwarding state [ 194.911697][ T7744] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.918807][ T7744] bridge0: port 1(bridge_slave_0) entered forwarding state [ 194.938469][ T7740] 8021q: adding VLAN 0 to HW filter on device bond0 21:50:21 executing program 0: sched_setaffinity(0x0, 0x375, &(0x7f0000000140)=0x5) chdir(&(0x7f0000000340)='./file0\x00') symlink(&(0x7f0000000800)='./file0/file0\x00', &(0x7f00000007c0)='./file0\x00') lstat(&(0x7f0000000600)='./file0/file0\x00', 0x0) [ 194.951208][ T7750] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.965581][ T7750] bridge0: port 1(bridge_slave_0) entered disabled state [ 194.977816][ T7750] device bridge_slave_0 entered promiscuous mode [ 194.988196][ T7750] bridge0: port 2(bridge_slave_1) entered blocking state 21:50:21 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) chdir(&(0x7f0000000340)='./file0\x00') symlink(&(0x7f0000000800)='./file0/file0\x00', &(0x7f00000007c0)='./file0\x00') clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) lstat(&(0x7f0000000600)='./file0/file0\x00', 0x0) [ 194.999200][ T7750] bridge0: port 2(bridge_slave_1) entered disabled state [ 195.016514][ T7750] device bridge_slave_1 entered promiscuous mode [ 195.039449][ T7737] bridge0: port 1(bridge_slave_0) entered disabled state [ 195.048426][ T7737] bridge0: port 2(bridge_slave_1) entered disabled state [ 195.064213][ T7737] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 195.083970][ T7737] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 195.093996][ T7740] 8021q: adding VLAN 0 to HW filter on device team0 21:50:21 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) getrlimit(0x0, &(0x7f00000000c0)) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0c0583b, &(0x7f0000000040)) [ 195.108554][ T7736] 8021q: adding VLAN 0 to HW filter on device team0 [ 195.124542][ T7750] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 195.134826][ T7750] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 195.147360][ T7745] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 195.155794][ T7745] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 195.170794][ T7745] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 195.183628][ T7745] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 195.192020][ T7745] bridge0: port 1(bridge_slave_0) entered blocking state [ 195.199118][ T7745] bridge0: port 1(bridge_slave_0) entered forwarding state [ 195.207566][ T7745] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 195.238279][ T7751] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 195.248219][ T7751] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 195.265260][ T7742] 8021q: adding VLAN 0 to HW filter on device team0 [ 195.285084][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 195.294383][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 195.302715][ T74] bridge0: port 1(bridge_slave_0) entered blocking state [ 195.309809][ T74] bridge0: port 1(bridge_slave_0) entered forwarding state [ 195.317975][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 195.327260][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 195.335910][ T74] bridge0: port 2(bridge_slave_1) entered blocking state [ 195.343040][ T74] bridge0: port 2(bridge_slave_1) entered forwarding state 21:50:21 executing program 0: mkdir(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) chdir(&(0x7f0000000340)='./file0\x00') symlink(&(0x7f0000000800)='./file0/file0\x00', &(0x7f00000007c0)='./file0\x00') lstat(&(0x7f0000000600)='./file0/file0\x00', 0x0) [ 195.364788][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 195.372721][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 195.381559][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 195.398175][ T74] bridge0: port 2(bridge_slave_1) entered blocking state [ 195.405316][ T74] bridge0: port 2(bridge_slave_1) entered forwarding state 21:50:21 executing program 0: setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") creat(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f00000000c0)='sockfs\x00', 0x0, 0x0) [ 195.417316][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 195.426117][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 195.434946][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 195.443608][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 195.453465][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 195.462113][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 195.473593][ T7750] team0: Port device team_slave_0 added [ 195.494747][ T7750] team0: Port device team_slave_1 added [ 195.505142][ T7736] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 195.516437][ T7736] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 195.538338][ T7737] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 195.546607][ T7737] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 195.555186][ T7737] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 195.564059][ T7737] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 195.572470][ T7737] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 195.581481][ T7737] bridge0: port 1(bridge_slave_0) entered blocking state [ 195.588619][ T7737] bridge0: port 1(bridge_slave_0) entered forwarding state [ 195.596590][ T7737] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 195.605240][ T7737] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 195.613975][ T7737] bridge0: port 2(bridge_slave_1) entered blocking state [ 195.621014][ T7737] bridge0: port 2(bridge_slave_1) entered forwarding state [ 195.628676][ T7737] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 195.636939][ T7737] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 195.645819][ T7737] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 195.654173][ T7737] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 195.662291][ T7737] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 195.704566][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 195.712529][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 195.720468][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 195.729210][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 195.739073][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 195.747484][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 195.756302][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 195.764725][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 195.773316][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 195.781568][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 195.790110][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 195.799274][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 195.807885][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 195.816191][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 195.824437][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 195.864701][ T7750] device hsr_slave_0 entered promiscuous mode [ 195.933290][ T7750] device hsr_slave_1 entered promiscuous mode 21:50:22 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ifreq(r0, 0x8922, &(0x7f0000000100)={'veth1_to_hsr\x00', @ifru_names='\x0f\xa0p\x00'}) [ 195.985743][ T7740] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 196.000419][ T7737] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 196.009162][ T7737] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 196.038568][ T7742] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 196.049622][ T7742] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 196.066081][ T7751] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 196.074775][ T7751] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 196.083398][ T7751] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 196.091557][ T7751] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 196.100485][ T7783] veth1_to_hsr: mtu greater than device maximum [ 196.114863][ T7736] 8021q: adding VLAN 0 to HW filter on device batadv0 21:50:22 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/netlink\x00') preadv(r0, &(0x7f0000000040)=[{&(0x7f0000000000)=""/38, 0x26}], 0x1, 0xf0ff7f) [ 196.133347][ T7751] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 196.188079][ T7744] 8021q: adding VLAN 0 to HW filter on device bond0 [ 196.196034][ C0] hrtimer: interrupt took 25051 ns [ 196.206121][ T7740] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 196.251456][ T7742] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 196.289328][ T7744] 8021q: adding VLAN 0 to HW filter on device team0 [ 196.319717][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 196.347181][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 196.432297][ T7790] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7790 [ 196.434774][ T7737] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 196.442445][ T7790] caller is ip6_finish_output+0x335/0xdc0 [ 196.457087][ T7790] CPU: 0 PID: 7790 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 196.466110][ T7790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 196.473882][ T7737] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 196.476166][ T7790] Call Trace: [ 196.476201][ T7790] dump_stack+0x172/0x1f0 [ 196.476236][ T7790] __this_cpu_preempt_check+0x246/0x270 [ 196.497328][ T7790] ip6_finish_output+0x335/0xdc0 [ 196.501344][ T7737] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.502274][ T7790] ip6_output+0x235/0x7f0 [ 196.502295][ T7790] ? ip6_finish_output+0xdc0/0xdc0 [ 196.502319][ T7790] ? ip6_fragment+0x3980/0x3980 [ 196.509397][ T7737] bridge0: port 1(bridge_slave_0) entered forwarding state [ 196.513658][ T7790] ip6_xmit+0xe41/0x20c0 [ 196.513684][ T7790] ? ip6_finish_output2+0x2550/0x2550 [ 196.530819][ T7790] ? mark_held_locks+0xf0/0xf0 [ 196.530838][ T7790] ? ip6_setup_cork+0x1870/0x1870 [ 196.530869][ T7790] inet6_csk_xmit+0x2fb/0x5d0 [ 196.538301][ T7737] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 196.540574][ T7790] ? inet6_csk_update_pmtu+0x190/0x190 [ 196.540601][ T7790] ? inet6_csk_update_pmtu+0x190/0x190 [ 196.540623][ T7790] dccp_transmit_skb+0xca5/0x12c0 [ 196.550390][ T7790] dccp_connect+0x31d/0x620 [ 196.550411][ T7790] dccp_v6_connect+0xdaa/0x1990 [ 196.550433][ T7790] ? dccp_v6_init_sock+0xa0/0xa0 [ 196.556661][ T7737] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 196.563194][ T7790] __inet_stream_connect+0x83f/0xea0 [ 196.563211][ T7790] ? dccp_v6_init_sock+0xa0/0xa0 [ 196.563234][ T7790] ? __inet_stream_connect+0x83f/0xea0 [ 196.576634][ T7737] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.579156][ T7790] ? mark_held_locks+0xa4/0xf0 [ 196.579179][ T7790] ? inet_dgram_connect+0x2e0/0x2e0 [ 196.579210][ T7790] ? lock_sock_nested+0x9a/0x120 [ 196.583753][ T7737] bridge0: port 2(bridge_slave_1) entered forwarding state [ 196.588544][ T7790] ? trace_hardirqs_on+0x67/0x230 [ 196.607619][ T7737] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 196.611605][ T7790] ? lock_sock_nested+0x9a/0x120 [ 196.611625][ T7790] ? __local_bh_enable_ip+0x15a/0x270 [ 196.611657][ T7790] inet_stream_connect+0x58/0xa0 [ 196.618015][ T7737] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 196.624113][ T7790] __sys_connect+0x266/0x330 [ 196.624133][ T7790] ? __ia32_sys_accept+0xb0/0xb0 [ 196.624148][ T7790] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 196.624162][ T7790] ? put_timespec64+0xda/0x140 [ 196.624196][ T7790] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 196.649128][ T7750] 8021q: adding VLAN 0 to HW filter on device bond0 [ 196.651255][ T7790] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 196.663083][ T7751] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 196.664052][ T7790] ? do_syscall_64+0x26/0x610 [ 196.664070][ T7790] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.664083][ T7790] ? do_syscall_64+0x26/0x610 [ 196.664107][ T7790] __x64_sys_connect+0x73/0xb0 [ 196.670147][ T7751] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 196.674396][ T7790] do_syscall_64+0x103/0x610 [ 196.674416][ T7790] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.674435][ T7790] RIP: 0033:0x4582b9 [ 196.684317][ T7751] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 196.686896][ T7790] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 196.686905][ T7790] RSP: 002b:00007f0209e1cc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 196.686919][ T7790] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 196.686927][ T7790] RDX: 000000000000001c RSI: 0000000020419000 RDI: 0000000000000005 [ 196.686943][ T7790] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 196.692686][ T7751] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 196.698102][ T7790] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0209e1d6d4 [ 196.698111][ T7790] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff [ 196.748798][ T7790] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7790 [ 196.769476][ T7751] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 196.771796][ T7790] caller is ip6_finish_output+0x335/0xdc0 [ 196.783465][ T7751] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 196.784732][ T7790] CPU: 0 PID: 7790 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 196.804698][ T7751] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 196.811797][ T7790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 196.811803][ T7790] Call Trace: [ 196.811829][ T7790] dump_stack+0x172/0x1f0 [ 196.811857][ T7790] __this_cpu_preempt_check+0x246/0x270 [ 196.820979][ T7751] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 196.827800][ T7790] ip6_finish_output+0x335/0xdc0 [ 196.827822][ T7790] ip6_output+0x235/0x7f0 [ 196.827841][ T7790] ? ip6_finish_output+0xdc0/0xdc0 [ 196.827856][ T7790] ? retint_kernel+0x2d/0x2d [ 196.827877][ T7790] ? ip6_fragment+0x3980/0x3980 [ 196.838252][ T7744] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 196.843643][ T7790] ? ip6_finish_output+0xdc0/0xdc0 [ 196.843665][ T7790] ip6_xmit+0xe41/0x20c0 [ 196.843679][ T7790] ? mark_held_locks+0xa4/0xf0 [ 196.843702][ T7790] ? ip6_finish_output2+0x2550/0x2550 [ 196.866541][ T7750] 8021q: adding VLAN 0 to HW filter on device team0 [ 196.869283][ T7790] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 196.869311][ T7790] ? ip6_setup_cork+0x1870/0x1870 [ 196.905360][ T7750] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 196.907303][ T7790] ? retint_kernel+0x2d/0x2d [ 196.907334][ T7790] inet6_csk_xmit+0x2fb/0x5d0 [ 196.917476][ T7750] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 196.920665][ T7790] ? inet6_csk_update_pmtu+0x190/0x190 [ 196.920697][ T7790] ? dccp_v6_send_check+0x2a0/0x3e0 [ 196.939902][ T7750] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 196.943208][ T7790] dccp_transmit_skb+0xca5/0x12c0 [ 196.943225][ T7790] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 196.943253][ T7790] dccp_send_ack+0x1d7/0x360 [ 196.952690][ T7790] dccp_rcv_state_process+0x1376/0x1935 [ 197.074297][ T7790] dccp_v6_do_rcv+0x269/0xbf0 [ 197.078989][ T7790] __release_sock+0x12e/0x3a0 [ 197.083677][ T7790] release_sock+0x59/0x1c0 [ 197.088098][ T7790] __inet_stream_connect+0x59f/0xea0 [ 197.093388][ T7790] ? inet_dgram_connect+0x2e0/0x2e0 [ 197.098580][ T7790] ? lock_sock_nested+0x9a/0x120 [ 197.103516][ T7790] ? do_wait_intr_irq+0x2b0/0x2b0 [ 197.108540][ T7790] ? __local_bh_enable_ip+0x15a/0x270 [ 197.113918][ T7790] inet_stream_connect+0x58/0xa0 [ 197.118857][ T7790] __sys_connect+0x266/0x330 [ 197.123447][ T7790] ? __ia32_sys_accept+0xb0/0xb0 [ 197.128383][ T7790] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 197.134620][ T7790] ? put_timespec64+0xda/0x140 [ 197.139395][ T7790] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 197.144852][ T7790] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 197.150310][ T7790] ? do_syscall_64+0x26/0x610 [ 197.154994][ T7790] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.161064][ T7790] ? do_syscall_64+0x26/0x610 [ 197.165747][ T7790] __x64_sys_connect+0x73/0xb0 [ 197.170523][ T7790] do_syscall_64+0x103/0x610 [ 197.175120][ T7790] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.181009][ T7790] RIP: 0033:0x4582b9 [ 197.184903][ T7790] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 197.204505][ T7790] RSP: 002b:00007f0209e1cc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 197.212915][ T7790] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 197.220880][ T7790] RDX: 000000000000001c RSI: 0000000020419000 RDI: 0000000000000005 [ 197.229311][ T7790] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 197.237280][ T7790] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0209e1d6d4 [ 197.246036][ T7790] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff [ 197.260014][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 197.286142][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 197.286995][ T7799] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7799 [ 197.300913][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 197.303002][ T7799] caller is ip6_finish_output+0x335/0xdc0 [ 197.311298][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 197.316210][ T7799] CPU: 0 PID: 7799 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 197.327614][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 197.333100][ T7799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 197.333106][ T7799] Call Trace: [ 197.333130][ T7799] dump_stack+0x172/0x1f0 [ 197.333153][ T7799] __this_cpu_preempt_check+0x246/0x270 [ 197.333172][ T7799] ip6_finish_output+0x335/0xdc0 [ 197.333196][ T7799] ip6_output+0x235/0x7f0 [ 197.342027][ T74] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.351224][ T7799] ? ip6_finish_output+0xdc0/0xdc0 [ 197.351238][ T7799] ? retint_kernel+0x2d/0x2d [ 197.351257][ T7799] ? ip6_fragment+0x3980/0x3980 [ 197.351273][ T7799] ? ip6_finish_output+0xdc0/0xdc0 [ 197.351292][ T7799] ip6_xmit+0xe41/0x20c0 [ 197.351320][ T7799] ? ip6_finish_output2+0x2550/0x2550 [ 197.354644][ T74] bridge0: port 1(bridge_slave_0) entered forwarding state [ 197.358913][ T7799] ? retint_kernel+0x2d/0x2d [ 197.365489][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 197.369388][ T7799] ? ip6_setup_cork+0x1870/0x1870 [ 197.369422][ T7799] inet6_csk_xmit+0x2fb/0x5d0 [ 197.369443][ T7799] ? inet6_csk_update_pmtu+0x190/0x190 [ 197.375553][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 197.380786][ T7799] ? dccp_v6_send_check+0x2a0/0x3e0 [ 197.380807][ T7799] dccp_transmit_skb+0xca5/0x12c0 [ 197.380828][ T7799] dccp_connect+0x31d/0x620 [ 197.386865][ T74] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.390510][ T7799] dccp_v6_connect+0xdaa/0x1990 [ 197.390528][ T7799] ? trace_hardirqs_on_thunk+0x1a/0x1c 21:50:23 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/netlink\x00') preadv(r0, &(0x7f0000000040)=[{&(0x7f0000000000)=""/38, 0x26}], 0x1, 0xf0ff7f) ioctl$EVIOCGKEY(r0, 0x80404518, &(0x7f0000000080)=""/71) 21:50:23 executing program 0: chdir(0x0) symlink(&(0x7f0000000800)='./file0/file0\x00', &(0x7f00000007c0)='./file0\x00') 21:50:23 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) getrlimit(0x0, &(0x7f00000000c0)) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0c0583b, &(0x7f0000000040)) [ 197.390550][ T7799] ? dccp_v6_init_sock+0xa0/0xa0 [ 197.390587][ T7799] __inet_stream_connect+0x83f/0xea0 [ 197.395996][ T74] bridge0: port 2(bridge_slave_1) entered forwarding state [ 197.401057][ T7799] ? dccp_v6_init_sock+0xa0/0xa0 [ 197.406319][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 197.410637][ T7799] ? __inet_stream_connect+0x83f/0xea0 [ 197.410656][ T7799] ? mark_held_locks+0xa4/0xf0 [ 197.410676][ T7799] ? inet_dgram_connect+0x2e0/0x2e0 [ 197.410691][ T7799] ? lock_sock_nested+0x9a/0x120 [ 197.410713][ T7799] ? trace_hardirqs_on+0x67/0x230 [ 197.419946][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 197.422478][ T7799] ? lock_sock_nested+0x9a/0x120 [ 197.422498][ T7799] ? __local_bh_enable_ip+0x15a/0x270 [ 197.422522][ T7799] inet_stream_connect+0x58/0xa0 [ 197.422544][ T7799] __sys_connect+0x266/0x330 [ 197.432554][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 197.435623][ T7799] ? __ia32_sys_accept+0xb0/0xb0 [ 197.435639][ T7799] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 197.435654][ T7799] ? put_timespec64+0xda/0x140 [ 197.435682][ T7799] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 197.435697][ T7799] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 197.435718][ T7799] ? do_syscall_64+0x26/0x610 [ 197.443125][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 197.445840][ T7799] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.445857][ T7799] ? do_syscall_64+0x26/0x610 [ 197.445881][ T7799] __x64_sys_connect+0x73/0xb0 [ 197.445901][ T7799] do_syscall_64+0x103/0x610 [ 197.454606][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 197.459057][ T7799] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.459071][ T7799] RIP: 0033:0x4582b9 [ 197.459087][ T7799] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 197.459094][ T7799] RSP: 002b:00007f0209dfbc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 197.465702][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 197.468606][ T7799] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 197.468615][ T7799] RDX: 000000000000001c RSI: 0000000020419000 RDI: 0000000000000008 [ 197.468623][ T7799] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 197.468633][ T7799] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0209dfc6d4 [ 197.468642][ T7799] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff [ 197.677281][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 197.724927][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 197.768256][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 197.789390][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 197.822198][ T7753] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 197.831397][ T7753] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 197.839767][ T7753] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 197.856554][ T7744] 8021q: adding VLAN 0 to HW filter on device batadv0 21:50:24 executing program 4: 21:50:24 executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x3, &(0x7f0000346fc8)=@framed, &(0x7f0000f6bffb)='GPL\x00', 0x1, 0xfb, &(0x7f00000002c0)=""/251}, 0x48) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000640)=r0, 0x4) 21:50:24 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x14b, 0x4) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) sendmmsg(r0, &(0x7f00000002c0), 0x400000000000174, 0x0) 21:50:24 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/netlink\x00') preadv(r0, &(0x7f0000000040)=[{&(0x7f0000000000)=""/38, 0x26}], 0x1, 0xf0ff7f) ioctl$EVIOCGKEY(r0, 0x80404518, &(0x7f0000000080)=""/71) 21:50:24 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6(0xa, 0x80003, 0xfc) connect$inet6(r1, &(0x7f0000000180)={0xa, 0x0, 0x0, @mcast2, 0x20000000000004}, 0x1c) recvmsg(0xffffffffffffffff, 0x0, 0x40000000) sendmmsg(r1, &(0x7f0000001300)=[{{0x0, 0x0, &(0x7f0000001180), 0x240, &(0x7f00000011c0)}}], 0x249, 0x0) 21:50:24 executing program 5: [ 198.044709][ T7833] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7833 [ 198.044854][ T7835] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7835 [ 198.054291][ T7833] caller is ip6_finish_output+0x335/0xdc0 [ 198.063601][ T7835] caller is sk_mc_loop+0x1d/0x210 [ 198.063620][ T7835] CPU: 1 PID: 7835 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 198.063628][ T7835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 198.063632][ T7835] Call Trace: [ 198.063655][ T7835] dump_stack+0x172/0x1f0 [ 198.063679][ T7835] __this_cpu_preempt_check+0x246/0x270 [ 198.106572][ T7835] sk_mc_loop+0x1d/0x210 [ 198.110821][ T7835] ip_mc_output+0x2ef/0xf70 [ 198.115333][ T7835] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 198.120463][ T7835] ? ip_append_data.part.0+0x170/0x170 [ 198.125923][ T7835] ? ip_make_skb+0x1b1/0x2c0 [ 198.130526][ T7835] ? ip_reply_glue_bits+0xc0/0xc0 [ 198.135552][ T7835] ip_local_out+0xc4/0x1b0 [ 198.139978][ T7835] ip_send_skb+0x42/0xf0 [ 198.144220][ T7835] udp_send_skb.isra.0+0x6b2/0x1180 [ 198.149420][ T7835] ? xfrm_lookup_route+0x5b/0x1f0 [ 198.154453][ T7835] udp_sendmsg+0x1dfd/0x2820 [ 198.159039][ T7835] ? __lock_acquire+0x548/0x3fb0 [ 198.163979][ T7835] ? find_held_lock+0x35/0x130 [ 198.168748][ T7835] ? ip_reply_glue_bits+0xc0/0xc0 [ 198.173779][ T7835] ? udp4_lib_lookup_skb+0x440/0x440 [ 198.179110][ T7835] udpv6_sendmsg+0x13a4/0x28d0 [ 198.183878][ T7835] ? udpv6_sendmsg+0x13a4/0x28d0 [ 198.188828][ T7835] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 198.194816][ T7835] ? aa_profile_af_perm+0x320/0x320 [ 198.200022][ T7835] ? __might_fault+0x12b/0x1e0 [ 198.204790][ T7835] ? find_held_lock+0x35/0x130 [ 198.209553][ T7835] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 198.215810][ T7835] ? rw_copy_check_uvector+0x2a6/0x330 [ 198.221284][ T7835] ? ___might_sleep+0x163/0x280 [ 198.226138][ T7835] ? __might_sleep+0x95/0x190 [ 198.230817][ T7835] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 198.236452][ T7835] ? aa_sk_perm+0x288/0x880 [ 198.240990][ T7835] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 198.246544][ T7835] inet_sendmsg+0x147/0x5e0 [ 198.251050][ T7835] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 198.257024][ T7835] ? inet_sendmsg+0x147/0x5e0 [ 198.261689][ T7835] ? ipip_gro_receive+0x100/0x100 [ 198.266702][ T7835] sock_sendmsg+0xdd/0x130 [ 198.271120][ T7835] ___sys_sendmsg+0x3e2/0x930 [ 198.275807][ T7835] ? copy_msghdr_from_user+0x430/0x430 [ 198.281273][ T7835] ? lock_downgrade+0x880/0x880 [ 198.286149][ T7835] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 198.292394][ T7835] ? kasan_check_read+0x11/0x20 [ 198.297261][ T7835] ? __fget+0x381/0x550 [ 198.301423][ T7835] ? ksys_dup3+0x3e0/0x3e0 [ 198.305849][ T7835] ? __fget_light+0x1a9/0x230 [ 198.310534][ T7835] ? __fdget+0x1b/0x20 [ 198.314600][ T7835] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 198.320842][ T7835] ? sockfd_lookup_light+0xcb/0x180 [ 198.326039][ T7835] __sys_sendmmsg+0x1bf/0x4d0 [ 198.330720][ T7835] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 198.335753][ T7835] ? _copy_to_user+0xc9/0x120 [ 198.340528][ T7835] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 198.346763][ T7835] ? put_timespec64+0xda/0x140 [ 198.351527][ T7835] ? nsecs_to_jiffies+0x30/0x30 [ 198.356384][ T7835] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 198.361842][ T7835] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 198.367301][ T7835] ? do_syscall_64+0x26/0x610 [ 198.371982][ T7835] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 198.378052][ T7835] ? do_syscall_64+0x26/0x610 [ 198.382733][ T7835] __x64_sys_sendmmsg+0x9d/0x100 [ 198.387674][ T7835] do_syscall_64+0x103/0x610 [ 198.392270][ T7835] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 198.399068][ T7835] RIP: 0033:0x4582b9 [ 198.402971][ T7835] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 198.422599][ T7835] RSP: 002b:00007f1ac8f6dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 198.431016][ T7835] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 198.438990][ T7835] RDX: 0400000000000174 RSI: 00000000200002c0 RDI: 0000000000000003 [ 198.446963][ T7835] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 198.454936][ T7835] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1ac8f6e6d4 [ 198.462911][ T7835] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 198.470908][ T7833] CPU: 0 PID: 7833 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 198.479943][ T7833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 198.490032][ T7833] Call Trace: [ 198.493327][ T7833] dump_stack+0x172/0x1f0 [ 198.497663][ T7833] __this_cpu_preempt_check+0x246/0x270 [ 198.503211][ T7833] ip6_finish_output+0x335/0xdc0 [ 198.508154][ T7833] ip6_output+0x235/0x7f0 [ 198.512484][ T7833] ? ip6_finish_output+0xdc0/0xdc0 [ 198.517596][ T7833] ? ip6_fragment+0x3980/0x3980 [ 198.522464][ T7833] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 198.528021][ T7833] ip6_local_out+0xc4/0x1b0 [ 198.532536][ T7833] ip6_send_skb+0xbb/0x350 [ 198.536967][ T7833] ip6_push_pending_frames+0xc8/0xf0 [ 198.542253][ T7833] rawv6_sendmsg+0x299c/0x35e0 [ 198.547026][ T7833] ? rawv6_getsockopt+0x150/0x150 [ 198.552052][ T7833] ? aa_profile_af_perm+0x320/0x320 [ 198.557264][ T7833] ? _copy_from_user+0xdd/0x150 [ 198.562115][ T7833] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 198.567847][ T7833] ? rw_copy_check_uvector+0x2a6/0x330 [ 198.573314][ T7833] ? ___might_sleep+0x163/0x280 [ 198.578162][ T7833] ? __might_sleep+0x95/0x190 [ 198.582851][ T7833] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 198.588395][ T7833] inet_sendmsg+0x147/0x5e0 [ 198.592899][ T7833] ? rawv6_getsockopt+0x150/0x150 [ 198.597914][ T7833] ? inet_sendmsg+0x147/0x5e0 [ 198.602586][ T7833] ? ipip_gro_receive+0x100/0x100 [ 198.607609][ T7833] sock_sendmsg+0xdd/0x130 [ 198.612029][ T7833] ___sys_sendmsg+0x3e2/0x930 [ 198.616707][ T7833] ? copy_msghdr_from_user+0x430/0x430 [ 198.622170][ T7833] ? lock_downgrade+0x880/0x880 [ 198.627021][ T7833] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 198.633263][ T7833] ? kasan_check_read+0x11/0x20 [ 198.638116][ T7833] ? __fget+0x381/0x550 [ 198.642274][ T7833] ? ksys_dup3+0x3e0/0x3e0 [ 198.646699][ T7833] ? __fget_light+0x1a9/0x230 [ 198.651377][ T7833] ? __fdget+0x1b/0x20 [ 198.655442][ T7833] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 198.661679][ T7833] ? sockfd_lookup_light+0xcb/0x180 [ 198.666877][ T7833] __sys_sendmmsg+0x1bf/0x4d0 [ 198.671558][ T7833] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 198.676766][ T7833] ? _copy_to_user+0xc9/0x120 [ 198.681442][ T7833] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 198.687679][ T7833] ? put_timespec64+0xda/0x140 [ 198.692438][ T7833] ? nsecs_to_jiffies+0x30/0x30 [ 198.697297][ T7833] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 198.702749][ T7833] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 198.708290][ T7833] ? do_syscall_64+0x26/0x610 [ 198.712972][ T7833] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 198.719042][ T7833] ? do_syscall_64+0x26/0x610 [ 198.723723][ T7833] __x64_sys_sendmmsg+0x9d/0x100 [ 198.728659][ T7833] do_syscall_64+0x103/0x610 [ 198.733250][ T7833] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 198.739140][ T7833] RIP: 0033:0x4582b9 [ 198.743037][ T7833] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 198.762643][ T7833] RSP: 002b:00007facac035c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 198.771057][ T7833] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 198.779034][ T7833] RDX: 0000000000000249 RSI: 0000000020001300 RDI: 0000000000000005 [ 198.787050][ T7833] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 198.795026][ T7833] R10: 0000000000000000 R11: 0000000000000246 R12: 00007facac0366d4 [ 198.802995][ T7833] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff 21:50:25 executing program 5: 21:50:25 executing program 4: [ 198.943534][ T7835] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7835 [ 198.952974][ T7835] caller is sk_mc_loop+0x1d/0x210 [ 198.958029][ T7835] CPU: 0 PID: 7835 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 198.967049][ T7835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 198.977113][ T7835] Call Trace: [ 198.980420][ T7835] dump_stack+0x172/0x1f0 [ 198.984766][ T7835] __this_cpu_preempt_check+0x246/0x270 [ 198.990323][ T7835] sk_mc_loop+0x1d/0x210 [ 198.994577][ T7835] ip_mc_output+0x2ef/0xf70 [ 198.999094][ T7835] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 199.004214][ T7835] ? ip_append_data.part.0+0x170/0x170 [ 199.009676][ T7835] ? ip_make_skb+0x1b1/0x2c0 [ 199.014274][ T7835] ? ip_reply_glue_bits+0xc0/0xc0 [ 199.019338][ T7835] ip_local_out+0xc4/0x1b0 [ 199.023770][ T7835] ip_send_skb+0x42/0xf0 [ 199.028067][ T7835] udp_send_skb.isra.0+0x6b2/0x1180 [ 199.033275][ T7835] ? xfrm_lookup_route+0x5b/0x1f0 [ 199.038351][ T7835] udp_sendmsg+0x1dfd/0x2820 [ 199.042944][ T7835] ? __lock_acquire+0x548/0x3fb0 [ 199.047897][ T7835] ? find_held_lock+0x35/0x130 [ 199.052669][ T7835] ? ip_reply_glue_bits+0xc0/0xc0 [ 199.057704][ T7835] ? udp4_lib_lookup_skb+0x440/0x440 [ 199.063057][ T7835] udpv6_sendmsg+0x13a4/0x28d0 [ 199.067826][ T7835] ? udpv6_sendmsg+0x13a4/0x28d0 [ 199.072783][ T7835] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 199.078782][ T7835] ? aa_profile_af_perm+0x320/0x320 [ 199.084003][ T7835] ? __might_fault+0x12b/0x1e0 [ 199.088810][ T7835] ? find_held_lock+0x35/0x130 [ 199.093585][ T7835] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.099837][ T7835] ? rw_copy_check_uvector+0x2a6/0x330 [ 199.105314][ T7835] ? ___might_sleep+0x163/0x280 [ 199.110175][ T7835] ? __might_sleep+0x95/0x190 [ 199.114863][ T7835] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 199.120501][ T7835] ? aa_sk_perm+0x288/0x880 [ 199.125028][ T7835] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 199.127331][ T7833] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7833 [ 199.130582][ T7835] inet_sendmsg+0x147/0x5e0 [ 199.130600][ T7835] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 199.130612][ T7835] ? inet_sendmsg+0x147/0x5e0 [ 199.130625][ T7835] ? ipip_gro_receive+0x100/0x100 [ 199.130644][ T7835] sock_sendmsg+0xdd/0x130 [ 199.130664][ T7835] ___sys_sendmsg+0x3e2/0x930 [ 199.139991][ T7833] caller is sk_mc_loop+0x1d/0x210 [ 199.144437][ T7835] ? copy_msghdr_from_user+0x430/0x430 [ 199.144455][ T7835] ? __lock_acquire+0x548/0x3fb0 [ 199.144468][ T7835] ? lock_downgrade+0x880/0x880 [ 199.144489][ T7835] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.195574][ T7835] ? kasan_check_read+0x11/0x20 [ 199.200429][ T7835] ? __might_fault+0x12b/0x1e0 [ 199.205193][ T7835] ? find_held_lock+0x35/0x130 [ 199.209954][ T7835] ? __might_fault+0x12b/0x1e0 [ 199.214732][ T7835] ? lock_downgrade+0x880/0x880 [ 199.219601][ T7835] ? ___might_sleep+0x163/0x280 [ 199.226202][ T7835] __sys_sendmmsg+0x1bf/0x4d0 [ 199.231579][ T7835] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 199.236618][ T7835] ? _copy_to_user+0xc9/0x120 [ 199.241296][ T7835] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.247533][ T7835] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.253774][ T7835] ? put_timespec64+0xda/0x140 [ 199.258535][ T7835] ? nsecs_to_jiffies+0x30/0x30 [ 199.264934][ T7835] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.270403][ T7835] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.275902][ T7835] ? do_syscall_64+0x26/0x610 [ 199.280575][ T7835] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.286640][ T7835] ? do_syscall_64+0x26/0x610 [ 199.291326][ T7835] __x64_sys_sendmmsg+0x9d/0x100 [ 199.296268][ T7835] do_syscall_64+0x103/0x610 [ 199.300863][ T7835] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.306752][ T7835] RIP: 0033:0x4582b9 [ 199.310647][ T7835] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 199.330251][ T7835] RSP: 002b:00007f1ac8f6dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 21:50:25 executing program 5: 21:50:25 executing program 4: 21:50:25 executing program 5: 21:50:25 executing program 4: 21:50:25 executing program 5: [ 199.338666][ T7835] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 199.346636][ T7835] RDX: 0400000000000174 RSI: 00000000200002c0 RDI: 0000000000000003 [ 199.354605][ T7835] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 199.362573][ T7835] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1ac8f6e6d4 [ 199.370543][ T7835] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 199.378534][ T7833] CPU: 1 PID: 7833 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 199.387562][ T7833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.398082][ T7833] Call Trace: [ 199.401379][ T7833] dump_stack+0x172/0x1f0 [ 199.405720][ T7833] __this_cpu_preempt_check+0x246/0x270 [ 199.411289][ T7833] sk_mc_loop+0x1d/0x210 [ 199.415537][ T7833] ip6_finish_output2+0x17a5/0x2550 [ 199.420734][ T7833] ? find_held_lock+0x35/0x130 [ 199.425499][ T7833] ? ip6_mtu+0x2e6/0x460 [ 199.429750][ T7833] ? ip6_forward_finish+0x580/0x580 [ 199.434947][ T7833] ? lock_downgrade+0x880/0x880 [ 199.439806][ T7833] ? rcu_read_unlock_special+0xf3/0x210 [ 199.445357][ T7833] ip6_finish_output+0x614/0xdc0 [ 199.450326][ T7833] ? ip6_finish_output+0x614/0xdc0 [ 199.455442][ T7833] ip6_output+0x235/0x7f0 [ 199.459774][ T7833] ? ip6_finish_output+0xdc0/0xdc0 [ 199.464884][ T7833] ? ip6_fragment+0x3980/0x3980 [ 199.469752][ T7833] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 199.475304][ T7833] ip6_local_out+0xc4/0x1b0 [ 199.479808][ T7833] ip6_send_skb+0xbb/0x350 [ 199.484228][ T7833] ip6_push_pending_frames+0xc8/0xf0 [ 199.489512][ T7833] rawv6_sendmsg+0x299c/0x35e0 [ 199.494287][ T7833] ? rawv6_getsockopt+0x150/0x150 [ 199.499307][ T7833] ? aa_profile_af_perm+0x320/0x320 [ 199.504503][ T7833] ? _copy_from_user+0xdd/0x150 [ 199.509358][ T7833] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 199.515075][ T7833] ? rw_copy_check_uvector+0x2a6/0x330 [ 199.520547][ T7833] ? ___might_sleep+0x163/0x280 [ 199.525401][ T7833] ? __might_sleep+0x95/0x190 [ 199.530107][ T7833] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 199.535654][ T7833] inet_sendmsg+0x147/0x5e0 [ 199.540153][ T7833] ? rawv6_getsockopt+0x150/0x150 [ 199.545169][ T7833] ? inet_sendmsg+0x147/0x5e0 [ 199.549838][ T7833] ? ipip_gro_receive+0x100/0x100 [ 199.554864][ T7833] sock_sendmsg+0xdd/0x130 [ 199.559279][ T7833] ___sys_sendmsg+0x3e2/0x930 [ 199.563982][ T7833] ? copy_msghdr_from_user+0x430/0x430 [ 199.569451][ T7833] ? lock_downgrade+0x880/0x880 [ 199.574298][ T7833] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.580541][ T7833] ? kasan_check_read+0x11/0x20 [ 199.585392][ T7833] ? __fget+0x381/0x550 [ 199.589552][ T7833] ? ksys_dup3+0x3e0/0x3e0 [ 199.593984][ T7833] ? __fget_light+0x1a9/0x230 [ 199.598658][ T7833] ? __fdget+0x1b/0x20 [ 199.602719][ T7833] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.608965][ T7833] ? sockfd_lookup_light+0xcb/0x180 [ 199.614167][ T7833] __sys_sendmmsg+0x1bf/0x4d0 [ 199.618845][ T7833] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 199.623877][ T7833] ? _copy_to_user+0xc9/0x120 [ 199.628555][ T7833] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.634795][ T7833] ? put_timespec64+0xda/0x140 [ 199.639565][ T7833] ? nsecs_to_jiffies+0x30/0x30 [ 199.644421][ T7833] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.649974][ T7833] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.655430][ T7833] ? do_syscall_64+0x26/0x610 [ 199.660102][ T7833] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.666166][ T7833] ? do_syscall_64+0x26/0x610 [ 199.670843][ T7833] __x64_sys_sendmmsg+0x9d/0x100 [ 199.675785][ T7833] do_syscall_64+0x103/0x610 [ 199.680391][ T7833] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.686279][ T7833] RIP: 0033:0x4582b9 [ 199.690170][ T7833] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 199.709770][ T7833] RSP: 002b:00007facac035c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 199.718177][ T7833] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 199.726149][ T7833] RDX: 0000000000000249 RSI: 0000000020001300 RDI: 0000000000000005 [ 199.734115][ T7833] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 199.742081][ T7833] R10: 0000000000000000 R11: 0000000000000246 R12: 00007facac0366d4 [ 199.750047][ T7833] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 199.798486][ T7833] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7833 [ 199.808760][ T7833] caller is ip6_finish_output+0x335/0xdc0 [ 199.814552][ T7833] CPU: 1 PID: 7833 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 199.818565][ T7852] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7852 [ 199.823567][ T7833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.823573][ T7833] Call Trace: [ 199.823596][ T7833] dump_stack+0x172/0x1f0 [ 199.823618][ T7833] __this_cpu_preempt_check+0x246/0x270 [ 199.823638][ T7833] ip6_finish_output+0x335/0xdc0 [ 199.823660][ T7833] ip6_output+0x235/0x7f0 [ 199.823680][ T7833] ? ip6_finish_output+0xdc0/0xdc0 [ 199.823702][ T7833] ? ip6_fragment+0x3980/0x3980 [ 199.833041][ T7852] caller is sk_mc_loop+0x1d/0x210 [ 199.843032][ T7833] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 199.843053][ T7833] ip6_local_out+0xc4/0x1b0 [ 199.843075][ T7833] ip6_send_skb+0xbb/0x350 [ 199.894756][ T7833] ip6_push_pending_frames+0xc8/0xf0 [ 199.900042][ T7833] rawv6_sendmsg+0x299c/0x35e0 [ 199.904817][ T7833] ? rawv6_getsockopt+0x150/0x150 [ 199.909844][ T7833] ? aa_profile_af_perm+0x320/0x320 [ 199.915043][ T7833] ? find_held_lock+0x35/0x130 [ 199.919809][ T7833] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.926057][ T7833] ? rw_copy_check_uvector+0x2a6/0x330 [ 199.931531][ T7833] ? ___might_sleep+0x163/0x280 [ 199.936380][ T7833] ? __might_sleep+0x95/0x190 [ 199.941071][ T7833] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 199.946618][ T7833] inet_sendmsg+0x147/0x5e0 [ 199.951121][ T7833] ? rawv6_getsockopt+0x150/0x150 [ 199.956142][ T7833] ? inet_sendmsg+0x147/0x5e0 [ 199.960818][ T7833] ? ipip_gro_receive+0x100/0x100 [ 199.965848][ T7833] sock_sendmsg+0xdd/0x130 [ 199.970288][ T7833] ___sys_sendmsg+0x3e2/0x930 [ 199.974975][ T7833] ? copy_msghdr_from_user+0x430/0x430 [ 199.980440][ T7833] ? __lock_acquire+0x548/0x3fb0 [ 199.985375][ T7833] ? lock_downgrade+0x880/0x880 [ 199.990220][ T7833] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.996462][ T7833] ? kasan_check_read+0x11/0x20 [ 200.001315][ T7833] ? __might_fault+0x12b/0x1e0 [ 200.006080][ T7833] ? find_held_lock+0x35/0x130 [ 200.010845][ T7833] ? __might_fault+0x12b/0x1e0 [ 200.015615][ T7833] ? lock_downgrade+0x880/0x880 [ 200.020474][ T7833] ? ___might_sleep+0x163/0x280 [ 200.025325][ T7833] __sys_sendmmsg+0x1bf/0x4d0 [ 200.030005][ T7833] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 200.035042][ T7833] ? _copy_to_user+0xc9/0x120 [ 200.039723][ T7833] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 200.045976][ T7833] ? put_timespec64+0xda/0x140 [ 200.050739][ T7833] ? nsecs_to_jiffies+0x30/0x30 [ 200.055597][ T7833] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 200.061055][ T7833] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 200.066512][ T7833] ? do_syscall_64+0x26/0x610 [ 200.071197][ T7833] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.077278][ T7833] ? do_syscall_64+0x26/0x610 [ 200.081964][ T7833] __x64_sys_sendmmsg+0x9d/0x100 [ 200.086905][ T7833] do_syscall_64+0x103/0x610 [ 200.091500][ T7833] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.097391][ T7833] RIP: 0033:0x4582b9 [ 200.101287][ T7833] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 200.120888][ T7833] RSP: 002b:00007facac035c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 200.129302][ T7833] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 200.137271][ T7833] RDX: 0000000000000249 RSI: 0000000020001300 RDI: 0000000000000005 [ 200.145235][ T7833] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 200.153202][ T7833] R10: 0000000000000000 R11: 0000000000000246 R12: 00007facac0366d4 [ 200.161170][ T7833] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 200.169165][ T7852] CPU: 0 PID: 7852 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 200.178194][ T7852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 200.188244][ T7852] Call Trace: [ 200.188268][ T7852] dump_stack+0x172/0x1f0 [ 200.188290][ T7852] __this_cpu_preempt_check+0x246/0x270 [ 200.188308][ T7852] sk_mc_loop+0x1d/0x210 [ 200.188328][ T7852] ip_mc_output+0x2ef/0xf70 [ 200.203156][ T7835] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7835 [ 200.205683][ T7852] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 200.205711][ T7852] ? ip_append_data.part.0+0x170/0x170 [ 200.210208][ T7835] caller is sk_mc_loop+0x1d/0x210 [ 200.219461][ T7852] ? ip_make_skb+0x1b1/0x2c0 [ 200.219475][ T7852] ? ip_reply_glue_bits+0xc0/0xc0 [ 200.219494][ T7852] ip_local_out+0xc4/0x1b0 [ 200.219519][ T7852] ip_send_skb+0x42/0xf0 [ 200.253336][ T7852] udp_send_skb.isra.0+0x6b2/0x1180 [ 200.258530][ T7852] ? xfrm_lookup_route+0x5b/0x1f0 [ 200.264024][ T7852] udp_sendmsg+0x1dfd/0x2820 [ 200.268622][ T7852] ? ip_reply_glue_bits+0xc0/0xc0 [ 200.273652][ T7852] ? udp4_lib_lookup_skb+0x440/0x440 [ 200.278975][ T7852] ? __lock_acquire+0x548/0x3fb0 [ 200.283923][ T7852] udpv6_sendmsg+0x13a4/0x28d0 [ 200.288753][ T7852] ? udpv6_sendmsg+0x13a4/0x28d0 [ 200.293687][ T7852] ? find_held_lock+0x35/0x130 [ 200.298460][ T7852] ? finish_task_switch+0x146/0x780 [ 200.303665][ T7852] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 200.309656][ T7852] ? aa_profile_af_perm+0x320/0x320 [ 200.314853][ T7852] ? __might_fault+0x12b/0x1e0 [ 200.319630][ T7852] ? find_held_lock+0x35/0x130 [ 200.324427][ T7852] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 200.330669][ T7852] ? rw_copy_check_uvector+0x2a6/0x330 [ 200.336149][ T7852] ? ___might_sleep+0x163/0x280 [ 200.341002][ T7852] ? __might_sleep+0x95/0x190 [ 200.345681][ T7852] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 200.351327][ T7852] ? aa_sk_perm+0x288/0x880 [ 200.355839][ T7852] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 200.361401][ T7852] inet_sendmsg+0x147/0x5e0 [ 200.365904][ T7852] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 200.371882][ T7852] ? inet_sendmsg+0x147/0x5e0 [ 200.376554][ T7852] ? ipip_gro_receive+0x100/0x100 [ 200.381596][ T7852] sock_sendmsg+0xdd/0x130 [ 200.386019][ T7852] ___sys_sendmsg+0x3e2/0x930 [ 200.390701][ T7852] ? copy_msghdr_from_user+0x430/0x430 [ 200.397173][ T7852] ? lock_downgrade+0x880/0x880 [ 200.402030][ T7852] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 200.408276][ T7852] ? kasan_check_read+0x11/0x20 [ 200.413166][ T7852] ? __fget+0x381/0x550 [ 200.417328][ T7852] ? ksys_dup3+0x3e0/0x3e0 [ 200.421749][ T7852] ? __fget_light+0x1a9/0x230 [ 200.426424][ T7852] ? __fdget+0x1b/0x20 [ 200.430488][ T7852] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 200.436725][ T7852] ? sockfd_lookup_light+0xcb/0x180 [ 200.441919][ T7852] __sys_sendmmsg+0x1bf/0x4d0 [ 200.446598][ T7852] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 200.451639][ T7852] ? _copy_to_user+0xc9/0x120 [ 200.456317][ T7852] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 200.462553][ T7852] ? put_timespec64+0xda/0x140 [ 200.467313][ T7852] ? nsecs_to_jiffies+0x30/0x30 [ 200.472173][ T7852] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 200.477646][ T7852] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 200.483104][ T7852] ? do_syscall_64+0x26/0x610 [ 200.487779][ T7852] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.493840][ T7852] ? do_syscall_64+0x26/0x610 [ 200.498520][ T7852] __x64_sys_sendmmsg+0x9d/0x100 [ 200.503459][ T7852] do_syscall_64+0x103/0x610 [ 200.508056][ T7852] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.513942][ T7852] RIP: 0033:0x4582b9 [ 200.517842][ T7852] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 200.537445][ T7852] RSP: 002b:00007f1ac8f2bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 21:50:26 executing program 2: [ 200.545861][ T7852] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 200.553836][ T7852] RDX: 0400000000000174 RSI: 00000000200002c0 RDI: 0000000000000004 [ 200.561802][ T7852] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 200.569772][ T7852] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1ac8f2c6d4 [ 200.577738][ T7852] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 200.585732][ T7835] CPU: 1 PID: 7835 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 200.594757][ T7835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 200.604812][ T7835] Call Trace: [ 200.608112][ T7835] dump_stack+0x172/0x1f0 [ 200.612457][ T7835] __this_cpu_preempt_check+0x246/0x270 [ 200.618013][ T7835] sk_mc_loop+0x1d/0x210 [ 200.622263][ T7835] ip_mc_output+0x2ef/0xf70 [ 200.626781][ T7835] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 200.631905][ T7835] ? ip_append_data.part.0+0x170/0x170 [ 200.637373][ T7835] ? ip_make_skb+0x1b1/0x2c0 [ 200.641979][ T7835] ? ip_reply_glue_bits+0xc0/0xc0 [ 200.647018][ T7835] ip_local_out+0xc4/0x1b0 [ 200.651444][ T7835] ip_send_skb+0x42/0xf0 [ 200.655701][ T7835] udp_send_skb.isra.0+0x6b2/0x1180 [ 200.660901][ T7835] ? xfrm_lookup_route+0x5b/0x1f0 [ 200.665942][ T7835] udp_sendmsg+0x1dfd/0x2820 [ 200.670557][ T7835] ? __lock_acquire+0x548/0x3fb0 [ 200.675498][ T7835] ? find_held_lock+0x35/0x130 [ 200.680276][ T7835] ? ip_reply_glue_bits+0xc0/0xc0 [ 200.685318][ T7835] ? udp4_lib_lookup_skb+0x440/0x440 [ 200.690646][ T7835] udpv6_sendmsg+0x13a4/0x28d0 [ 200.695416][ T7835] ? udpv6_sendmsg+0x13a4/0x28d0 [ 200.700370][ T7835] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 200.706365][ T7835] ? aa_profile_af_perm+0x320/0x320 [ 200.711573][ T7835] ? __might_fault+0x12b/0x1e0 [ 200.716348][ T7835] ? find_held_lock+0x35/0x130 [ 200.721148][ T7835] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 200.727399][ T7835] ? rw_copy_check_uvector+0x2a6/0x330 [ 200.732878][ T7835] ? ___might_sleep+0x163/0x280 [ 200.737734][ T7835] ? __might_sleep+0x95/0x190 [ 200.742419][ T7835] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 200.748056][ T7835] ? aa_sk_perm+0x288/0x880 [ 200.752571][ T7835] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 200.758129][ T7835] inet_sendmsg+0x147/0x5e0 [ 200.762638][ T7835] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 200.768621][ T7835] ? inet_sendmsg+0x147/0x5e0 [ 200.773305][ T7835] ? ipip_gro_receive+0x100/0x100 [ 200.778357][ T7835] sock_sendmsg+0xdd/0x130 [ 200.782787][ T7835] ___sys_sendmsg+0x3e2/0x930 [ 200.787476][ T7835] ? copy_msghdr_from_user+0x430/0x430 [ 200.792954][ T7835] ? __lock_acquire+0x548/0x3fb0 [ 200.797906][ T7835] ? lock_downgrade+0x880/0x880 [ 200.802763][ T7835] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 200.809102][ T7835] ? kasan_check_read+0x11/0x20 [ 200.813974][ T7835] ? __might_fault+0x12b/0x1e0 [ 200.818753][ T7835] ? find_held_lock+0x35/0x130 [ 200.823530][ T7835] ? __might_fault+0x12b/0x1e0 [ 200.828309][ T7835] ? lock_downgrade+0x880/0x880 [ 200.833174][ T7835] ? ___might_sleep+0x163/0x280 [ 200.838036][ T7835] __sys_sendmmsg+0x1bf/0x4d0 [ 200.842725][ T7835] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 200.847770][ T7835] ? _copy_to_user+0xc9/0x120 [ 200.852461][ T7835] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 200.858711][ T7835] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 200.864969][ T7835] ? put_timespec64+0xda/0x140 [ 200.869826][ T7835] ? nsecs_to_jiffies+0x30/0x30 [ 200.874694][ T7835] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 200.880242][ T7835] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 200.885881][ T7835] ? do_syscall_64+0x26/0x610 [ 200.890569][ T7835] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.896644][ T7835] ? do_syscall_64+0x26/0x610 [ 200.901327][ T7835] __x64_sys_sendmmsg+0x9d/0x100 [ 200.906286][ T7835] do_syscall_64+0x103/0x610 [ 200.910889][ T7835] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.916785][ T7835] RIP: 0033:0x4582b9 [ 200.920686][ T7835] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 200.940302][ T7835] RSP: 002b:00007f1ac8f6dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 200.948727][ T7835] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 200.956730][ T7835] RDX: 0400000000000174 RSI: 00000000200002c0 RDI: 0000000000000003 [ 200.964703][ T7835] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 200.972673][ T7835] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1ac8f6e6d4 [ 200.980638][ T7835] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff 21:50:27 executing program 0: 21:50:27 executing program 4: 21:50:27 executing program 5: 21:50:27 executing program 1: 21:50:27 executing program 2: 21:50:27 executing program 3: 21:50:27 executing program 1: 21:50:27 executing program 3: 21:50:27 executing program 5: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, {}, 0x7fff}, 0xe) 21:50:27 executing program 2: r0 = socket$inet6(0x10, 0x1200000000003, 0x0) sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="5500000018007f7005fe01b2a4a270930a601480fea84302910400003900070035000c0014000000080005001400081001f3678b80142314e9030b975668a5b16732009b1100b1df13000000fb0000000000000000", 0x55}], 0x1}, 0x0) 21:50:27 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000180)="2e0000002e008183ad5de0713c444d0005000008100003402e0000000000000037113e370000000000000000d1bd", 0x2e}], 0x1}, 0x0) 21:50:27 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000180)="2e0000002e008183ad5de0713c444d0006000008100003402e0000000000000037113e370000000000000000d1bd", 0x2e}], 0x1}, 0x0) 21:50:27 executing program 1: r0 = socket$inet6(0x10, 0x1200000000003, 0x0) sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="5500000018007f7005fe01b2a4a270930ab41480fea84302910400003900090020000c0014000000080005001400081001f3678b80142314e9030b975668a5b16732009b1100b1df13000000fb0000000000000000", 0x55}], 0x1}, 0x0) 21:50:27 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) 21:50:27 executing program 5: r0 = socket$inet(0x2, 0x80001, 0x84) sendmsg$tipc(r0, &(0x7f0000001740)={0x0, 0x0, 0x0}, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000006000)=@in={0x2, 0x0, @loopback}, 0x80, 0x0}, 0x0) 21:50:27 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") syz_emit_ethernet(0x1, &(0x7f0000000100)=ANY=[@ANYBLOB="5000000090780000"], 0x0) [ 201.388405][ T7888] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 21:50:27 executing program 5: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x7b, &(0x7f0000000040), 0x8) 21:50:27 executing program 4: clone(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) 21:50:27 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0x10, 0x1200000000003, 0x0) sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="5500000018007f7005fe01b2a4a270930a601480fea84302910400003900090035000c0014000000080005001448081001f3678b80142314e9030b975668a5b16732009b1100b1df13000000fb0000000000000000", 0x55}], 0x1}, 0x0) 21:50:27 executing program 0: r0 = socket$inet(0x2, 0x80001, 0x84) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000000)="368e01fd2b92d45647804d8a00300b57a5cf40b619d95c1e5b3f6050b5c909f0016907e4", 0x24}], 0x1}, 0x0) 21:50:27 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0xfffd}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x30, 0x0, 0x0, 0x117) syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0xffffffffffffffff, 0x2) getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x36}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 201.620308][ T7907] check_preemption_disabled: 1907 callbacks suppressed [ 201.620324][ T7907] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7907 [ 201.636747][ T7907] caller is ip6_finish_output+0x335/0xdc0 [ 201.642483][ T7907] CPU: 1 PID: 7907 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 201.651527][ T7907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 201.661584][ T7907] Call Trace: [ 201.664880][ T7907] dump_stack+0x172/0x1f0 [ 201.669214][ T7907] __this_cpu_preempt_check+0x246/0x270 [ 201.674780][ T7907] ip6_finish_output+0x335/0xdc0 [ 201.679720][ T7907] ip6_output+0x235/0x7f0 [ 201.684071][ T7907] ? ip6_finish_output+0xdc0/0xdc0 [ 201.689187][ T7907] ? ip6_fragment+0x3980/0x3980 [ 201.694042][ T7907] ? kasan_check_read+0x11/0x20 [ 201.698894][ T7907] ip6_xmit+0xe41/0x20c0 [ 201.703147][ T7907] ? ip6_finish_output2+0x2550/0x2550 [ 201.708515][ T7907] ? mark_held_locks+0xf0/0xf0 [ 201.713288][ T7907] ? ip6_setup_cork+0x1870/0x1870 [ 201.718328][ T7907] sctp_v6_xmit+0x313/0x660 [ 201.722831][ T7907] sctp_packet_transmit+0x1bc4/0x36f0 [ 201.728232][ T7907] ? sctp_packet_config+0xfe0/0xfe0 [ 201.733435][ T7907] ? sctp_packet_append_chunk+0x946/0xda0 [ 201.739149][ T7907] ? sctp_outq_select_transport+0x21a/0x790 [ 201.745044][ T7907] sctp_outq_flush_ctrl.constprop.0+0x6d4/0xd50 [ 201.751290][ T7907] ? sctp_prsctp_prune_sent.isra.0+0x820/0x820 [ 201.757438][ T7907] ? lock_downgrade+0x880/0x880 [ 201.762291][ T7907] ? add_timer+0x400/0x930 [ 201.766707][ T7907] ? find_held_lock+0x35/0x130 [ 201.771465][ T7907] ? add_timer+0x41e/0x930 [ 201.775886][ T7907] sctp_outq_flush+0xe8/0x2780 [ 201.780644][ T7907] ? mark_held_locks+0xa4/0xf0 [ 201.785406][ T7907] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 201.791212][ T7907] ? add_timer+0x41e/0x930 [ 201.795626][ T7907] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 201.801433][ T7907] ? lockdep_hardirqs_on+0x418/0x5d0 [ 201.806723][ T7907] ? trace_hardirqs_on+0x67/0x230 [ 201.811745][ T7907] ? __sctp_outq_teardown+0xc60/0xc60 [ 201.817123][ T7907] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 201.823373][ T7907] ? sctp_outq_tail+0x68c/0x930 [ 201.828225][ T7907] sctp_outq_uncork+0x6c/0x80 [ 201.832904][ T7907] sctp_do_sm+0x2575/0x5770 [ 201.837403][ T7907] ? sctp_hash_transport+0xdb1/0x18d0 [ 201.842779][ T7907] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 201.849453][ T7907] ? __local_bh_enable_ip+0x15a/0x270 [ 201.854839][ T7907] ? lock_downgrade+0x880/0x880 [ 201.859706][ T7907] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 201.865948][ T7907] ? kasan_check_read+0x11/0x20 [ 201.870806][ T7907] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 201.877047][ T7907] ? sctp_hash_transport+0x10b/0x18d0 [ 201.882435][ T7907] ? memcpy+0x46/0x50 [ 201.886417][ T7907] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 201.892655][ T7907] ? sctp_assoc_set_primary+0x274/0x310 [ 201.898203][ T7907] sctp_primitive_ASSOCIATE+0x9d/0xd0 [ 201.903578][ T7907] __sctp_connect+0x8cd/0xce0 [ 201.908263][ T7907] ? sctp_sendmsg_to_asoc+0x17b0/0x17b0 [ 201.913802][ T7907] ? __local_bh_enable_ip+0x15a/0x270 [ 201.919185][ T7907] ? lockdep_hardirqs_on+0x418/0x5d0 [ 201.924465][ T7907] ? lock_sock_nested+0x9a/0x120 [ 201.929398][ T7907] ? trace_hardirqs_on+0x67/0x230 [ 201.934421][ T7907] ? __local_bh_enable_ip+0x15a/0x270 [ 201.939788][ T7907] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 201.945698][ T7907] sctp_inet_connect+0x2a2/0x350 [ 201.950641][ T7907] __sys_connect+0x266/0x330 [ 201.955234][ T7907] ? __ia32_sys_accept+0xb0/0xb0 [ 201.960166][ T7907] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 201.966404][ T7907] ? put_timespec64+0xda/0x140 [ 201.971177][ T7907] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 201.976634][ T7907] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 201.982089][ T7907] ? do_syscall_64+0x26/0x610 [ 201.986764][ T7907] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 201.992926][ T7907] ? do_syscall_64+0x26/0x610 [ 201.997615][ T7907] __x64_sys_connect+0x73/0xb0 [ 202.002377][ T7907] do_syscall_64+0x103/0x610 [ 202.006977][ T7907] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 202.012863][ T7907] RIP: 0033:0x4582b9 [ 202.016751][ T7907] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 202.036347][ T7907] RSP: 002b:00007f602d602c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 202.044756][ T7907] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 202.052723][ T7907] RDX: 000000000000001c RSI: 0000000020000080 RDI: 0000000000000003 [ 202.060687][ T7907] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 202.068651][ T7907] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f602d6036d4 [ 202.076615][ T7907] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff [ 202.094342][ T7916] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 202.101823][ T7916] IPv6: NLM_F_CREATE should be set when creating new route [ 202.109105][ T7916] IPv6: NLM_F_CREATE should be set when creating new route [ 202.110222][ T7907] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7907 [ 202.126156][ T7907] caller is ip6_finish_output+0x335/0xdc0 [ 202.131915][ T7907] CPU: 1 PID: 7907 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 202.140931][ T7907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 202.140937][ T7907] Call Trace: [ 202.140967][ T7907] dump_stack+0x172/0x1f0 [ 202.140990][ T7907] __this_cpu_preempt_check+0x246/0x270 [ 202.141010][ T7907] ip6_finish_output+0x335/0xdc0 [ 202.141031][ T7907] ip6_output+0x235/0x7f0 [ 202.141048][ T7907] ? ip6_finish_output+0xdc0/0xdc0 [ 202.141069][ T7907] ? ip6_fragment+0x3980/0x3980 [ 202.141092][ T7907] ? kasan_check_read+0x11/0x20 [ 202.164271][ T7907] ip6_xmit+0xe41/0x20c0 [ 202.164297][ T7907] ? ip6_finish_output2+0x2550/0x2550 [ 202.164314][ T7907] ? mark_held_locks+0xf0/0xf0 [ 202.164332][ T7907] ? ip6_setup_cork+0x1870/0x1870 [ 202.164364][ T7907] sctp_v6_xmit+0x313/0x660 [ 202.212175][ T7907] sctp_packet_transmit+0x1bc4/0x36f0 [ 202.217572][ T7907] ? sctp_packet_config+0xfe0/0xfe0 [ 202.222792][ T7907] ? sctp_packet_append_chunk+0x946/0xda0 [ 202.228512][ T7907] ? sctp_outq_select_transport+0x21a/0x790 [ 202.234410][ T7907] sctp_outq_flush_ctrl.constprop.0+0x6d4/0xd50 [ 202.240648][ T7907] ? rcu_read_lock_sched_held+0x110/0x130 [ 202.246370][ T7907] ? sctp_prsctp_prune_sent.isra.0+0x820/0x820 [ 202.252536][ T7907] ? sctp_make_init+0xd10/0xd10 [ 202.257384][ T7907] ? sctp_verify_init+0x14a0/0x14a0 [ 202.262590][ T7907] sctp_outq_flush+0xe8/0x2780 [ 202.267357][ T7907] ? sctp_assoc_set_bind_addr_from_ep+0x168/0x1c0 [ 202.273778][ T7907] ? sctp_sf_do_unexpected_init.isra.0+0x19e/0x1350 [ 202.280363][ T7907] ? __sctp_outq_teardown+0xc60/0xc60 [ 202.285735][ T7907] ? sctp_sm_lookup_event+0x134/0x48d [ 202.291105][ T7907] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 202.297344][ T7907] ? sctp_outq_tail+0x68c/0x930 [ 202.302197][ T7907] sctp_outq_uncork+0x6c/0x80 [ 202.306879][ T7907] sctp_do_sm+0x418d/0x5770 [ 202.311382][ T7907] ? update_curr+0x3c4/0x8a0 [ 202.315992][ T7907] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 202.322687][ T7907] ? sctp_assoc_bh_rcv+0x2fc/0x660 [ 202.327818][ T7907] ? find_held_lock+0x35/0x130 [ 202.332585][ T7907] ? sctp_assoc_bh_rcv+0x2fc/0x660 [ 202.337697][ T7907] ? mark_held_locks+0xa4/0xf0 [ 202.342464][ T7907] ? trace_hardirqs_on+0x67/0x230 [ 202.347489][ T7907] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 202.353208][ T7907] ? ktime_get+0x208/0x300 [ 202.357626][ T7907] sctp_assoc_bh_rcv+0x343/0x660 [ 202.362575][ T7907] sctp_inq_push+0x1ea/0x290 [ 202.367171][ T7907] sctp_backlog_rcv+0x196/0xbe0 [ 202.372018][ T7907] ? __local_bh_enable_ip+0x15a/0x270 [ 202.377383][ T7907] ? _raw_spin_unlock_bh+0x31/0x40 [ 202.382486][ T7907] ? __local_bh_enable_ip+0x15a/0x270 [ 202.387860][ T7907] ? sctp_hash_obj+0x600/0x600 [ 202.392622][ T7907] ? __release_sock+0xca/0x3a0 [ 202.398306][ T7907] ? __local_bh_enable_ip+0x15a/0x270 [ 202.403680][ T7907] __release_sock+0x12e/0x3a0 [ 202.408367][ T7907] release_sock+0x59/0x1c0 [ 202.412778][ T7907] sctp_wait_for_connect+0x316/0x540 [ 202.418069][ T7907] ? sctp_get_port+0x180/0x180 [ 202.422828][ T7907] ? memcpy+0x46/0x50 [ 202.426806][ T7907] ? finish_wait+0x260/0x260 [ 202.431399][ T7907] ? sctp_primitive_ASSOCIATE+0x9d/0xd0 [ 202.436952][ T7907] __sctp_connect+0xac2/0xce0 [ 202.441733][ T7907] ? sctp_sendmsg_to_asoc+0x17b0/0x17b0 [ 202.447276][ T7907] ? __local_bh_enable_ip+0x15a/0x270 [ 202.452641][ T7907] ? lockdep_hardirqs_on+0x418/0x5d0 [ 202.457923][ T7907] ? trace_hardirqs_on+0x67/0x230 [ 202.462951][ T7907] ? __local_bh_enable_ip+0x15a/0x270 [ 202.468330][ T7907] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 202.474222][ T7907] sctp_inet_connect+0x2a2/0x350 [ 202.479162][ T7907] __sys_connect+0x266/0x330 [ 202.483754][ T7907] ? __ia32_sys_accept+0xb0/0xb0 [ 202.488689][ T7907] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 202.494927][ T7907] ? put_timespec64+0xda/0x140 [ 202.499708][ T7907] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 202.505178][ T7907] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 202.510656][ T7907] ? do_syscall_64+0x26/0x610 [ 202.515329][ T7907] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 202.521393][ T7907] ? do_syscall_64+0x26/0x610 [ 202.526078][ T7907] __x64_sys_connect+0x73/0xb0 [ 202.530842][ T7907] do_syscall_64+0x103/0x610 [ 202.535434][ T7907] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 202.541318][ T7907] RIP: 0033:0x4582b9 [ 202.545211][ T7907] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 202.564810][ T7907] RSP: 002b:00007f602d602c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 202.573217][ T7907] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 202.581182][ T7907] RDX: 000000000000001c RSI: 0000000020000080 RDI: 0000000000000003 [ 202.589151][ T7907] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 202.597118][ T7907] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f602d6036d4 [ 202.605085][ T7907] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff [ 202.629141][ T7907] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7907 [ 202.638789][ T7907] caller is ip6_finish_output+0x335/0xdc0 [ 202.644565][ T7907] CPU: 1 PID: 7907 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 202.644574][ T7907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 202.644580][ T7907] Call Trace: [ 202.644600][ T7907] dump_stack+0x172/0x1f0 [ 202.644623][ T7907] __this_cpu_preempt_check+0x246/0x270 [ 202.663686][ T7907] ip6_finish_output+0x335/0xdc0 [ 202.663708][ T7907] ip6_output+0x235/0x7f0 [ 202.663728][ T7907] ? ip6_finish_output+0xdc0/0xdc0 [ 202.663748][ T7907] ? ip6_fragment+0x3980/0x3980 [ 202.663770][ T7907] ? kasan_check_read+0x11/0x20 [ 202.700922][ T7907] ip6_xmit+0xe41/0x20c0 [ 202.705174][ T7907] ? ip6_finish_output2+0x2550/0x2550 [ 202.710545][ T7907] ? mark_held_locks+0xf0/0xf0 [ 202.715313][ T7907] ? ip6_setup_cork+0x1870/0x1870 [ 202.720371][ T7907] sctp_v6_xmit+0x313/0x660 [ 202.724880][ T7907] sctp_packet_transmit+0x1bc4/0x36f0 [ 202.730267][ T7907] ? sctp_packet_config+0xfe0/0xfe0 [ 202.735462][ T7907] ? kmem_cache_alloc_node_trace+0x352/0x720 [ 202.741454][ T7907] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 202.747697][ T7907] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 202.753440][ T7907] sctp_outq_flush+0x2b8/0x2780 [ 202.758292][ T7907] ? sctp_chunkify+0x4b/0x290 [ 202.762983][ T7907] ? __sctp_outq_teardown+0xc60/0xc60 [ 202.768366][ T7907] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 202.774598][ T7907] ? sctp_outq_tail+0x68c/0x930 [ 202.779444][ T7907] sctp_outq_uncork+0x6c/0x80 [ 202.784118][ T7907] sctp_do_sm+0x2575/0x5770 [ 202.788620][ T7907] ? do_syscall_64+0x103/0x610 [ 202.793474][ T7907] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 202.799553][ T7907] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 202.806224][ T7907] ? lock_downgrade+0x880/0x880 [ 202.811082][ T7907] ? sctp_assoc_bh_rcv+0x2fc/0x660 [ 202.816193][ T7907] ? find_held_lock+0x35/0x130 [ 202.820955][ T7907] ? sctp_assoc_bh_rcv+0x2fc/0x660 [ 202.826086][ T7907] ? trace_hardirqs_on+0x67/0x230 [ 202.831110][ T7907] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 202.836914][ T7907] ? ktime_get+0x208/0x300 [ 202.841331][ T7907] sctp_assoc_bh_rcv+0x343/0x660 [ 202.846278][ T7907] sctp_inq_push+0x1ea/0x290 [ 202.850868][ T7907] sctp_backlog_rcv+0x196/0xbe0 [ 202.855717][ T7907] ? __local_bh_enable_ip+0x15a/0x270 [ 202.861081][ T7907] ? _raw_spin_unlock_bh+0x31/0x40 [ 202.866187][ T7907] ? __local_bh_enable_ip+0x15a/0x270 [ 202.871559][ T7907] ? sctp_hash_obj+0x600/0x600 [ 202.876322][ T7907] ? __release_sock+0xca/0x3a0 [ 202.881083][ T7907] ? __local_bh_enable_ip+0x15a/0x270 [ 202.886465][ T7907] __release_sock+0x12e/0x3a0 [ 202.891149][ T7907] release_sock+0x59/0x1c0 [ 202.895567][ T7907] sctp_wait_for_connect+0x316/0x540 [ 202.900854][ T7907] ? sctp_get_port+0x180/0x180 [ 202.905612][ T7907] ? memcpy+0x46/0x50 [ 202.909593][ T7907] ? finish_wait+0x260/0x260 [ 202.914185][ T7907] ? sctp_primitive_ASSOCIATE+0x9d/0xd0 [ 202.919733][ T7907] __sctp_connect+0xac2/0xce0 [ 202.924501][ T7907] ? sctp_sendmsg_to_asoc+0x17b0/0x17b0 [ 202.930044][ T7907] ? __local_bh_enable_ip+0x15a/0x270 [ 202.935415][ T7907] ? lockdep_hardirqs_on+0x418/0x5d0 [ 202.940697][ T7907] ? trace_hardirqs_on+0x67/0x230 [ 202.945723][ T7907] ? __local_bh_enable_ip+0x15a/0x270 [ 202.951096][ T7907] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 202.956996][ T7907] sctp_inet_connect+0x2a2/0x350 [ 202.961937][ T7907] __sys_connect+0x266/0x330 [ 202.966538][ T7907] ? __ia32_sys_accept+0xb0/0xb0 [ 202.971476][ T7907] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 202.977713][ T7907] ? put_timespec64+0xda/0x140 [ 202.982483][ T7907] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 202.987942][ T7907] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 202.993408][ T7907] ? do_syscall_64+0x26/0x610 [ 202.998079][ T7907] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 203.004139][ T7907] ? do_syscall_64+0x26/0x610 [ 203.008821][ T7907] __x64_sys_connect+0x73/0xb0 [ 203.013586][ T7907] do_syscall_64+0x103/0x610 [ 203.018176][ T7907] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 203.024068][ T7907] RIP: 0033:0x4582b9 [ 203.027972][ T7907] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 203.047575][ T7907] RSP: 002b:00007f602d602c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 203.055991][ T7907] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 203.063957][ T7907] RDX: 000000000000001c RSI: 0000000020000080 RDI: 0000000000000003 [ 203.071932][ T7907] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 21:50:29 executing program 4: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x0, 0x0, @loopback}], 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @rand_addr="205a577025adb8385cf1d157fb9376eb"}, 0x1c) [ 203.079906][ T7907] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f602d6036d4 [ 203.087876][ T7907] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff 21:50:29 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") open(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) r1 = socket(0x22, 0x2, 0x2) setsockopt$packet_buf(r1, 0x107, 0x1, &(0x7f0000000000), 0x0) [ 203.146703][ T7907] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7907 [ 203.156352][ T7907] caller is ip6_finish_output+0x335/0xdc0 [ 203.162122][ T7907] CPU: 1 PID: 7907 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 203.171144][ T7907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 203.181202][ T7907] Call Trace: [ 203.184506][ T7907] dump_stack+0x172/0x1f0 [ 203.187359][ T7931] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 203.188864][ T7907] __this_cpu_preempt_check+0x246/0x270 [ 203.188886][ T7907] ip6_finish_output+0x335/0xdc0 [ 203.188908][ T7907] ip6_output+0x235/0x7f0 [ 203.188933][ T7907] ? ip6_finish_output+0xdc0/0xdc0 [ 203.201686][ T7907] ? ip6_fragment+0x3980/0x3980 [ 203.201708][ T7907] ? kasan_check_read+0x11/0x20 [ 203.201728][ T7907] ip6_xmit+0xe41/0x20c0 [ 203.201752][ T7907] ? ip6_finish_output2+0x2550/0x2550 [ 203.216095][ T7907] ? mark_held_locks+0xf0/0xf0 [ 203.216118][ T7907] ? ip6_setup_cork+0x1870/0x1870 [ 203.216154][ T7907] sctp_v6_xmit+0x313/0x660 [ 203.216177][ T7907] sctp_packet_transmit+0x1bc4/0x36f0 [ 203.216210][ T7907] ? sctp_packet_config+0xfe0/0xfe0 [ 203.264977][ T7907] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 203.270063][ T7933] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7933 [ 203.270705][ T7907] sctp_outq_flush+0x2b8/0x2780 [ 203.270723][ T7907] ? kfree_skbmem+0xc5/0x150 [ 203.270740][ T7907] ? kfree_skbmem+0xc5/0x150 [ 203.270753][ T7907] ? kfree_skbmem+0xc5/0x150 [ 203.270765][ T7907] ? sctp_ulpevent_free+0x362/0x4e0 [ 203.270787][ T7907] ? rcu_read_lock_sched_held+0x110/0x130 [ 203.280192][ T7933] caller is ip6_finish_output+0x335/0xdc0 [ 203.284909][ T7907] ? __sctp_outq_teardown+0xc60/0xc60 [ 203.284927][ T7907] ? sctp_ulpevent_free+0x362/0x4e0 [ 203.284942][ T7907] ? sctp_ulpq_tail_event+0x116/0xbe0 [ 203.284959][ T7907] sctp_outq_uncork+0x6c/0x80 [ 203.284988][ T7907] sctp_do_sm+0x370/0x5770 [ 203.285004][ T7907] ? do_syscall_64+0x103/0x610 [ 203.285026][ T7907] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 203.352145][ T7907] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 203.358823][ T7907] ? lock_downgrade+0x880/0x880 [ 203.363683][ T7907] ? sctp_assoc_bh_rcv+0x2fc/0x660 [ 203.368795][ T7907] ? find_held_lock+0x35/0x130 [ 203.373566][ T7907] ? sctp_assoc_bh_rcv+0x2fc/0x660 [ 203.378711][ T7907] ? trace_hardirqs_on+0x67/0x230 [ 203.383740][ T7907] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 203.389479][ T7907] ? ktime_get+0x208/0x300 [ 203.394373][ T7907] sctp_assoc_bh_rcv+0x343/0x660 [ 203.399326][ T7907] sctp_inq_push+0x1ea/0x290 [ 203.403923][ T7907] sctp_backlog_rcv+0x196/0xbe0 [ 203.408864][ T7907] ? __local_bh_enable_ip+0x15a/0x270 [ 203.414235][ T7907] ? _raw_spin_unlock_bh+0x31/0x40 [ 203.419349][ T7907] ? __local_bh_enable_ip+0x15a/0x270 [ 203.424727][ T7907] ? sctp_hash_obj+0x600/0x600 [ 203.429491][ T7907] ? __release_sock+0xca/0x3a0 [ 203.434261][ T7907] ? __local_bh_enable_ip+0x15a/0x270 [ 203.439649][ T7907] __release_sock+0x12e/0x3a0 [ 203.444334][ T7907] release_sock+0x59/0x1c0 [ 203.448751][ T7907] sctp_wait_for_connect+0x316/0x540 [ 203.454039][ T7907] ? sctp_get_port+0x180/0x180 [ 203.458813][ T7907] ? memcpy+0x46/0x50 [ 203.462792][ T7907] ? finish_wait+0x260/0x260 [ 203.467397][ T7907] ? sctp_primitive_ASSOCIATE+0x9d/0xd0 [ 203.472944][ T7907] __sctp_connect+0xac2/0xce0 [ 203.477636][ T7907] ? sctp_sendmsg_to_asoc+0x17b0/0x17b0 [ 203.483181][ T7907] ? __local_bh_enable_ip+0x15a/0x270 [ 203.488554][ T7907] ? lockdep_hardirqs_on+0x418/0x5d0 [ 203.493836][ T7907] ? trace_hardirqs_on+0x67/0x230 [ 203.498859][ T7907] ? __local_bh_enable_ip+0x15a/0x270 [ 203.504230][ T7907] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 203.510126][ T7907] sctp_inet_connect+0x2a2/0x350 [ 203.515075][ T7907] __sys_connect+0x266/0x330 [ 203.519670][ T7907] ? __ia32_sys_accept+0xb0/0xb0 [ 203.524607][ T7907] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 203.530855][ T7907] ? put_timespec64+0xda/0x140 [ 203.535628][ T7907] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 203.541085][ T7907] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 203.546547][ T7907] ? do_syscall_64+0x26/0x610 [ 203.551222][ T7907] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 203.557289][ T7907] ? do_syscall_64+0x26/0x610 [ 203.561980][ T7907] __x64_sys_connect+0x73/0xb0 [ 203.566747][ T7907] do_syscall_64+0x103/0x610 [ 203.571341][ T7907] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 203.577228][ T7907] RIP: 0033:0x4582b9 [ 203.581124][ T7907] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 203.600732][ T7907] RSP: 002b:00007f602d602c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 203.609143][ T7907] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 203.617112][ T7907] RDX: 000000000000001c RSI: 0000000020000080 RDI: 0000000000000003 [ 203.625082][ T7907] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 203.633053][ T7907] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f602d6036d4 [ 203.641020][ T7907] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff [ 203.649026][ T7933] CPU: 0 PID: 7933 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 203.658052][ T7933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 203.668111][ T7933] Call Trace: [ 203.671411][ T7933] dump_stack+0x172/0x1f0 [ 203.675838][ T7933] __this_cpu_preempt_check+0x246/0x270 [ 203.681405][ T7933] ip6_finish_output+0x335/0xdc0 [ 203.686343][ T7933] ip6_output+0x235/0x7f0 [ 203.690674][ T7933] ? ip6_finish_output+0xdc0/0xdc0 [ 203.695788][ T7933] ? ip6_fragment+0x3980/0x3980 [ 203.700639][ T7933] ? kasan_check_read+0x11/0x20 [ 203.705510][ T7933] ip6_xmit+0xe41/0x20c0 [ 203.709764][ T7933] ? ip6_finish_output2+0x2550/0x2550 [ 203.715136][ T7933] ? mark_held_locks+0xf0/0xf0 [ 203.719903][ T7933] ? ip6_setup_cork+0x1870/0x1870 [ 203.724952][ T7933] sctp_v6_xmit+0x313/0x660 [ 203.729484][ T7933] sctp_packet_transmit+0x1bc4/0x36f0 [ 203.734871][ T7933] ? sctp_packet_config+0xfe0/0xfe0 [ 203.740068][ T7933] ? sctp_packet_append_chunk+0x946/0xda0 [ 203.745873][ T7933] ? sctp_outq_select_transport+0x21a/0x790 [ 203.751767][ T7933] sctp_outq_flush_ctrl.constprop.0+0x6d4/0xd50 [ 203.758017][ T7933] ? sctp_prsctp_prune_sent.isra.0+0x820/0x820 [ 203.764174][ T7933] ? lock_downgrade+0x880/0x880 [ 203.769039][ T7933] ? add_timer+0x400/0x930 [ 203.773470][ T7933] ? find_held_lock+0x35/0x130 [ 203.778232][ T7933] ? add_timer+0x41e/0x930 [ 203.782651][ T7933] sctp_outq_flush+0xe8/0x2780 [ 203.787432][ T7933] ? mark_held_locks+0xa4/0xf0 [ 203.792194][ T7933] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 203.798006][ T7933] ? add_timer+0x41e/0x930 [ 203.802426][ T7933] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 203.808230][ T7933] ? lockdep_hardirqs_on+0x418/0x5d0 [ 203.813517][ T7933] ? trace_hardirqs_on+0x67/0x230 [ 203.818541][ T7933] ? __sctp_outq_teardown+0xc60/0xc60 [ 203.823916][ T7933] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 203.830150][ T7933] ? sctp_outq_tail+0x68c/0x930 [ 203.835006][ T7933] sctp_outq_uncork+0x6c/0x80 [ 203.839704][ T7933] sctp_do_sm+0x2575/0x5770 [ 203.844205][ T7933] ? sctp_hash_transport+0xdb1/0x18d0 [ 203.849594][ T7933] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 203.856264][ T7933] ? __local_bh_enable_ip+0x15a/0x270 [ 203.861634][ T7933] ? lock_downgrade+0x880/0x880 [ 203.866482][ T7933] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 203.872720][ T7933] ? kasan_check_read+0x11/0x20 [ 203.877570][ T7933] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 203.883807][ T7933] ? sctp_hash_transport+0x10b/0x18d0 [ 203.889191][ T7933] ? memcpy+0x46/0x50 [ 203.893171][ T7933] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 203.899422][ T7933] ? sctp_assoc_set_primary+0x274/0x310 [ 203.904974][ T7933] sctp_primitive_ASSOCIATE+0x9d/0xd0 [ 203.910346][ T7933] __sctp_connect+0x8cd/0xce0 [ 203.915113][ T7933] ? sctp_sendmsg_to_asoc+0x17b0/0x17b0 [ 203.920653][ T7933] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 203.926885][ T7933] ? sctp_get_port+0x10e/0x180 [ 203.931649][ T7933] ? sctp_get_port_local+0x16e0/0x16e0 [ 203.937110][ T7933] ? __local_bh_enable_ip+0x15a/0x270 [ 203.942479][ T7933] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 203.948373][ T7933] sctp_inet_connect+0x2a2/0x350 [ 203.953315][ T7933] __sys_connect+0x266/0x330 [ 203.957904][ T7933] ? __ia32_sys_accept+0xb0/0xb0 [ 203.962837][ T7933] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 203.969072][ T7933] ? put_timespec64+0xda/0x140 [ 203.973846][ T7933] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 203.979330][ T7933] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 203.984786][ T7933] ? do_syscall_64+0x26/0x610 [ 203.989461][ T7933] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 203.995521][ T7933] ? do_syscall_64+0x26/0x610 [ 204.000200][ T7933] __x64_sys_connect+0x73/0xb0 [ 204.004972][ T7933] do_syscall_64+0x103/0x610 [ 204.009567][ T7933] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 204.015453][ T7933] RIP: 0033:0x4582b9 [ 204.019346][ T7933] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 204.038951][ T7933] RSP: 002b:00007f602d59fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a 21:50:30 executing program 3: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000440)={0x0, 0xffffffff}, 0x0) [ 204.047394][ T7933] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 204.055363][ T7933] RDX: 000000000000001c RSI: 0000000020000080 RDI: 0000000000000004 [ 204.063330][ T7933] RBP: 000000000073c0e0 R08: 0000000000000000 R09: 0000000000000000 [ 204.071302][ T7933] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f602d5a06d4 [ 204.079272][ T7933] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff [ 204.136705][ T7941] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7941 [ 204.146132][ T7941] caller is ip6_finish_output+0x335/0xdc0 [ 204.151870][ T7941] CPU: 1 PID: 7941 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 204.160889][ T7941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 204.170949][ T7941] Call Trace: [ 204.174264][ T7941] dump_stack+0x172/0x1f0 [ 204.178611][ T7941] __this_cpu_preempt_check+0x246/0x270 [ 204.184174][ T7941] ip6_finish_output+0x335/0xdc0 [ 204.189127][ T7941] ip6_output+0x235/0x7f0 [ 204.193465][ T7941] ? ip6_finish_output+0xdc0/0xdc0 [ 204.198591][ T7941] ? ip6_fragment+0x3980/0x3980 [ 204.203453][ T7941] ? kasan_check_read+0x11/0x20 [ 204.208314][ T7941] ip6_xmit+0xe41/0x20c0 [ 204.212575][ T7941] ? ip6_finish_output2+0x2550/0x2550 [ 204.217949][ T7941] ? mark_held_locks+0xf0/0xf0 [ 204.222725][ T7941] ? ip6_setup_cork+0x1870/0x1870 [ 204.227768][ T7941] sctp_v6_xmit+0x313/0x660 [ 204.232279][ T7941] sctp_packet_transmit+0x1bc4/0x36f0 [ 204.237668][ T7941] ? sctp_packet_config+0xfe0/0xfe0 [ 204.242898][ T7941] ? sctp_packet_append_chunk+0x946/0xda0 [ 204.248614][ T7941] ? sctp_outq_select_transport+0x21a/0x790 [ 204.254512][ T7941] sctp_outq_flush_ctrl.constprop.0+0x6d4/0xd50 [ 204.260763][ T7941] ? sctp_prsctp_prune_sent.isra.0+0x820/0x820 [ 204.266915][ T7941] ? lock_downgrade+0x880/0x880 [ 204.271768][ T7941] ? add_timer+0x400/0x930 [ 204.276183][ T7941] ? find_held_lock+0x35/0x130 [ 204.280944][ T7941] ? add_timer+0x41e/0x930 [ 204.285370][ T7941] sctp_outq_flush+0xe8/0x2780 [ 204.290133][ T7941] ? mark_held_locks+0xa4/0xf0 [ 204.294901][ T7941] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 204.300727][ T7941] ? add_timer+0x41e/0x930 [ 204.305144][ T7941] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 204.310953][ T7941] ? lockdep_hardirqs_on+0x418/0x5d0 [ 204.316246][ T7941] ? trace_hardirqs_on+0x67/0x230 [ 204.321272][ T7941] ? __sctp_outq_teardown+0xc60/0xc60 [ 204.326654][ T7941] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 204.332888][ T7941] ? sctp_outq_tail+0x68c/0x930 [ 204.337739][ T7941] sctp_outq_uncork+0x6c/0x80 [ 204.342416][ T7941] sctp_do_sm+0x2575/0x5770 [ 204.346935][ T7941] ? sctp_hash_transport+0xdb1/0x18d0 [ 204.352325][ T7941] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 204.359004][ T7941] ? __local_bh_enable_ip+0x15a/0x270 [ 204.364381][ T7941] ? lock_downgrade+0x880/0x880 [ 204.369230][ T7941] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 204.375469][ T7941] ? kasan_check_read+0x11/0x20 [ 204.380320][ T7941] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 204.386565][ T7941] ? sctp_hash_transport+0x10b/0x18d0 [ 204.391953][ T7941] ? memcpy+0x46/0x50 [ 204.397476][ T7941] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 204.403721][ T7941] ? sctp_assoc_set_primary+0x274/0x310 [ 204.409279][ T7941] sctp_primitive_ASSOCIATE+0x9d/0xd0 [ 204.414658][ T7941] __sctp_connect+0x8cd/0xce0 [ 204.419348][ T7941] ? sctp_sendmsg_to_asoc+0x17b0/0x17b0 [ 204.424910][ T7941] ? __local_bh_enable_ip+0x15a/0x270 [ 204.430281][ T7941] ? lockdep_hardirqs_on+0x418/0x5d0 [ 204.435566][ T7941] ? lock_sock_nested+0x9a/0x120 [ 204.440506][ T7941] ? trace_hardirqs_on+0x67/0x230 [ 204.445538][ T7941] ? __local_bh_enable_ip+0x15a/0x270 [ 204.450910][ T7941] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 204.456808][ T7941] sctp_inet_connect+0x2a2/0x350 [ 204.461751][ T7941] __sys_connect+0x266/0x330 [ 204.466346][ T7941] ? __ia32_sys_accept+0xb0/0xb0 [ 204.471329][ T7941] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 204.477567][ T7941] ? put_timespec64+0xda/0x140 [ 204.482340][ T7941] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 204.487800][ T7941] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 204.493276][ T7941] ? do_syscall_64+0x26/0x610 [ 204.497950][ T7941] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 204.504023][ T7941] ? do_syscall_64+0x26/0x610 [ 204.508707][ T7941] __x64_sys_connect+0x73/0xb0 [ 204.513473][ T7941] do_syscall_64+0x103/0x610 [ 204.518063][ T7941] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 204.523951][ T7941] RIP: 0033:0x4582b9 [ 204.527851][ T7941] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 204.547575][ T7941] RSP: 002b:00007facac035c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 204.555996][ T7941] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 204.563971][ T7941] RDX: 000000000000001c RSI: 0000000020000080 RDI: 0000000000000003 [ 204.571938][ T7941] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 204.579911][ T7941] R10: 0000000000000000 R11: 0000000000000246 R12: 00007facac0366d4 21:50:30 executing program 4: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x11, &(0x7f0000000040), 0x8) [ 204.587883][ T7941] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff 21:50:31 executing program 0: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x10, &(0x7f0000000040), 0x8) 21:50:31 executing program 1: r0 = socket$inet(0x2, 0x80001, 0x84) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000006000)=@in={0x2, 0x0, @loopback}, 0x80, 0x0}, 0x0) recvmmsg(r0, &(0x7f0000003100)=[{{&(0x7f0000000000)=@sco, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)=""/65, 0x41}, {&(0x7f0000000200)=""/154, 0x9a}], 0x2, &(0x7f0000000580)=""/4096, 0x1000}, 0x7}, {{&(0x7f00000002c0)=@l2, 0x80, &(0x7f0000001740)=[{&(0x7f0000000340)=""/254, 0xfe}, {&(0x7f0000000440)=""/108, 0x6c}, {&(0x7f0000001580)=""/99, 0x63}, {&(0x7f0000001600)=""/192, 0xc0}, {&(0x7f00000016c0)=""/90, 0x5a}], 0x5}, 0x20f8}, {{&(0x7f00000017c0)=@pptp={0x18, 0x2, {0x0, @local}}, 0x80, &(0x7f00000018c0)=[{&(0x7f0000001840)=""/120, 0x78}], 0x1, &(0x7f0000001900)=""/143, 0x8f}, 0x1}, {{&(0x7f00000019c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, &(0x7f0000002d00)=[{&(0x7f0000001a40)=""/163, 0xa3}, {&(0x7f0000001b00)=""/130, 0x82}, {&(0x7f0000001bc0)=""/39, 0x27}, {&(0x7f0000001c00)=""/231, 0xe7}, {&(0x7f0000001d00)=""/4096, 0x1000}], 0x5, &(0x7f0000002d80)=""/161, 0xa1}, 0x831}, {{&(0x7f0000002e40)=@pppoe={0x18, 0x0, {0x0, @random}}, 0x80, &(0x7f0000003000)=[{&(0x7f0000002ec0)=""/236, 0xec}, {&(0x7f0000002fc0)=""/48, 0x30}], 0x2, &(0x7f0000003040)=""/133, 0x85}, 0x1}], 0x5, 0x2000, &(0x7f0000003240)) [ 204.674285][ T7941] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7941 [ 204.684310][ T7941] caller is ip6_finish_output+0x335/0xdc0 [ 204.690045][ T7941] CPU: 1 PID: 7941 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 204.699065][ T7941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 204.709121][ T7941] Call Trace: [ 204.712422][ T7941] dump_stack+0x172/0x1f0 [ 204.716766][ T7941] __this_cpu_preempt_check+0x246/0x270 [ 204.722318][ T7941] ip6_finish_output+0x335/0xdc0 [ 204.727268][ T7941] ip6_output+0x235/0x7f0 [ 204.731615][ T7941] ? ip6_finish_output+0xdc0/0xdc0 [ 204.736745][ T7941] ? ip6_fragment+0x3980/0x3980 [ 204.741612][ T7941] ? kasan_check_read+0x11/0x20 [ 204.746477][ T7941] ip6_xmit+0xe41/0x20c0 [ 204.750746][ T7941] ? ip6_finish_output2+0x2550/0x2550 [ 204.751372][ T7951] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7951 [ 204.756122][ T7941] ? mark_held_locks+0xf0/0xf0 [ 204.756144][ T7941] ? ip6_setup_cork+0x1870/0x1870 [ 204.756176][ T7941] sctp_v6_xmit+0x313/0x660 [ 204.756198][ T7941] sctp_packet_transmit+0x1bc4/0x36f0 [ 204.756231][ T7941] ? sctp_packet_config+0xfe0/0xfe0 [ 204.765580][ T7951] caller is ip6_finish_output+0x335/0xdc0 [ 204.770268][ T7941] ? sctp_packet_append_chunk+0x946/0xda0 [ 204.801698][ T7941] ? sctp_outq_select_transport+0x21a/0x790 [ 204.807613][ T7941] sctp_outq_flush_ctrl.constprop.0+0x6d4/0xd50 [ 204.813861][ T7941] ? rcu_read_lock_sched_held+0x110/0x130 [ 204.819590][ T7941] ? sctp_prsctp_prune_sent.isra.0+0x820/0x820 [ 204.825770][ T7941] ? sctp_make_init+0xd10/0xd10 [ 204.830619][ T7941] ? sctp_verify_init+0x14a0/0x14a0 [ 204.835819][ T7941] sctp_outq_flush+0xe8/0x2780 [ 204.840605][ T7941] ? sctp_assoc_set_bind_addr_from_ep+0x168/0x1c0 [ 204.847036][ T7941] ? sctp_sf_do_unexpected_init.isra.0+0x19e/0x1350 [ 204.853635][ T7941] ? __sctp_outq_teardown+0xc60/0xc60 [ 204.859012][ T7941] ? sctp_sm_lookup_event+0x134/0x48d [ 204.864387][ T7941] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 204.870627][ T7941] ? sctp_outq_tail+0x68c/0x930 [ 204.875483][ T7941] sctp_outq_uncork+0x6c/0x80 [ 204.880167][ T7941] sctp_do_sm+0x418d/0x5770 [ 204.884683][ T7941] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 204.891357][ T7941] ? sctp_prsctp_prune_sent.isra.0+0x820/0x820 [ 204.897594][ T7941] ? lock_downgrade+0x880/0x880 [ 204.902450][ T7941] ? sctp_assoc_bh_rcv+0x2fc/0x660 [ 204.907559][ T7941] ? find_held_lock+0x35/0x130 [ 204.912322][ T7941] ? sctp_assoc_bh_rcv+0x2fc/0x660 [ 204.917435][ T7941] ? mark_held_locks+0xa4/0xf0 [ 204.922203][ T7941] ? trace_hardirqs_on+0x67/0x230 [ 204.927230][ T7941] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 204.932948][ T7941] ? ktime_get+0x208/0x300 [ 204.937381][ T7941] sctp_assoc_bh_rcv+0x343/0x660 [ 204.942327][ T7941] sctp_inq_push+0x1ea/0x290 [ 204.946922][ T7941] sctp_backlog_rcv+0x196/0xbe0 [ 204.951770][ T7941] ? __local_bh_enable_ip+0x15a/0x270 [ 204.957141][ T7941] ? _raw_spin_unlock_bh+0x31/0x40 [ 204.962255][ T7941] ? __local_bh_enable_ip+0x15a/0x270 [ 204.967810][ T7941] ? sctp_hash_obj+0x600/0x600 [ 204.972572][ T7941] ? __release_sock+0xca/0x3a0 [ 204.977337][ T7941] ? __local_bh_enable_ip+0x15a/0x270 [ 204.982712][ T7941] __release_sock+0x12e/0x3a0 [ 204.987397][ T7941] release_sock+0x59/0x1c0 [ 204.991819][ T7941] sctp_wait_for_connect+0x316/0x540 [ 204.997134][ T7941] ? sctp_get_port+0x180/0x180 [ 205.001900][ T7941] ? memcpy+0x46/0x50 [ 205.005888][ T7941] ? finish_wait+0x260/0x260 [ 205.010486][ T7941] ? sctp_primitive_ASSOCIATE+0x9d/0xd0 [ 205.016037][ T7941] __sctp_connect+0xac2/0xce0 [ 205.020722][ T7941] ? sctp_sendmsg_to_asoc+0x17b0/0x17b0 [ 205.026263][ T7941] ? __local_bh_enable_ip+0x15a/0x270 [ 205.031653][ T7941] ? lockdep_hardirqs_on+0x418/0x5d0 [ 205.036945][ T7941] ? trace_hardirqs_on+0x67/0x230 [ 205.041992][ T7941] ? __local_bh_enable_ip+0x15a/0x270 [ 205.047366][ T7941] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 205.053263][ T7941] sctp_inet_connect+0x2a2/0x350 [ 205.058225][ T7941] __sys_connect+0x266/0x330 [ 205.062815][ T7941] ? __ia32_sys_accept+0xb0/0xb0 [ 205.067758][ T7941] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 205.074001][ T7941] ? put_timespec64+0xda/0x140 [ 205.078778][ T7941] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 205.084238][ T7941] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 205.089697][ T7941] ? do_syscall_64+0x26/0x610 [ 205.094369][ T7941] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 205.100431][ T7941] ? do_syscall_64+0x26/0x610 [ 205.105116][ T7941] __x64_sys_connect+0x73/0xb0 [ 205.109884][ T7941] do_syscall_64+0x103/0x610 [ 205.114481][ T7941] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 205.120366][ T7941] RIP: 0033:0x4582b9 [ 205.124261][ T7941] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 205.143870][ T7941] RSP: 002b:00007facac035c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 205.152288][ T7941] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 205.160259][ T7941] RDX: 000000000000001c RSI: 0000000020000080 RDI: 0000000000000003 [ 205.168231][ T7941] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 205.176202][ T7941] R10: 0000000000000000 R11: 0000000000000246 R12: 00007facac0366d4 [ 205.184177][ T7941] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff [ 205.192180][ T7951] CPU: 0 PID: 7951 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 205.201207][ T7951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 205.209086][ T7954] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/7954 [ 205.211262][ T7951] Call Trace: [ 205.211287][ T7951] dump_stack+0x172/0x1f0 [ 205.211311][ T7951] __this_cpu_preempt_check+0x246/0x270 [ 205.220634][ T7954] caller is ip6_finish_output+0x335/0xdc0 [ 205.223862][ T7951] ip6_finish_output+0x335/0xdc0 [ 205.223891][ T7951] ip6_output+0x235/0x7f0 [ 205.254975][ T7951] ? ip6_finish_output+0xdc0/0xdc0 [ 205.260100][ T7951] ? ip6_fragment+0x3980/0x3980 [ 205.266490][ T7951] ? kasan_check_read+0x11/0x20 [ 205.271348][ T7951] ip6_xmit+0xe41/0x20c0 [ 205.275605][ T7951] ? ip6_finish_output2+0x2550/0x2550 [ 205.280985][ T7951] ? mark_held_locks+0xf0/0xf0 [ 205.285756][ T7951] ? ip6_setup_cork+0x1870/0x1870 [ 205.290795][ T7951] sctp_v6_xmit+0x313/0x660 [ 205.295305][ T7951] sctp_packet_transmit+0x1bc4/0x36f0 [ 205.300696][ T7951] ? sctp_packet_config+0xfe0/0xfe0 [ 205.305900][ T7951] ? sctp_packet_append_chunk+0x946/0xda0 [ 205.311621][ T7951] ? sctp_outq_select_transport+0x21a/0x790 [ 205.317523][ T7951] sctp_outq_flush_ctrl.constprop.0+0x6d4/0xd50 [ 205.323773][ T7951] ? sctp_prsctp_prune_sent.isra.0+0x820/0x820 [ 205.329928][ T7951] ? lock_downgrade+0x880/0x880 [ 205.334794][ T7951] ? add_timer+0x400/0x930 [ 205.339208][ T7951] ? find_held_lock+0x35/0x130 [ 205.343989][ T7951] ? add_timer+0x41e/0x930 [ 205.348416][ T7951] sctp_outq_flush+0xe8/0x2780 [ 205.353194][ T7951] ? mark_held_locks+0xa4/0xf0 [ 205.358233][ T7951] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 205.364043][ T7951] ? add_timer+0x41e/0x930 [ 205.368461][ T7951] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 205.374269][ T7951] ? lockdep_hardirqs_on+0x418/0x5d0 [ 205.379555][ T7951] ? trace_hardirqs_on+0x67/0x230 [ 205.384588][ T7951] ? __sctp_outq_teardown+0xc60/0xc60 [ 205.389977][ T7951] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 205.396217][ T7951] ? sctp_outq_tail+0x68c/0x930 [ 205.401074][ T7951] sctp_outq_uncork+0x6c/0x80 [ 205.405753][ T7951] sctp_do_sm+0x2575/0x5770 [ 205.410260][ T7951] ? sctp_hash_transport+0xdb1/0x18d0 [ 205.415643][ T7951] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 205.422323][ T7951] ? __local_bh_enable_ip+0x15a/0x270 [ 205.427707][ T7951] ? lock_downgrade+0x880/0x880 [ 205.432558][ T7951] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 205.438804][ T7951] ? kasan_check_read+0x11/0x20 [ 205.443661][ T7951] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 205.449904][ T7951] ? sctp_hash_transport+0x10b/0x18d0 [ 205.455297][ T7951] ? memcpy+0x46/0x50 [ 205.459279][ T7951] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 205.465518][ T7951] ? sctp_assoc_set_primary+0x274/0x310 [ 205.471071][ T7951] sctp_primitive_ASSOCIATE+0x9d/0xd0 [ 205.476471][ T7951] __sctp_connect+0x8cd/0xce0 [ 205.481160][ T7951] ? sctp_sendmsg_to_asoc+0x17b0/0x17b0 [ 205.486706][ T7951] ? __local_bh_enable_ip+0x15a/0x270 [ 205.492080][ T7951] ? lockdep_hardirqs_on+0x418/0x5d0 [ 205.497369][ T7951] ? lock_sock_nested+0x9a/0x120 [ 205.502304][ T7951] ? trace_hardirqs_on+0x67/0x230 [ 205.507330][ T7951] ? __local_bh_enable_ip+0x15a/0x270 [ 205.512700][ T7951] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 205.518603][ T7951] sctp_inet_connect+0x2a2/0x350 [ 205.523551][ T7951] __sys_connect+0x266/0x330 [ 205.528147][ T7951] ? __ia32_sys_accept+0xb0/0xb0 [ 205.533082][ T7951] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 205.539327][ T7951] ? put_timespec64+0xda/0x140 [ 205.544110][ T7951] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 205.549568][ T7951] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 205.555032][ T7951] ? do_syscall_64+0x26/0x610 [ 205.559708][ T7951] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 205.565774][ T7951] ? do_syscall_64+0x26/0x610 [ 205.570456][ T7951] __x64_sys_connect+0x73/0xb0 [ 205.575223][ T7951] do_syscall_64+0x103/0x610 [ 205.579816][ T7951] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 205.585702][ T7951] RIP: 0033:0x4582b9 [ 205.589595][ T7951] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 205.609197][ T7951] RSP: 002b:00007f1ac8f6dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 205.617611][ T7951] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 205.625580][ T7951] RDX: 000000000000001c RSI: 0000000020000080 RDI: 0000000000000003 [ 205.633547][ T7951] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 205.641518][ T7951] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1ac8f6e6d4 [ 205.649483][ T7951] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff [ 205.657478][ T7954] CPU: 1 PID: 7954 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 205.662952][ T7924] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7924 [ 205.666537][ T7954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 205.666543][ T7954] Call Trace: [ 205.666573][ T7954] dump_stack+0x172/0x1f0 [ 205.676057][ T7924] caller is ip6_finish_output+0x335/0xdc0 [ 205.686048][ T7954] __this_cpu_preempt_check+0x246/0x270 [ 205.686066][ T7954] ip6_finish_output+0x335/0xdc0 [ 205.686085][ T7954] ip6_output+0x235/0x7f0 [ 205.686102][ T7954] ? ip6_finish_output+0xdc0/0xdc0 [ 205.686124][ T7954] ? ip6_fragment+0x3980/0x3980 [ 205.724088][ T7954] ? kasan_check_read+0x11/0x20 [ 205.728942][ T7954] ip6_xmit+0xe41/0x20c0 [ 205.733203][ T7954] ? ip6_finish_output2+0x2550/0x2550 [ 205.738572][ T7954] ? mark_held_locks+0xf0/0xf0 [ 205.743340][ T7954] ? ip6_setup_cork+0x1870/0x1870 [ 205.748384][ T7954] sctp_v6_xmit+0x313/0x660 [ 205.752896][ T7954] sctp_packet_transmit+0x1bc4/0x36f0 [ 205.758288][ T7954] ? sctp_packet_config+0xfe0/0xfe0 [ 205.763489][ T7954] ? sctp_packet_append_chunk+0x946/0xda0 [ 205.769243][ T7954] ? sctp_outq_select_transport+0x21a/0x790 [ 205.775143][ T7954] sctp_outq_flush_ctrl.constprop.0+0x6d4/0xd50 [ 205.781390][ T7954] ? sctp_prsctp_prune_sent.isra.0+0x820/0x820 [ 205.787545][ T7954] ? lock_downgrade+0x880/0x880 [ 205.792402][ T7954] ? add_timer+0x400/0x930 [ 205.796815][ T7954] ? find_held_lock+0x35/0x130 [ 205.801583][ T7954] ? add_timer+0x41e/0x930 [ 205.806010][ T7954] sctp_outq_flush+0xe8/0x2780 [ 205.810770][ T7954] ? mark_held_locks+0xa4/0xf0 [ 205.815535][ T7954] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 205.821344][ T7954] ? add_timer+0x41e/0x930 [ 205.825758][ T7954] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 205.831568][ T7954] ? lockdep_hardirqs_on+0x418/0x5d0 [ 205.836853][ T7954] ? trace_hardirqs_on+0x67/0x230 [ 205.841880][ T7954] ? __sctp_outq_teardown+0xc60/0xc60 [ 205.847263][ T7954] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 205.853501][ T7954] ? sctp_outq_tail+0x68c/0x930 [ 205.858355][ T7954] sctp_outq_uncork+0x6c/0x80 [ 205.863032][ T7954] sctp_do_sm+0x2575/0x5770 [ 205.867540][ T7954] ? sctp_hash_transport+0xdb1/0x18d0 [ 205.872920][ T7954] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 205.879593][ T7954] ? __local_bh_enable_ip+0x15a/0x270 [ 205.884975][ T7954] ? lock_downgrade+0x880/0x880 [ 205.889827][ T7954] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 205.896073][ T7954] ? kasan_check_read+0x11/0x20 [ 205.900926][ T7954] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 205.907165][ T7954] ? sctp_hash_transport+0x10b/0x18d0 [ 205.912558][ T7954] ? memcpy+0x46/0x50 [ 205.916552][ T7954] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 205.922790][ T7954] ? sctp_assoc_set_primary+0x274/0x310 [ 205.928342][ T7954] sctp_primitive_ASSOCIATE+0x9d/0xd0 [ 205.933720][ T7954] __sctp_connect+0x8cd/0xce0 [ 205.938408][ T7954] ? sctp_sendmsg_to_asoc+0x17b0/0x17b0 [ 205.943950][ T7954] ? __local_bh_enable_ip+0x15a/0x270 [ 205.949340][ T7954] ? lockdep_hardirqs_on+0x418/0x5d0 [ 205.954640][ T7954] ? lock_sock_nested+0x9a/0x120 [ 205.959574][ T7954] ? trace_hardirqs_on+0x67/0x230 [ 205.964605][ T7954] ? __local_bh_enable_ip+0x15a/0x270 [ 205.969984][ T7954] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 205.975882][ T7954] sctp_inet_connect+0x2a2/0x350 [ 205.980830][ T7954] __sys_connect+0x266/0x330 [ 205.985428][ T7954] ? __ia32_sys_accept+0xb0/0xb0 [ 205.990365][ T7954] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 205.996602][ T7954] ? put_timespec64+0xda/0x140 [ 206.001375][ T7954] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 206.006833][ T7954] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 206.012294][ T7954] ? do_syscall_64+0x26/0x610 [ 206.016980][ T7954] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 206.023046][ T7954] ? do_syscall_64+0x26/0x610 [ 206.027729][ T7954] __x64_sys_connect+0x73/0xb0 [ 206.032496][ T7954] do_syscall_64+0x103/0x610 [ 206.037096][ T7954] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 206.042993][ T7954] RIP: 0033:0x4582b9 [ 206.046891][ T7954] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 206.066495][ T7954] RSP: 002b:00007f5202c8cc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 206.074908][ T7954] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 206.082874][ T7954] RDX: 000000000000001c RSI: 0000000020000080 RDI: 0000000000000003 [ 206.090844][ T7954] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 206.098819][ T7954] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5202c8d6d4 [ 206.106786][ T7954] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff [ 206.114777][ T7924] CPU: 0 PID: 7924 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 206.123803][ T7924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 206.133859][ T7924] Call Trace: [ 206.137186][ T7924] dump_stack+0x172/0x1f0 [ 206.141535][ T7924] __this_cpu_preempt_check+0x246/0x270 [ 206.147091][ T7924] ip6_finish_output+0x335/0xdc0 [ 206.152044][ T7924] ip6_output+0x235/0x7f0 [ 206.156380][ T7924] ? ip6_finish_output+0xdc0/0xdc0 [ 206.161498][ T7924] ? ip6_fragment+0x3980/0x3980 [ 206.166358][ T7924] ? kasan_check_read+0x11/0x20 [ 206.171222][ T7924] ip6_xmit+0xe41/0x20c0 [ 206.174992][ T7951] sctp: [Deprecated]: syz-executor.0 (pid 7951) Use of struct sctp_assoc_value in delayed_ack socket option. [ 206.174992][ T7951] Use struct sctp_sack_info instead [ 206.175483][ T7924] ? ip6_finish_output2+0x2550/0x2550 [ 206.197442][ T7924] ? mark_held_locks+0xf0/0xf0 [ 206.202227][ T7924] ? ip6_setup_cork+0x1870/0x1870 [ 206.207277][ T7924] sctp_v6_xmit+0x313/0x660 [ 206.211796][ T7924] sctp_packet_transmit+0x1bc4/0x36f0 [ 206.214755][ T7951] sctp: [Deprecated]: syz-executor.0 (pid 7951) Use of struct sctp_assoc_value in delayed_ack socket option. [ 206.214755][ T7951] Use struct sctp_sack_info instead [ 206.217192][ T7924] ? sctp_packet_config+0xfe0/0xfe0 [ 206.217210][ T7924] ? kasan_check_read+0x11/0x20 [ 206.217233][ T7924] ? del_timer+0xcd/0x120 [ 206.248151][ T7924] sctp_outq_flush+0x2b8/0x2780 [ 206.253012][ T7924] ? mark_held_locks+0xa4/0xf0 [ 206.257793][ T7924] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 206.264053][ T7924] ? del_timer+0xcd/0x120 [ 206.268389][ T7924] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 206.274206][ T7924] ? __sctp_outq_teardown+0xc60/0xc60 [ 206.279594][ T7924] ? del_timer+0xd2/0x120 [ 206.283931][ T7924] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 206.290190][ T7924] ? sctp_outq_tail+0x68c/0x930 [ 206.295062][ T7924] sctp_outq_uncork+0x6c/0x80 [ 206.299746][ T7924] sctp_do_sm+0x2575/0x5770 [ 206.304256][ T7924] ? is_dynamic_key+0x1c0/0x1c0 [ 206.309121][ T7924] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 206.315797][ T7924] ? __lock_acquire+0x548/0x3fb0 [ 206.315825][ T7924] ? skb_dequeue+0x12e/0x180 [ 206.315838][ T7924] ? find_held_lock+0x35/0x130 [ 206.315861][ T7924] ? skb_dequeue+0x12e/0x180 [ 206.330133][ T7924] ? trace_hardirqs_on+0x67/0x230 [ 206.330151][ T7924] ? kasan_check_read+0x11/0x20 [ 206.330173][ T7924] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 206.339859][ T7924] sctp_primitive_SHUTDOWN+0xa0/0xd0 [ 206.339879][ T7924] sctp_close+0x445/0x860 [ 206.339901][ T7924] ? sctp_init_sock+0x1360/0x1360 [ 206.350628][ T7924] ? ip_mc_drop_socket+0x211/0x270 [ 206.350645][ T7924] ? __sock_release+0x89/0x2b0 [ 206.350667][ T7924] inet_release+0x105/0x1f0 [ 206.360261][ T7924] inet6_release+0x53/0x80 [ 206.360280][ T7924] __sock_release+0xd3/0x2b0 [ 206.360304][ T7924] ? __sock_release+0x2b0/0x2b0 [ 206.394252][ T7924] sock_close+0x1b/0x30 [ 206.398418][ T7924] __fput+0x2e5/0x8d0 [ 206.402413][ T7924] ____fput+0x16/0x20 [ 206.406407][ T7924] task_work_run+0x14a/0x1c0 [ 206.411017][ T7924] get_signal+0x1961/0x1d50 [ 206.415542][ T7924] ? ___might_sleep+0x163/0x280 [ 206.420399][ T7924] ? __might_sleep+0x95/0x190 [ 206.425086][ T7924] ? debug_smp_processor_id+0x3c/0x280 [ 206.430551][ T7924] do_signal+0x87/0x1940 [ 206.434814][ T7924] ? task_work_add+0x9c/0x110 [ 206.439506][ T7924] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 206.445747][ T7924] ? setup_sigcontext+0x7d0/0x7d0 [ 206.445761][ T7924] ? fput+0x1b/0x20 [ 206.445778][ T7924] ? __sys_setsockopt+0x1aa/0x280 [ 206.445796][ T7924] ? kernel_accept+0x310/0x310 [ 206.445818][ T7924] ? exit_to_usermode_loop+0x43/0x2c0 [ 206.454630][ T7924] ? do_syscall_64+0x52d/0x610 [ 206.474519][ T7924] ? exit_to_usermode_loop+0x43/0x2c0