[ 37.104034][ T26] audit: type=1800 audit(1554660143.267:25): pid=7679 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 37.141053][ T26] audit: type=1800 audit(1554660143.267:26): pid=7679 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 37.165264][ T26] audit: type=1800 audit(1554660143.267:27): pid=7679 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 37.197140][ T26] audit: type=1800 audit(1554660143.267:28): pid=7679 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.30' (ECDSA) to the list of known hosts. 2019/04/07 18:02:35 fuzzer started 2019/04/07 18:02:38 dialing manager at 10.128.0.26:34543 2019/04/07 18:02:39 syscalls: 2408 2019/04/07 18:02:39 code coverage: enabled 2019/04/07 18:02:39 comparison tracing: enabled 2019/04/07 18:02:39 extra coverage: extra coverage is not supported by the kernel 2019/04/07 18:02:39 setuid sandbox: enabled 2019/04/07 18:02:39 namespace sandbox: enabled 2019/04/07 18:02:39 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/07 18:02:39 fault injection: enabled 2019/04/07 18:02:39 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/07 18:02:39 net packet injection: enabled 2019/04/07 18:02:39 net device setup: enabled 18:04:50 executing program 0: perf_event_open(&(0x7f0000000900)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1fc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x9100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000800)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) r0 = socket$kcm(0x10, 0x800000000002, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000000c0)="2e000000120081aee4520cecff0e00fa078b5bdb4cb904e473730e55cff26d1b0e001d80020000005e510befccd7", 0x2e}], 0x1}, 0x0) syzkaller login: [ 184.410073][ T7844] IPVS: ftp: loaded support on port[0] = 21 18:04:50 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup2(r0, r1) setsockopt$sock_int(r2, 0xffff, 0x1002, &(0x7f00000000c0)=0x400000, 0x4) [ 184.538467][ T7844] chnl_net:caif_netlink_parms(): no params data found [ 184.596479][ T7844] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.611218][ T7844] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.640056][ T7844] device bridge_slave_0 entered promiscuous mode [ 184.648833][ T7844] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.660097][ T7844] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.668624][ T7844] device bridge_slave_1 entered promiscuous mode [ 184.685157][ T7847] IPVS: ftp: loaded support on port[0] = 21 [ 184.707741][ T7844] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 184.718557][ T7844] bond0: Enslaving bond_slave_1 as an active interface with an up link 18:04:50 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 184.761530][ T7844] team0: Port device team_slave_0 added [ 184.783714][ T7844] team0: Port device team_slave_1 added [ 184.842790][ T7844] device hsr_slave_0 entered promiscuous mode [ 184.910543][ T7844] device hsr_slave_1 entered promiscuous mode 18:04:51 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e20, @empty}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='dctcp\x00', 0x6) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000340)='team_slave_0\x00', 0x1) sendto$inet(r0, 0x0, 0x0, 0x1000000020000000, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$inet6_udp_int(r1, 0x11, 0x66, &(0x7f0000000700), &(0x7f0000000740)=0x4) socketpair(0x3, 0x2, 0xdb05, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000b80)='NET_DM\x00') setsockopt$inet6_tcp_TLS_RX(r3, 0x6, 0x2, &(0x7f0000000100), 0x4) sendmsg$NET_DM_CMD_START(r2, &(0x7f0000000c40)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000c00)={&(0x7f0000000bc0)={0x14, r4, 0x201, 0x70bd25, 0x25dfdbfb, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0xc000) setsockopt$inet_mreqsrc(r0, 0x0, 0x26, &(0x7f00000000c0)={@loopback, @dev={0xac, 0x14, 0x14, 0x12}, @multicast1}, 0xc) r5 = socket$inet(0x2, 0x3, 0x8) ioctl(r5, 0x1000008912, &(0x7f0000000040)="0adc5f123c123f319bd070") setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000300)={0x48, 0x3aa, 0x7, 0x2, 0x1}, 0x14) [ 185.038658][ T7849] IPVS: ftp: loaded support on port[0] = 21 [ 185.100043][ T7844] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.107272][ T7844] bridge0: port 2(bridge_slave_1) entered forwarding state [ 185.115148][ T7844] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.122268][ T7844] bridge0: port 1(bridge_slave_0) entered forwarding state [ 185.211886][ T7847] chnl_net:caif_netlink_parms(): no params data found [ 185.248933][ T7852] IPVS: ftp: loaded support on port[0] = 21 18:04:51 executing program 4: getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f00000004c0)='./file0\x00', 0x14104a, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, 0x0, &(0x7f0000000080)) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, 0x0, &(0x7f00000001c0)) write$P9_RSYMLINK(r0, &(0x7f0000000140)={0x29a}, 0x14) ioctl$KVM_UNREGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae68, 0x0) prctl$PR_SET_FPEXC(0xc, 0x40000) inotify_init() sendfile(r0, r0, &(0x7f00000000c0), 0x2000000800004c36) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, 0x0, 0xfffffffffffffd31) creat(&(0x7f0000000200)='./file0\x00', 0x0) [ 185.272037][ T7844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 185.437322][ T7849] chnl_net:caif_netlink_parms(): no params data found [ 185.463079][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 185.483064][ T2882] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.503260][ T2882] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.513248][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 185.525252][ T7847] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.534126][ T7847] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.544146][ T7847] device bridge_slave_0 entered promiscuous mode [ 185.555787][ T7844] 8021q: adding VLAN 0 to HW filter on device team0 [ 185.573443][ T7847] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.582045][ T7847] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.592553][ T7847] device bridge_slave_1 entered promiscuous mode 18:04:51 executing program 5: timer_create(0x7, 0x0, &(0x7f0000000080)) timer_settime(0x0, 0x0, 0x0, 0x0) timer_gettime(0x0, 0x0) [ 185.646771][ T7856] IPVS: ftp: loaded support on port[0] = 21 [ 185.653891][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 185.671144][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 185.679587][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.686739][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 185.695014][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 185.706069][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 185.714665][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.725041][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 185.759780][ T7855] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 185.816464][ T7849] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.823948][ T7849] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.831988][ T7849] device bridge_slave_0 entered promiscuous mode [ 185.852914][ T7860] IPVS: ftp: loaded support on port[0] = 21 [ 185.858226][ T7844] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 185.869839][ T7844] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 185.884402][ T7847] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 185.893138][ T7852] chnl_net:caif_netlink_parms(): no params data found [ 185.903201][ T7849] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.910388][ T7849] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.917969][ T7849] device bridge_slave_1 entered promiscuous mode [ 185.934824][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 185.943929][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 185.952425][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 185.961201][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 185.969544][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 185.978140][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 185.986450][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 185.994964][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 186.003274][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 186.013750][ T7847] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 186.047368][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 186.055752][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 186.086348][ T7847] team0: Port device team_slave_0 added [ 186.101606][ T7847] team0: Port device team_slave_1 added [ 186.108817][ T7849] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 186.119447][ T7849] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 186.164322][ T7852] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.171937][ T7852] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.179496][ T7852] device bridge_slave_0 entered promiscuous mode [ 186.252823][ T7847] device hsr_slave_0 entered promiscuous mode [ 186.310537][ T7847] device hsr_slave_1 entered promiscuous mode [ 186.355298][ T7844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 186.362666][ T7852] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.369766][ T7852] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.378012][ T7852] device bridge_slave_1 entered promiscuous mode [ 186.394444][ T7849] team0: Port device team_slave_0 added [ 186.403148][ T7849] team0: Port device team_slave_1 added [ 186.455238][ T7852] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 186.465672][ T7852] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 186.503087][ T7849] device hsr_slave_0 entered promiscuous mode [ 186.540449][ T7849] device hsr_slave_1 entered promiscuous mode [ 186.684083][ C1] hrtimer: interrupt took 27038 ns [ 186.695867][ T7865] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 186.706349][ T7852] team0: Port device team_slave_0 added [ 186.708016][ T7852] team0: Port device team_slave_1 added [ 186.724414][ T7856] chnl_net:caif_netlink_parms(): no params data found 18:04:53 executing program 0: perf_event_open(&(0x7f0000000900)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1fc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x9100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000800)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) r0 = socket$kcm(0x10, 0x800000000002, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000000c0)="2e000000120081aee4520cecff0e00fa078b5bdb4cb904e473730e55cff26d1b0e001d80020000005e510befccd7", 0x2e}], 0x1}, 0x0) [ 186.783861][ T7865] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 186.799728][ T7867] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 186.864112][ T7870] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 186.875630][ T7852] device hsr_slave_0 entered promiscuous mode [ 186.920383][ T7852] device hsr_slave_1 entered promiscuous mode [ 186.992530][ T7860] chnl_net:caif_netlink_parms(): no params data found [ 187.004363][ T7870] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 187.019850][ T7856] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.034206][ T7856] bridge0: port 1(bridge_slave_0) entered disabled state 18:04:53 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000140)='/dev/loop#\x00', 0x0, 0x100082) r1 = memfd_create(&(0x7f0000000c80)='[trusted$\x00', 0x0) pwritev(r1, &(0x7f00000000c0)=[{&(0x7f00000005c0)='\'', 0x1}], 0x1, 0x81806) mlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$EVIOCGKEYCODE_V2(0xffffffffffffffff, 0x80284504, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r1, 0x0, 0x20000102000007) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b92481f2b6049517f74de08916cf213343b15d035fc2fe51426f3c9125e1da89cad2929cd06aca1bd4b0a988279268e61234ff8a41cd19abd481eb55130d64ca", "a3510a8deb27705deb2fac58f4f379ddd8e50e8d868ee0425ecfc1c6f4a716df3e4be867d973bcc3e056a1a04eafdeacbd0e434a62db69a6bd53316c42f16b21", "f0642b0793a51cd04ad5c00d6cf24b506d17a8df96c5968a4226e09f847e4b08"}) fcntl$getown(r0, 0x9) [ 187.045701][ T7856] device bridge_slave_0 entered promiscuous mode [ 187.086162][ T7847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.106550][ T7856] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.114735][ T7856] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.123429][ T7856] device bridge_slave_1 entered promiscuous mode [ 187.154238][ T7847] 8021q: adding VLAN 0 to HW filter on device team0 [ 187.173383][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 187.182046][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 187.217709][ T7856] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 187.275773][ T7856] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 187.295397][ T7849] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.313491][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 187.322409][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 187.331385][ T7859] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.338520][ T7859] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.347693][ T7860] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.361441][ T7860] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.370743][ T7860] device bridge_slave_0 entered promiscuous mode [ 187.399184][ T7849] 8021q: adding VLAN 0 to HW filter on device team0 [ 187.418654][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 187.427259][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 187.435609][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 187.444300][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 187.454223][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 187.474642][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.481772][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.489472][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 187.498584][ T7860] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.506032][ T7860] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.514521][ T7860] device bridge_slave_1 entered promiscuous mode [ 187.526443][ T7856] team0: Port device team_slave_0 added 18:04:53 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000140)='/dev/loop#\x00', 0x0, 0x100082) r1 = memfd_create(&(0x7f0000000c80)='[trusted$\x00', 0x0) pwritev(r1, &(0x7f00000000c0)=[{&(0x7f00000005c0)='\'', 0x1}], 0x1, 0x81806) mlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$EVIOCGKEYCODE_V2(0xffffffffffffffff, 0x80284504, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r1, 0x0, 0x20000102000007) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b92481f2b6049517f74de08916cf213343b15d035fc2fe51426f3c9125e1da89cad2929cd06aca1bd4b0a988279268e61234ff8a41cd19abd481eb55130d64ca", "a3510a8deb27705deb2fac58f4f379ddd8e50e8d868ee0425ecfc1c6f4a716df3e4be867d973bcc3e056a1a04eafdeacbd0e434a62db69a6bd53316c42f16b21", "f0642b0793a51cd04ad5c00d6cf24b506d17a8df96c5968a4226e09f847e4b08"}) fcntl$getown(r0, 0x9) [ 187.559461][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 187.568167][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 187.577270][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.584403][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.596716][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 187.606104][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 187.615292][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.622399][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.630215][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 187.638817][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 187.649009][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 187.657854][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 187.666303][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 187.675587][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 187.684623][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 187.692739][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 187.713040][ T7856] team0: Port device team_slave_1 added [ 187.735568][ T7860] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 187.772176][ T7875] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 187.790904][ T7875] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 187.799193][ T7875] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 187.811054][ T7875] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 187.819734][ T7875] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 187.828726][ T7875] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 187.847248][ T7860] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 187.891466][ T7860] team0: Port device team_slave_0 added [ 187.909656][ T7847] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 187.927174][ T7847] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 187.961240][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 187.971978][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 187.981907][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 187.991308][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 187.999785][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 188.008656][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 188.018709][ T7860] team0: Port device team_slave_1 added [ 188.032230][ T7852] 8021q: adding VLAN 0 to HW filter on device bond0 [ 188.082805][ T7856] device hsr_slave_0 entered promiscuous mode [ 188.120448][ T7856] device hsr_slave_1 entered promiscuous mode 18:04:54 executing program 0: rt_sigprocmask(0x0, &(0x7f0000032ff8)={0xfffffffffffffffe}, 0x0, 0x8) socketpair$unix(0x1, 0x200000000000005, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) setrlimit(0x1, &(0x7f0000011000)) r1 = creat(&(0x7f0000000600)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000000c0)='threaded\x00', 0xfbca) [ 188.155143][ T7849] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 188.166894][ T7849] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 188.196032][ T7875] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 188.204447][ T7875] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 188.263711][ T7860] device hsr_slave_0 entered promiscuous mode [ 188.300652][ T7860] device hsr_slave_1 entered promiscuous mode [ 188.356213][ T7852] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.364048][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 188.371939][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 188.395269][ T7847] 8021q: adding VLAN 0 to HW filter on device batadv0 18:04:54 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='bridge0\x00', 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x400000000000030, 0x0) [ 188.427335][ T7849] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 188.454097][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 188.471019][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 188.477079][ T7894] check_preemption_disabled: 2 callbacks suppressed [ 188.477135][ T7894] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7894 [ 188.479460][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.486021][ T7894] caller is sk_mc_loop+0x1d/0x210 [ 188.495240][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.503166][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 188.507348][ T7894] CPU: 0 PID: 7894 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 188.509385][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 188.516032][ T7894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 188.516038][ T7894] Call Trace: [ 188.516070][ T7894] dump_stack+0x172/0x1f0 [ 188.516091][ T7894] __this_cpu_preempt_check+0x246/0x270 [ 188.516108][ T7894] sk_mc_loop+0x1d/0x210 [ 188.516124][ T7894] ip_mc_output+0x2ef/0xf70 [ 188.516146][ T7894] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 188.524674][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.533235][ T7894] ? ip_append_data.part.0+0x170/0x170 [ 188.533250][ T7894] ? ip_make_skb+0x1b1/0x2c0 [ 188.533270][ T7894] ? ip_reply_glue_bits+0xc0/0xc0 [ 188.541284][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.551323][ T7894] ip_local_out+0xc4/0x1b0 [ 188.551342][ T7894] ip_send_skb+0x42/0xf0 [ 188.551380][ T7894] udp_send_skb.isra.0+0x6b2/0x1180 [ 188.555314][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 188.558980][ T7894] udp_sendmsg+0x1dfd/0x2820 [ 188.633329][ T7894] ? ip_reply_glue_bits+0xc0/0xc0 [ 188.638342][ T7894] ? udp4_lib_lookup_skb+0x440/0x440 [ 188.643619][ T7894] ? rw_copy_check_uvector+0x2aa/0x330 [ 188.649070][ T7894] ? __might_sleep+0x95/0x190 [ 188.653731][ T7894] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 188.659363][ T7894] ? aa_sk_perm+0x288/0x880 [ 188.663891][ T7894] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 188.669438][ T7894] inet_sendmsg+0x147/0x5e0 [ 188.673924][ T7894] ? udp4_lib_lookup_skb+0x440/0x440 [ 188.679186][ T7894] ? inet_sendmsg+0x147/0x5e0 [ 188.683863][ T7894] ? ipip_gro_receive+0x100/0x100 [ 188.688883][ T7894] sock_sendmsg+0xdd/0x130 [ 188.693308][ T7894] ___sys_sendmsg+0x3e2/0x930 [ 188.697985][ T7894] ? copy_msghdr_from_user+0x430/0x430 [ 188.703427][ T7894] ? retint_kernel+0x2d/0x2d [ 188.708000][ T7894] ? lock_downgrade+0x880/0x880 [ 188.712853][ T7894] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 188.719105][ T7894] ? kasan_check_read+0x11/0x20 [ 188.723941][ T7894] ? __fget+0x381/0x550 [ 188.728082][ T7894] ? ksys_dup3+0x3e0/0x3e0 [ 188.732507][ T7894] ? __fget_light+0x1a9/0x230 [ 188.737187][ T7894] ? __fdget+0x1b/0x20 [ 188.741241][ T7894] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 188.747483][ T7894] ? sockfd_lookup_light+0xcb/0x180 [ 188.752665][ T7894] __sys_sendmmsg+0x1bf/0x4d0 [ 188.757353][ T7894] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 188.762415][ T7894] ? _copy_to_user+0xc9/0x120 [ 188.767103][ T7894] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 188.773347][ T7894] ? put_timespec64+0xda/0x140 [ 188.778208][ T7894] ? nsecs_to_jiffies+0x30/0x30 [ 188.783048][ T7894] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 188.788589][ T7894] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 188.794043][ T7894] ? do_syscall_64+0x26/0x610 [ 188.798721][ T7894] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 188.804782][ T7894] ? do_syscall_64+0x26/0x610 [ 188.809443][ T7894] __x64_sys_sendmmsg+0x9d/0x100 [ 188.814393][ T7894] do_syscall_64+0x103/0x610 [ 188.819003][ T7894] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 188.824990][ T7894] RIP: 0033:0x4582b9 [ 188.828886][ T7894] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 188.848810][ T7894] RSP: 002b:00007fc0f4bbac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 188.857227][ T7894] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 188.865294][ T7894] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 188.873254][ T7894] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 188.881237][ T7894] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc0f4bbb6d4 [ 188.889194][ T7894] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 188.910601][ T7875] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 188.919538][ T7875] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 188.938712][ T7894] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7894 [ 188.948117][ T7894] caller is sk_mc_loop+0x1d/0x210 [ 188.953279][ T7894] CPU: 1 PID: 7894 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 188.962306][ T7894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 188.972386][ T7894] Call Trace: [ 188.975700][ T7894] dump_stack+0x172/0x1f0 [ 188.980041][ T7894] __this_cpu_preempt_check+0x246/0x270 [ 188.985643][ T7894] sk_mc_loop+0x1d/0x210 [ 188.989910][ T7894] ip_mc_output+0x2ef/0xf70 [ 188.994429][ T7894] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 188.999553][ T7894] ? ip_append_data.part.0+0x170/0x170 [ 189.005028][ T7894] ? ip_make_skb+0x1b1/0x2c0 [ 189.009639][ T7894] ? ip_reply_glue_bits+0xc0/0xc0 [ 189.014684][ T7894] ip_local_out+0xc4/0x1b0 [ 189.019112][ T7894] ip_send_skb+0x42/0xf0 [ 189.023390][ T7894] udp_send_skb.isra.0+0x6b2/0x1180 [ 189.028605][ T7894] ? xfrm_lookup_route+0x5b/0x1f0 [ 189.033652][ T7894] udp_sendmsg+0x1dfd/0x2820 18:04:55 executing program 1: creat(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000080)='fuse\x00', 0x0, &(0x7f0000000340)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) [ 189.036784][ T7860] 8021q: adding VLAN 0 to HW filter on device bond0 [ 189.038249][ T7894] ? __lock_acquire+0x548/0x3fb0 [ 189.038270][ T7894] ? ip_reply_glue_bits+0xc0/0xc0 [ 189.038291][ T7894] ? udp4_lib_lookup_skb+0x440/0x440 [ 189.060129][ T7894] ? __might_fault+0x12b/0x1e0 [ 189.064918][ T7894] ? find_held_lock+0x35/0x130 [ 189.069724][ T7894] ? __might_sleep+0x95/0x190 [ 189.074509][ T7894] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 189.080177][ T7894] ? aa_sk_perm+0x288/0x880 [ 189.084701][ T7894] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 189.090261][ T7894] inet_sendmsg+0x147/0x5e0 [ 189.094770][ T7894] ? udp4_lib_lookup_skb+0x440/0x440 [ 189.100059][ T7894] ? inet_sendmsg+0x147/0x5e0 [ 189.100296][ T7860] 8021q: adding VLAN 0 to HW filter on device team0 [ 189.104737][ T7894] ? ipip_gro_receive+0x100/0x100 [ 189.104757][ T7894] sock_sendmsg+0xdd/0x130 [ 189.104776][ T7894] ___sys_sendmsg+0x3e2/0x930 [ 189.104798][ T7894] ? copy_msghdr_from_user+0x430/0x430 [ 189.116430][ T7894] ? __lock_acquire+0x548/0x3fb0 [ 189.116446][ T7894] ? lock_downgrade+0x880/0x880 [ 189.116462][ T7894] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 189.116487][ T7894] ? kasan_check_read+0x11/0x20 [ 189.116507][ T7894] ? __might_fault+0x12b/0x1e0 [ 189.136404][ T7894] ? find_held_lock+0x35/0x130 [ 189.136422][ T7894] ? __might_fault+0x12b/0x1e0 [ 189.136445][ T7894] ? lock_downgrade+0x880/0x880 [ 189.136469][ T7894] ? ___might_sleep+0x163/0x280 [ 189.177413][ T7894] __sys_sendmmsg+0x1bf/0x4d0 [ 189.182629][ T7894] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 189.187677][ T7894] ? _copy_to_user+0xc9/0x120 [ 189.192594][ T7894] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 189.198845][ T7894] ? put_timespec64+0xda/0x140 [ 189.203614][ T7894] ? nsecs_to_jiffies+0x30/0x30 [ 189.208480][ T7894] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 189.214115][ T7894] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 189.219580][ T7894] ? do_syscall_64+0x26/0x610 [ 189.224270][ T7894] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 189.227544][ T7860] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 189.230435][ T7894] ? do_syscall_64+0x26/0x610 [ 189.230459][ T7894] __x64_sys_sendmmsg+0x9d/0x100 [ 189.230477][ T7894] do_syscall_64+0x103/0x610 [ 189.230495][ T7894] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 189.230507][ T7894] RIP: 0033:0x4582b9 [ 189.230522][ T7894] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 18:04:55 executing program 1: open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='bridge0\x00', 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x400000000000030, 0x0) [ 189.230538][ T7894] RSP: 002b:00007fc0f4bbac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 189.296651][ T7894] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 189.304634][ T7894] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 189.312605][ T7894] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 189.320577][ T7894] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc0f4bbb6d4 [ 189.328547][ T7894] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 189.352610][ T7894] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7894 [ 189.362122][ T7894] caller is sk_mc_loop+0x1d/0x210 [ 189.364476][ T7860] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 189.367159][ T7894] CPU: 1 PID: 7894 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 189.386478][ T7894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 189.396538][ T7894] Call Trace: [ 189.399840][ T7894] dump_stack+0x172/0x1f0 [ 189.404198][ T7894] __this_cpu_preempt_check+0x246/0x270 [ 189.409750][ T7894] sk_mc_loop+0x1d/0x210 [ 189.414084][ T7894] ip_mc_output+0x2ef/0xf70 [ 189.418592][ T7894] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 189.423723][ T7894] ? ip_append_data.part.0+0x170/0x170 [ 189.429181][ T7894] ? ip_make_skb+0x1b1/0x2c0 [ 189.433774][ T7894] ? ip_reply_glue_bits+0xc0/0xc0 [ 189.438803][ T7894] ip_local_out+0xc4/0x1b0 [ 189.443307][ T7894] ip_send_skb+0x42/0xf0 [ 189.447550][ T7894] udp_send_skb.isra.0+0x6b2/0x1180 [ 189.452760][ T7894] ? xfrm_lookup_route+0x5b/0x1f0 [ 189.457797][ T7894] udp_sendmsg+0x1dfd/0x2820 [ 189.462568][ T7894] ? __lock_acquire+0x548/0x3fb0 [ 189.467522][ T7894] ? ip_reply_glue_bits+0xc0/0xc0 [ 189.472574][ T7894] ? udp4_lib_lookup_skb+0x440/0x440 [ 189.477876][ T7894] ? __might_fault+0x12b/0x1e0 [ 189.482661][ T7894] ? find_held_lock+0x35/0x130 [ 189.487447][ T7894] ? __might_sleep+0x95/0x190 [ 189.492127][ T7894] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 189.497849][ T7894] ? aa_sk_perm+0x288/0x880 [ 189.502378][ T7894] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 189.507934][ T7894] inet_sendmsg+0x147/0x5e0 [ 189.512439][ T7894] ? udp4_lib_lookup_skb+0x440/0x440 [ 189.517720][ T7894] ? inet_sendmsg+0x147/0x5e0 [ 189.522403][ T7894] ? ipip_gro_receive+0x100/0x100 [ 189.527432][ T7894] sock_sendmsg+0xdd/0x130 [ 189.531864][ T7894] ___sys_sendmsg+0x3e2/0x930 [ 189.536573][ T7894] ? copy_msghdr_from_user+0x430/0x430 [ 189.542033][ T7894] ? __lock_acquire+0x548/0x3fb0 [ 189.546969][ T7894] ? lock_downgrade+0x880/0x880 [ 189.552168][ T7894] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 189.558412][ T7894] ? kasan_check_read+0x11/0x20 [ 189.563278][ T7894] ? __might_fault+0x12b/0x1e0 [ 189.568133][ T7894] ? find_held_lock+0x35/0x130 [ 189.572905][ T7894] ? __might_fault+0x12b/0x1e0 [ 189.577685][ T7894] ? lock_downgrade+0x880/0x880 [ 189.582548][ T7894] ? ___might_sleep+0x163/0x280 [ 189.587407][ T7894] __sys_sendmmsg+0x1bf/0x4d0 [ 189.592090][ T7894] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 189.597126][ T7894] ? _copy_to_user+0xc9/0x120 [ 189.601813][ T7894] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 189.608064][ T7894] ? put_timespec64+0xda/0x140 [ 189.612831][ T7894] ? nsecs_to_jiffies+0x30/0x30 [ 189.617785][ T7894] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 189.623244][ T7894] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 189.628718][ T7894] ? do_syscall_64+0x26/0x610 [ 189.633400][ T7894] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 189.640952][ T7894] ? do_syscall_64+0x26/0x610 [ 189.645996][ T7894] __x64_sys_sendmmsg+0x9d/0x100 [ 189.650940][ T7894] do_syscall_64+0x103/0x610 [ 189.655559][ T7894] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 189.661879][ T7894] RIP: 0033:0x4582b9 [ 189.665787][ T7894] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 189.685421][ T7894] RSP: 002b:00007fc0f4bbac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 189.693843][ T7894] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 189.701832][ T7894] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 189.710255][ T7894] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 189.718232][ T7894] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc0f4bbb6d4 [ 189.726206][ T7894] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 189.748101][ T7894] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7894 [ 189.756238][ T7856] 8021q: adding VLAN 0 to HW filter on device bond0 [ 189.757575][ T7894] caller is sk_mc_loop+0x1d/0x210 [ 189.769167][ T7894] CPU: 0 PID: 7894 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 189.778965][ T7894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 189.789127][ T7856] 8021q: adding VLAN 0 to HW filter on device team0 [ 189.789665][ T7894] Call Trace: [ 189.799534][ T7894] dump_stack+0x172/0x1f0 [ 189.803882][ T7894] __this_cpu_preempt_check+0x246/0x270 [ 189.809445][ T7894] sk_mc_loop+0x1d/0x210 [ 189.813793][ T7894] ip_mc_output+0x2ef/0xf70 [ 189.817674][ T7905] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7905 [ 189.818310][ T7894] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 189.827717][ T7905] caller is sk_mc_loop+0x1d/0x210 [ 189.832780][ T7894] ? ip_append_data.part.0+0x170/0x170 [ 189.832794][ T7894] ? ip_make_skb+0x1b1/0x2c0 [ 189.832807][ T7894] ? ip_reply_glue_bits+0xc0/0xc0 [ 189.832827][ T7894] ip_local_out+0xc4/0x1b0 [ 189.857376][ T7894] ip_send_skb+0x42/0xf0 [ 189.861636][ T7894] udp_send_skb.isra.0+0x6b2/0x1180 [ 189.866922][ T7894] ? xfrm_lookup_route+0x5b/0x1f0 [ 189.871974][ T7894] udp_sendmsg+0x1dfd/0x2820 [ 189.876691][ T7894] ? __lock_acquire+0x548/0x3fb0 [ 189.881636][ T7894] ? ip_reply_glue_bits+0xc0/0xc0 [ 189.886694][ T7894] ? udp4_lib_lookup_skb+0x440/0x440 [ 189.891976][ T7894] ? __might_fault+0x12b/0x1e0 [ 189.896738][ T7894] ? find_held_lock+0x35/0x130 [ 189.901526][ T7894] ? __might_sleep+0x95/0x190 [ 189.906203][ T7894] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 189.911833][ T7894] ? aa_sk_perm+0x288/0x880 [ 189.916343][ T7894] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 189.921900][ T7894] inet_sendmsg+0x147/0x5e0 [ 189.926496][ T7894] ? udp4_lib_lookup_skb+0x440/0x440 [ 189.931776][ T7894] ? inet_sendmsg+0x147/0x5e0 [ 189.936456][ T7894] ? ipip_gro_receive+0x100/0x100 [ 189.941489][ T7894] sock_sendmsg+0xdd/0x130 [ 189.945916][ T7894] ___sys_sendmsg+0x3e2/0x930 [ 189.950604][ T7894] ? copy_msghdr_from_user+0x430/0x430 [ 189.956067][ T7894] ? __lock_acquire+0x548/0x3fb0 [ 189.961005][ T7894] ? lock_downgrade+0x880/0x880 [ 189.965872][ T7894] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 189.972126][ T7894] ? kasan_check_read+0x11/0x20 [ 189.976992][ T7894] ? __might_fault+0x12b/0x1e0 [ 189.981758][ T7894] ? find_held_lock+0x35/0x130 [ 189.986523][ T7894] ? __might_fault+0x12b/0x1e0 [ 189.991296][ T7894] ? lock_downgrade+0x880/0x880 [ 189.996157][ T7894] ? ___might_sleep+0x163/0x280 [ 190.001017][ T7894] __sys_sendmmsg+0x1bf/0x4d0 [ 190.005712][ T7894] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 190.010758][ T7894] ? _copy_to_user+0xc9/0x120 [ 190.015449][ T7894] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 190.021697][ T7894] ? put_timespec64+0xda/0x140 [ 190.026466][ T7894] ? nsecs_to_jiffies+0x30/0x30 [ 190.031331][ T7894] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 190.036807][ T7894] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 190.042272][ T7894] ? do_syscall_64+0x26/0x610 [ 190.046956][ T7894] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 190.053027][ T7894] ? do_syscall_64+0x26/0x610 [ 190.057709][ T7894] __x64_sys_sendmmsg+0x9d/0x100 [ 190.062651][ T7894] do_syscall_64+0x103/0x610 [ 190.067247][ T7894] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 190.073143][ T7894] RIP: 0033:0x4582b9 [ 190.077036][ T7894] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 190.096664][ T7894] RSP: 002b:00007fc0f4bbac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 190.106242][ T7894] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 190.114237][ T7894] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 190.122309][ T7894] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 190.130283][ T7894] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc0f4bbb6d4 [ 190.138261][ T7894] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 190.146264][ T7905] CPU: 1 PID: 7905 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 190.155301][ T7905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 190.155307][ T7905] Call Trace: [ 190.155331][ T7905] dump_stack+0x172/0x1f0 [ 190.155355][ T7905] __this_cpu_preempt_check+0x246/0x270 [ 190.155387][ T7905] sk_mc_loop+0x1d/0x210 [ 190.178604][ T7905] ip_mc_output+0x2ef/0xf70 [ 190.178635][ T7905] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 190.192517][ T7905] ? ip_append_data.part.0+0x170/0x170 [ 190.197987][ T7905] ? ip_make_skb+0x1b1/0x2c0 [ 190.202304][ T7894] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7894 [ 190.202613][ T7905] ? ip_reply_glue_bits+0xc0/0xc0 [ 190.211978][ T7894] caller is sk_mc_loop+0x1d/0x210 [ 190.216925][ T7905] ip_local_out+0xc4/0x1b0 [ 190.226350][ T7905] ip_send_skb+0x42/0xf0 [ 190.230608][ T7905] udp_send_skb.isra.0+0x6b2/0x1180 [ 190.235809][ T7905] ? xfrm_lookup_route+0x5b/0x1f0 [ 190.240839][ T7905] udp_sendmsg+0x1dfd/0x2820 [ 190.245435][ T7905] ? __lock_acquire+0x548/0x3fb0 [ 190.250393][ T7905] ? ip_reply_glue_bits+0xc0/0xc0 [ 190.255430][ T7905] ? udp4_lib_lookup_skb+0x440/0x440 [ 190.260720][ T7905] ? __might_fault+0x12b/0x1e0 [ 190.265483][ T7905] ? find_held_lock+0x35/0x130 [ 190.270357][ T7905] ? __might_sleep+0x95/0x190 [ 190.275053][ T7905] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 190.280693][ T7905] ? aa_sk_perm+0x288/0x880 [ 190.285205][ T7905] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 190.290755][ T7905] inet_sendmsg+0x147/0x5e0 [ 190.295257][ T7905] ? udp4_lib_lookup_skb+0x440/0x440 [ 190.300635][ T7905] ? inet_sendmsg+0x147/0x5e0 [ 190.305311][ T7905] ? ipip_gro_receive+0x100/0x100 [ 190.310352][ T7905] sock_sendmsg+0xdd/0x130 [ 190.314795][ T7905] ___sys_sendmsg+0x3e2/0x930 [ 190.319500][ T7905] ? copy_msghdr_from_user+0x430/0x430 [ 190.324969][ T7905] ? lock_downgrade+0x880/0x880 [ 190.329819][ T7905] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 190.336072][ T7905] ? kasan_check_read+0x11/0x20 [ 190.340936][ T7905] ? __fget+0x381/0x550 [ 190.345099][ T7905] ? ksys_dup3+0x3e0/0x3e0 [ 190.349625][ T7905] ? __fget_light+0x1a9/0x230 [ 190.354306][ T7905] ? __fdget+0x1b/0x20 [ 190.358387][ T7905] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 190.364638][ T7905] ? sockfd_lookup_light+0xcb/0x180 [ 190.369847][ T7905] __sys_sendmmsg+0x1bf/0x4d0 [ 190.374537][ T7905] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 190.379576][ T7905] ? _copy_to_user+0xc9/0x120 [ 190.384260][ T7905] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 190.390520][ T7905] ? put_timespec64+0xda/0x140 [ 190.395287][ T7905] ? nsecs_to_jiffies+0x30/0x30 [ 190.400150][ T7905] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 190.405608][ T7905] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 190.411071][ T7905] ? do_syscall_64+0x26/0x610 [ 190.415751][ T7905] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 190.421821][ T7905] ? do_syscall_64+0x26/0x610 [ 190.426504][ T7905] __x64_sys_sendmmsg+0x9d/0x100 [ 190.431457][ T7905] do_syscall_64+0x103/0x610 [ 190.436063][ T7905] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 190.441951][ T7905] RIP: 0033:0x4582b9 [ 190.445845][ T7905] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 190.465449][ T7905] RSP: 002b:00007f75feefbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 190.473865][ T7905] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 190.481848][ T7905] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000003 [ 190.489819][ T7905] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 190.497796][ T7905] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75feefc6d4 [ 190.505772][ T7905] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 190.513949][ T7894] CPU: 0 PID: 7894 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 190.522987][ T7894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 190.531932][ T7905] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7905 [ 190.533044][ T7894] Call Trace: [ 190.533070][ T7894] dump_stack+0x172/0x1f0 [ 190.533095][ T7894] __this_cpu_preempt_check+0x246/0x270 [ 190.533116][ T7894] sk_mc_loop+0x1d/0x210 [ 190.542441][ T7905] caller is sk_mc_loop+0x1d/0x210 [ 190.545694][ T7894] ip_mc_output+0x2ef/0xf70 [ 190.569259][ T7894] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 190.574390][ T7894] ? ip_append_data.part.0+0x170/0x170 [ 190.579879][ T7894] ? ip_make_skb+0x1b1/0x2c0 [ 190.584471][ T7894] ? ip_reply_glue_bits+0xc0/0xc0 [ 190.589499][ T7894] ip_local_out+0xc4/0x1b0 [ 190.593919][ T7894] ip_send_skb+0x42/0xf0 [ 190.598167][ T7894] udp_send_skb.isra.0+0x6b2/0x1180 [ 190.603367][ T7894] ? xfrm_lookup_route+0x5b/0x1f0 [ 190.608427][ T7894] udp_sendmsg+0x1dfd/0x2820 [ 190.613022][ T7894] ? __lock_acquire+0x548/0x3fb0 [ 190.618067][ T7894] ? ip_reply_glue_bits+0xc0/0xc0 [ 190.623112][ T7894] ? udp4_lib_lookup_skb+0x440/0x440 [ 190.628411][ T7894] ? __might_fault+0x12b/0x1e0 [ 190.633287][ T7894] ? find_held_lock+0x35/0x130 [ 190.638069][ T7894] ? __might_sleep+0x95/0x190 [ 190.642757][ T7894] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 190.648415][ T7894] ? aa_sk_perm+0x288/0x880 [ 190.653016][ T7894] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 190.658600][ T7894] inet_sendmsg+0x147/0x5e0 [ 190.663106][ T7894] ? udp4_lib_lookup_skb+0x440/0x440 [ 190.668481][ T7894] ? inet_sendmsg+0x147/0x5e0 [ 190.673164][ T7894] ? ipip_gro_receive+0x100/0x100 [ 190.679701][ T7894] sock_sendmsg+0xdd/0x130 [ 190.684559][ T7894] ___sys_sendmsg+0x3e2/0x930 [ 190.689339][ T7894] ? copy_msghdr_from_user+0x430/0x430 [ 190.694902][ T7894] ? __lock_acquire+0x548/0x3fb0 [ 190.699837][ T7894] ? lock_downgrade+0x880/0x880 [ 190.704686][ T7894] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 190.711029][ T7894] ? kasan_check_read+0x11/0x20 [ 190.716177][ T7894] ? __might_fault+0x12b/0x1e0 [ 190.721658][ T7894] ? find_held_lock+0x35/0x130 [ 190.726438][ T7894] ? __might_fault+0x12b/0x1e0 [ 190.731209][ T7894] ? lock_downgrade+0x880/0x880 [ 190.736175][ T7894] ? ___might_sleep+0x163/0x280 [ 190.741124][ T7894] __sys_sendmmsg+0x1bf/0x4d0 [ 190.745809][ T7894] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 190.751285][ T7894] ? _copy_to_user+0xc9/0x120 [ 190.755974][ T7894] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 190.762243][ T7894] ? put_timespec64+0xda/0x140 [ 190.767011][ T7894] ? nsecs_to_jiffies+0x30/0x30 [ 190.771884][ T7894] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 190.777347][ T7894] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 190.782813][ T7894] ? do_syscall_64+0x26/0x610 [ 190.787494][ T7894] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 190.793571][ T7894] ? do_syscall_64+0x26/0x610 [ 190.798252][ T7894] __x64_sys_sendmmsg+0x9d/0x100 [ 190.803209][ T7894] do_syscall_64+0x103/0x610 [ 190.807807][ T7894] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 190.813697][ T7894] RIP: 0033:0x4582b9 [ 190.817592][ T7894] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 190.837202][ T7894] RSP: 002b:00007fc0f4bbac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 190.845633][ T7894] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 190.853607][ T7894] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 190.861585][ T7894] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 190.869567][ T7894] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc0f4bbb6d4 [ 190.877566][ T7894] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 190.885568][ T7905] CPU: 1 PID: 7905 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 190.894599][ T7905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 190.904748][ T7905] Call Trace: [ 190.908054][ T7905] dump_stack+0x172/0x1f0 [ 190.911353][ T7852] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 190.912401][ T7905] __this_cpu_preempt_check+0x246/0x270 [ 190.912421][ T7905] sk_mc_loop+0x1d/0x210 [ 190.912442][ T7905] ip_mc_output+0x2ef/0xf70 [ 190.932526][ T7852] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 190.937023][ T7905] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 190.937044][ T7905] ? ip_append_data.part.0+0x170/0x170 [ 190.937065][ T7905] ? ip_make_skb+0x1b1/0x2c0 [ 190.962570][ T7905] ? ip_reply_glue_bits+0xc0/0xc0 [ 190.967622][ T7905] ip_local_out+0xc4/0x1b0 [ 190.969610][ T7852] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 190.972056][ T7905] ip_send_skb+0x42/0xf0 [ 190.972074][ T7905] udp_send_skb.isra.0+0x6b2/0x1180 [ 190.972089][ T7905] ? xfrm_lookup_route+0x5b/0x1f0 [ 190.972109][ T7905] udp_sendmsg+0x1dfd/0x2820 [ 190.972125][ T7905] ? __lock_acquire+0x548/0x3fb0 [ 190.972142][ T7905] ? ip_reply_glue_bits+0xc0/0xc0 [ 190.972160][ T7905] ? udp4_lib_lookup_skb+0x440/0x440 [ 190.972174][ T7905] ? __might_fault+0x12b/0x1e0 [ 190.972187][ T7905] ? find_held_lock+0x35/0x130 [ 190.972223][ T7905] ? __might_sleep+0x95/0x190 [ 190.972240][ T7905] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 190.972253][ T7905] ? aa_sk_perm+0x288/0x880 [ 190.972277][ T7905] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 190.972295][ T7905] inet_sendmsg+0x147/0x5e0 [ 190.972307][ T7905] ? udp4_lib_lookup_skb+0x440/0x440 [ 190.972319][ T7905] ? inet_sendmsg+0x147/0x5e0 [ 190.972333][ T7905] ? ipip_gro_receive+0x100/0x100 [ 190.972351][ T7905] sock_sendmsg+0xdd/0x130 [ 190.972379][ T7905] ___sys_sendmsg+0x3e2/0x930 [ 190.972398][ T7905] ? copy_msghdr_from_user+0x430/0x430 [ 190.972414][ T7905] ? __lock_acquire+0x548/0x3fb0 [ 190.972427][ T7905] ? lock_downgrade+0x880/0x880 [ 190.972442][ T7905] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 190.972462][ T7905] ? kasan_check_read+0x11/0x20 [ 190.972482][ T7905] ? __might_fault+0x12b/0x1e0 [ 190.972496][ T7905] ? find_held_lock+0x35/0x130 [ 190.972511][ T7905] ? __might_fault+0x12b/0x1e0 [ 190.972530][ T7905] ? lock_downgrade+0x880/0x880 [ 190.972553][ T7905] ? ___might_sleep+0x163/0x280 [ 190.972569][ T7905] __sys_sendmmsg+0x1bf/0x4d0 [ 190.972589][ T7905] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 190.972616][ T7905] ? _copy_to_user+0xc9/0x120 [ 190.972633][ T7905] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 190.972647][ T7905] ? put_timespec64+0xda/0x140 [ 190.972661][ T7905] ? nsecs_to_jiffies+0x30/0x30 [ 190.972687][ T7905] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 190.972702][ T7905] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 190.972718][ T7905] ? do_syscall_64+0x26/0x610 [ 190.972733][ T7905] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 190.972747][ T7905] ? do_syscall_64+0x26/0x610 [ 190.972767][ T7905] __x64_sys_sendmmsg+0x9d/0x100 [ 190.989007][ T7905] do_syscall_64+0x103/0x610 [ 191.016079][ T7894] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7894 [ 191.018653][ T7905] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 191.018666][ T7905] RIP: 0033:0x4582b9 [ 191.018691][ T7905] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 191.023680][ T7894] caller is sk_mc_loop+0x1d/0x210 [ 191.028123][ T7905] RSP: 002b:00007f75feefbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 191.241495][ T7905] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 191.249479][ T7905] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000003 [ 191.257467][ T7905] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 191.265444][ T7905] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75feefc6d4 [ 191.273425][ T7905] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 191.281438][ T7894] CPU: 0 PID: 7894 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 191.290780][ T7894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 191.300844][ T7894] Call Trace: [ 191.304154][ T7894] dump_stack+0x172/0x1f0 [ 191.308540][ T7894] __this_cpu_preempt_check+0x246/0x270 [ 191.308559][ T7894] sk_mc_loop+0x1d/0x210 [ 191.308583][ T7894] ip_mc_output+0x2ef/0xf70 [ 191.308600][ T7894] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 191.308615][ T7894] ? ip_append_data.part.0+0x170/0x170 [ 191.308627][ T7894] ? ip_make_skb+0x1b1/0x2c0 [ 191.323036][ T7894] ? ip_reply_glue_bits+0xc0/0xc0 [ 191.333587][ T7894] ip_local_out+0xc4/0x1b0 [ 191.333605][ T7894] ip_send_skb+0x42/0xf0 [ 191.333620][ T7894] udp_send_skb.isra.0+0x6b2/0x1180 [ 191.333635][ T7894] ? xfrm_lookup_route+0x5b/0x1f0 [ 191.333657][ T7894] udp_sendmsg+0x1dfd/0x2820 [ 191.342903][ T7909] hfs: can't find a HFS filesystem on dev loop2 [ 191.343254][ T7894] ? __lock_acquire+0x548/0x3fb0 [ 191.343276][ T7894] ? ip_reply_glue_bits+0xc0/0xc0 [ 191.343297][ T7894] ? udp4_lib_lookup_skb+0x440/0x440 [ 191.343322][ T7894] ? __might_fault+0x12b/0x1e0 [ 191.343337][ T7894] ? find_held_lock+0x35/0x130 [ 191.397788][ T7894] ? __might_sleep+0x95/0x190 [ 191.402478][ T7894] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 191.408120][ T7894] ? aa_sk_perm+0x288/0x880 [ 191.412631][ T7894] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 191.418180][ T7894] inet_sendmsg+0x147/0x5e0 [ 191.422691][ T7894] ? udp4_lib_lookup_skb+0x440/0x440 [ 191.427977][ T7894] ? inet_sendmsg+0x147/0x5e0 [ 191.432658][ T7894] ? ipip_gro_receive+0x100/0x100 [ 191.437687][ T7894] sock_sendmsg+0xdd/0x130 [ 191.442110][ T7894] ___sys_sendmsg+0x3e2/0x930 [ 191.446792][ T7894] ? copy_msghdr_from_user+0x430/0x430 [ 191.452258][ T7894] ? __lock_acquire+0x548/0x3fb0 [ 191.457189][ T7894] ? lock_downgrade+0x880/0x880 [ 191.462039][ T7894] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 191.468295][ T7894] ? kasan_check_read+0x11/0x20 [ 191.473148][ T7894] ? __might_fault+0x12b/0x1e0 [ 191.477908][ T7894] ? find_held_lock+0x35/0x130 [ 191.482673][ T7894] ? __might_fault+0x12b/0x1e0 [ 191.487453][ T7894] ? lock_downgrade+0x880/0x880 [ 191.492312][ T7894] ? ___might_sleep+0x163/0x280 [ 191.497181][ T7894] __sys_sendmmsg+0x1bf/0x4d0 [ 191.501863][ T7894] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 191.506898][ T7894] ? _copy_to_user+0xc9/0x120 [ 191.511579][ T7894] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 191.517821][ T7894] ? put_timespec64+0xda/0x140 [ 191.522587][ T7894] ? nsecs_to_jiffies+0x30/0x30 [ 191.527452][ T7894] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 191.532927][ T7894] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 191.538402][ T7894] ? do_syscall_64+0x26/0x610 [ 191.543088][ T7894] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 191.549155][ T7894] ? do_syscall_64+0x26/0x610 [ 191.553840][ T7894] __x64_sys_sendmmsg+0x9d/0x100 [ 191.558781][ T7894] do_syscall_64+0x103/0x610 [ 191.563390][ T7894] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 191.569298][ T7894] RIP: 0033:0x4582b9 [ 191.573190][ T7894] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 191.592799][ T7894] RSP: 002b:00007fc0f4bbac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 191.601226][ T7894] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 191.609197][ T7894] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 191.617177][ T7894] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 191.625733][ T7894] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc0f4bbb6d4 [ 191.633704][ T7894] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 191.654453][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 191.675232][ T7894] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/7894 [ 191.677361][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 191.684847][ T7894] caller is sk_mc_loop+0x1d/0x210 [ 191.697437][ T7894] CPU: 1 PID: 7894 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 191.706465][ T7894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 191.715190][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 191.716542][ T7894] Call Trace: [ 191.727911][ T7894] dump_stack+0x172/0x1f0 [ 191.732266][ T7894] __this_cpu_preempt_check+0x246/0x270 [ 191.735223][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 191.737826][ T7894] sk_mc_loop+0x1d/0x210 [ 191.748541][ T7859] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.750033][ T7894] ip_mc_output+0x2ef/0xf70 [ 191.750055][ T7894] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 191.750075][ T7894] ? ip_append_data.part.0+0x170/0x170 [ 191.750095][ T7894] ? ip_make_skb+0x1b1/0x2c0 [ 191.757148][ T7859] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.761619][ T7894] ? ip_reply_glue_bits+0xc0/0xc0 [ 191.761637][ T7894] ip_local_out+0xc4/0x1b0 [ 191.761654][ T7894] ip_send_skb+0x42/0xf0 [ 191.761670][ T7894] udp_send_skb.isra.0+0x6b2/0x1180 [ 191.761693][ T7894] ? xfrm_lookup_route+0x5b/0x1f0 [ 191.773007][ T7905] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7905 [ 191.776822][ T7894] udp_sendmsg+0x1dfd/0x2820 [ 191.776840][ T7894] ? __lock_acquire+0x548/0x3fb0 [ 191.776860][ T7894] ? ip_reply_glue_bits+0xc0/0xc0 [ 191.784149][ T7905] caller is sk_mc_loop+0x1d/0x210 [ 191.790058][ T7894] ? udp4_lib_lookup_skb+0x440/0x440 [ 191.790072][ T7894] ? __might_fault+0x12b/0x1e0 [ 191.790087][ T7894] ? find_held_lock+0x35/0x130 [ 191.790122][ T7894] ? __might_sleep+0x95/0x190 [ 191.790146][ T7894] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 191.862938][ T7894] ? aa_sk_perm+0x288/0x880 [ 191.867488][ T7894] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 191.873067][ T7894] inet_sendmsg+0x147/0x5e0 [ 191.877684][ T7894] ? udp4_lib_lookup_skb+0x440/0x440 [ 191.882985][ T7894] ? inet_sendmsg+0x147/0x5e0 [ 191.887669][ T7894] ? ipip_gro_receive+0x100/0x100 [ 191.892737][ T7894] sock_sendmsg+0xdd/0x130 [ 191.897180][ T7894] ___sys_sendmsg+0x3e2/0x930 [ 191.901873][ T7894] ? copy_msghdr_from_user+0x430/0x430 [ 191.907447][ T7894] ? __lock_acquire+0x548/0x3fb0 [ 191.912399][ T7894] ? lock_downgrade+0x880/0x880 [ 191.917254][ T7894] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 191.923503][ T7894] ? kasan_check_read+0x11/0x20 [ 191.928366][ T7894] ? __might_fault+0x12b/0x1e0 [ 191.933146][ T7894] ? find_held_lock+0x35/0x130 [ 191.937921][ T7894] ? __might_fault+0x12b/0x1e0 [ 191.942701][ T7894] ? lock_downgrade+0x880/0x880 [ 191.947581][ T7894] ? ___might_sleep+0x163/0x280 [ 191.952445][ T7894] __sys_sendmmsg+0x1bf/0x4d0 [ 191.957127][ T7894] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 191.962166][ T7894] ? _copy_to_user+0xc9/0x120 [ 191.966852][ T7894] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 191.973097][ T7894] ? put_timespec64+0xda/0x140 [ 191.978137][ T7894] ? nsecs_to_jiffies+0x30/0x30 [ 191.983003][ T7894] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 191.988530][ T7894] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 191.993990][ T7894] ? do_syscall_64+0x26/0x610 [ 191.998668][ T7894] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.004734][ T7894] ? do_syscall_64+0x26/0x610 [ 192.009416][ T7894] __x64_sys_sendmmsg+0x9d/0x100 [ 192.014362][ T7894] do_syscall_64+0x103/0x610 [ 192.018968][ T7894] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.024862][ T7894] RIP: 0033:0x4582b9 [ 192.028761][ T7894] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 192.048376][ T7894] RSP: 002b:00007fc0f4bbac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 192.056797][ T7894] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 192.064782][ T7894] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 192.072765][ T7894] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 192.080747][ T7894] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc0f4bbb6d4 [ 192.088726][ T7894] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 192.096727][ T7905] CPU: 0 PID: 7905 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 192.105988][ T7905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 192.116046][ T7905] Call Trace: [ 192.119345][ T7905] dump_stack+0x172/0x1f0 [ 192.123690][ T7905] __this_cpu_preempt_check+0x246/0x270 [ 192.129240][ T7905] sk_mc_loop+0x1d/0x210 [ 192.133576][ T7905] ip_mc_output+0x2ef/0xf70 [ 192.139791][ T7905] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 192.144909][ T7905] ? ip_append_data.part.0+0x170/0x170 [ 192.150367][ T7905] ? ip_make_skb+0x1b1/0x2c0 [ 192.154969][ T7905] ? ip_reply_glue_bits+0xc0/0xc0 [ 192.159994][ T7905] ip_local_out+0xc4/0x1b0 [ 192.164421][ T7905] ip_send_skb+0x42/0xf0 [ 192.168666][ T7905] udp_send_skb.isra.0+0x6b2/0x1180 [ 192.173865][ T7905] ? xfrm_lookup_route+0x5b/0x1f0 [ 192.178898][ T7905] udp_sendmsg+0x1dfd/0x2820 [ 192.183496][ T7905] ? __lock_acquire+0x548/0x3fb0 [ 192.188444][ T7905] ? ip_reply_glue_bits+0xc0/0xc0 [ 192.193475][ T7905] ? udp4_lib_lookup_skb+0x440/0x440 [ 192.198754][ T7905] ? __might_fault+0x12b/0x1e0 [ 192.203519][ T7905] ? find_held_lock+0x35/0x130 [ 192.208298][ T7905] ? __might_sleep+0x95/0x190 [ 192.212979][ T7905] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 192.218613][ T7905] ? aa_sk_perm+0x288/0x880 [ 192.223123][ T7905] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 192.228708][ T7905] inet_sendmsg+0x147/0x5e0 [ 192.233219][ T7905] ? udp4_lib_lookup_skb+0x440/0x440 [ 192.238503][ T7905] ? inet_sendmsg+0x147/0x5e0 [ 192.243177][ T7905] ? ipip_gro_receive+0x100/0x100 [ 192.248205][ T7905] sock_sendmsg+0xdd/0x130 [ 192.252635][ T7905] ___sys_sendmsg+0x3e2/0x930 [ 192.257318][ T7905] ? copy_msghdr_from_user+0x430/0x430 [ 192.262795][ T7905] ? __lock_acquire+0x548/0x3fb0 [ 192.267730][ T7905] ? lock_downgrade+0x880/0x880 [ 192.272666][ T7905] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.278926][ T7905] ? kasan_check_read+0x11/0x20 [ 192.283869][ T7905] ? __might_fault+0x12b/0x1e0 [ 192.288629][ T7905] ? find_held_lock+0x35/0x130 [ 192.293409][ T7905] ? __might_fault+0x12b/0x1e0 [ 192.298184][ T7905] ? lock_downgrade+0x880/0x880 [ 192.303046][ T7905] ? ___might_sleep+0x163/0x280 [ 192.307900][ T7905] __sys_sendmmsg+0x1bf/0x4d0 [ 192.312600][ T7905] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 192.317649][ T7905] ? _copy_to_user+0xc9/0x120 [ 192.322328][ T7905] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 192.328563][ T7905] ? put_timespec64+0xda/0x140 [ 192.333325][ T7905] ? nsecs_to_jiffies+0x30/0x30 [ 192.338205][ T7905] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 192.343679][ T7905] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 192.349153][ T7905] ? do_syscall_64+0x26/0x610 [ 192.353830][ T7905] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.359898][ T7905] ? do_syscall_64+0x26/0x610 [ 192.364582][ T7905] __x64_sys_sendmmsg+0x9d/0x100 [ 192.369529][ T7905] do_syscall_64+0x103/0x610 [ 192.374121][ T7905] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.380030][ T7905] RIP: 0033:0x4582b9 [ 192.383924][ T7905] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 192.403531][ T7905] RSP: 002b:00007f75feefbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 192.411951][ T7905] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 192.419930][ T7905] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000003 [ 192.427907][ T7905] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 192.435914][ T7905] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75feefc6d4 [ 192.443890][ T7905] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 192.455009][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 192.463904][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 192.472611][ T7859] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.479712][ T7859] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.487930][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 192.496833][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 192.505744][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 192.514576][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 18:04:58 executing program 0: fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='bridge0\x00', 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x400000000000030, 0x0) [ 192.523285][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 192.532492][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 192.541200][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 192.549602][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 192.558734][ T7921] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 192.578604][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 192.587118][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 192.595363][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 192.603182][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 192.611006][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 192.619452][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 192.627820][ T7859] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.634888][ T7859] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.643176][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 192.652311][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 192.660761][ T7859] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.667806][ T7859] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.675505][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 192.685060][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 192.693845][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 192.702226][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 192.710969][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 192.719383][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 192.728022][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 192.736756][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 192.745284][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 192.753863][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 192.762617][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 192.771281][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 192.779637][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 192.789343][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 192.797678][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 192.805971][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 192.815655][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 192.823819][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 192.831835][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 192.839542][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 192.848025][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 192.856758][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 192.864722][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 18:04:59 executing program 2: mkdir(&(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='configfs\x00', 0x0, 0x0) syz_mount_image$vfat(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x2804025, 0x0) 18:04:59 executing program 3: ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000180)={'nr0\x01\x00\x00\xc3\x00', 0x40004005}) ioctl$TUNSETPERSIST(0xffffffffffffffff, 0x400454cb, 0x1) bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x3, 0x0, 0x0, 0x40, 0x0, 0xffffffffffffff9c}, 0x2c) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) ioctl$TUNGETFEATURES(0xffffffffffffffff, 0x800454cf, 0x0) r0 = socket$kcm(0x2, 0x3, 0x2) bpf$BPF_PROG_GET_NEXT_ID(0xb, 0x0, 0x0) gettid() bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x89e1, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000300)={&(0x7f0000000240)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='/group.stat\x00', 0x2761, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) close(r1) [ 192.933152][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 192.953898][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 193.014332][ T7856] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 193.052199][ T7860] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 193.117979][ T7856] 8021q: adding VLAN 0 to HW filter on device batadv0 18:04:59 executing program 4: r0 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c) sendmsg(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)=',|', 0x2}], 0x1}, 0x0) 18:04:59 executing program 1: r0 = open$dir(0x0, 0x2, 0x0) fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000100)='trusted.overlay.redirect\x00', &(0x7f0000000140)='./file0\x00', 0x8, 0x1) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000000c0)='bridge0\x00', 0x10) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x400000000000030, 0x0) 18:04:59 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0xc0a85352, &(0x7f0000000180)={{}, 'port0\x00'}) 18:04:59 executing program 3: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 18:04:59 executing program 2: ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000180)={'nr0\x01\x00\x00\xc3\x00', 0x40004005}) ioctl$TUNSETPERSIST(0xffffffffffffffff, 0x400454cb, 0x1) bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x3, 0x0, 0x0, 0x40, 0x0, 0xffffffffffffff9c}, 0x2c) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) ioctl$TUNGETFEATURES(0xffffffffffffffff, 0x800454cf, 0x0) socket$kcm(0x2, 0x3, 0x2) bpf$BPF_PROG_GET_NEXT_ID(0xb, 0x0, 0x0) gettid() bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000300)={&(0x7f0000000240)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='/group.stat\x00', 0x2761, 0x0) r0 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) close(r0) 18:04:59 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) open(&(0x7f00000004c0)='./file0\x00', 0x14104a, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = inotify_init() inotify_add_watch(r1, &(0x7f0000000180)='.\x00', 0x40224100000b) creat(&(0x7f0000000200)='./file0\x00', 0x0) [ 193.481653][ T7971] check_preemption_disabled: 135 callbacks suppressed [ 193.481668][ T7971] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7971 [ 193.497592][ T7973] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/7973 [ 193.498112][ T7971] caller is sk_mc_loop+0x1d/0x210 [ 193.507548][ T7973] caller is ip6_finish_output+0x335/0xdc0 [ 193.512498][ T7971] CPU: 1 PID: 7971 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 193.512508][ T7971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 193.512513][ T7971] Call Trace: [ 193.512538][ T7971] dump_stack+0x172/0x1f0 [ 193.512561][ T7971] __this_cpu_preempt_check+0x246/0x270 [ 193.512578][ T7971] sk_mc_loop+0x1d/0x210 [ 193.512594][ T7971] ip_mc_output+0x2ef/0xf70 [ 193.512612][ T7971] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 193.512629][ T7971] ? ip_append_data.part.0+0x170/0x170 [ 193.512642][ T7971] ? ip_make_skb+0x1b1/0x2c0 [ 193.512654][ T7971] ? ip_reply_glue_bits+0xc0/0xc0 [ 193.512671][ T7971] ip_local_out+0xc4/0x1b0 [ 193.512688][ T7971] ip_send_skb+0x42/0xf0 [ 193.512704][ T7971] udp_send_skb.isra.0+0x6b2/0x1180 [ 193.512726][ T7971] ? xfrm_lookup_route+0x5b/0x1f0 [ 193.598438][ T7971] udp_sendmsg+0x1dfd/0x2820 [ 193.603034][ T7971] ? __lock_acquire+0x548/0x3fb0 [ 193.607979][ T7971] ? ip_reply_glue_bits+0xc0/0xc0 [ 193.613016][ T7971] ? udp4_lib_lookup_skb+0x440/0x440 [ 193.618314][ T7971] ? __might_fault+0x12b/0x1e0 [ 193.623083][ T7971] ? find_held_lock+0x35/0x130 [ 193.627870][ T7971] ? __might_sleep+0x95/0x190 [ 193.632554][ T7971] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 193.638197][ T7971] ? aa_sk_perm+0x288/0x880 [ 193.642714][ T7971] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 193.648264][ T7971] inet_sendmsg+0x147/0x5e0 [ 193.652771][ T7971] ? udp4_lib_lookup_skb+0x440/0x440 [ 193.658055][ T7971] ? inet_sendmsg+0x147/0x5e0 [ 193.662740][ T7971] ? ipip_gro_receive+0x100/0x100 [ 193.667770][ T7971] sock_sendmsg+0xdd/0x130 [ 193.672197][ T7971] ___sys_sendmsg+0x3e2/0x930 [ 193.676885][ T7971] ? copy_msghdr_from_user+0x430/0x430 [ 193.682357][ T7971] ? lock_downgrade+0x880/0x880 [ 193.687219][ T7971] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 193.693468][ T7971] ? kasan_check_read+0x11/0x20 [ 193.698328][ T7971] ? __fget+0x381/0x550 [ 193.702496][ T7971] ? ksys_dup3+0x3e0/0x3e0 [ 193.706930][ T7971] ? __fget_light+0x1a9/0x230 [ 193.711611][ T7971] ? __fdget+0x1b/0x20 [ 193.715691][ T7971] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 193.725955][ T7971] ? sockfd_lookup_light+0xcb/0x180 [ 193.731165][ T7971] __sys_sendmmsg+0x1bf/0x4d0 [ 193.735959][ T7971] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 193.741182][ T7971] ? _copy_to_user+0xc9/0x120 [ 193.745892][ T7971] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 193.752159][ T7971] ? put_timespec64+0xda/0x140 [ 193.757114][ T7971] ? nsecs_to_jiffies+0x30/0x30 [ 193.769584][ T7971] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 193.775258][ T7971] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 193.781260][ T7971] ? do_syscall_64+0x26/0x610 [ 193.786903][ T7971] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 193.792990][ T7971] ? do_syscall_64+0x26/0x610 [ 193.797685][ T7971] __x64_sys_sendmmsg+0x9d/0x100 [ 193.802639][ T7971] do_syscall_64+0x103/0x610 [ 193.807268][ T7971] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 193.813256][ T7971] RIP: 0033:0x4582b9 [ 193.817165][ T7971] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 193.839331][ T7971] RSP: 002b:00007f75fef1cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 193.847952][ T7971] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 193.855943][ T7971] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 193.863954][ T7971] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 193.872014][ T7971] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75fef1d6d4 [ 193.880015][ T7971] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 193.888019][ T7973] CPU: 0 PID: 7973 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 193.897060][ T7973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 193.907144][ T7973] Call Trace: [ 193.910450][ T7973] dump_stack+0x172/0x1f0 [ 193.914797][ T7973] __this_cpu_preempt_check+0x246/0x270 [ 193.920358][ T7973] ip6_finish_output+0x335/0xdc0 [ 193.925331][ T7973] ip6_output+0x235/0x7f0 [ 193.929684][ T7973] ? ip6_finish_output+0xdc0/0xdc0 [ 193.934807][ T7973] ? ip6_fragment+0x3980/0x3980 [ 193.939673][ T7973] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 193.945239][ T7973] ip6_local_out+0xc4/0x1b0 [ 193.949762][ T7973] ip6_send_skb+0xbb/0x350 [ 193.954200][ T7973] ip6_push_pending_frames+0xc8/0xf0 [ 193.959497][ T7973] rawv6_sendmsg+0x299c/0x35e0 [ 193.959524][ T7973] ? rawv6_getsockopt+0x150/0x150 [ 193.959541][ T7973] ? aa_profile_af_perm+0x320/0x320 [ 193.959564][ T7973] ? _copy_from_user+0xdd/0x150 [ 193.979384][ T7973] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 193.985169][ T7973] ? rw_copy_check_uvector+0x2a6/0x330 [ 193.990659][ T7973] ? ___might_sleep+0x163/0x280 [ 193.995624][ T7973] ? __might_sleep+0x95/0x190 [ 193.995657][ T7973] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 193.995677][ T7973] inet_sendmsg+0x147/0x5e0 [ 193.995699][ T7973] ? rawv6_getsockopt+0x150/0x150 [ 194.015948][ T7973] ? inet_sendmsg+0x147/0x5e0 [ 194.020637][ T7973] ? ipip_gro_receive+0x100/0x100 [ 194.025763][ T7973] sock_sendmsg+0xdd/0x130 [ 194.030188][ T7973] ___sys_sendmsg+0x806/0x930 [ 194.034889][ T7973] ? copy_msghdr_from_user+0x430/0x430 [ 194.040383][ T7973] ? kasan_check_read+0x11/0x20 [ 194.045311][ T7973] ? __fget+0x381/0x550 [ 194.049493][ T7973] ? ksys_dup3+0x3e0/0x3e0 [ 194.054180][ T7973] ? lock_downgrade+0x880/0x880 [ 194.059050][ T7973] ? __fget_light+0x1a9/0x230 [ 194.066080][ T7973] ? __fdget+0x1b/0x20 [ 194.073137][ T7973] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 194.073158][ T7973] __sys_sendmsg+0x105/0x1d0 [ 194.073174][ T7973] ? __ia32_sys_shutdown+0x80/0x80 [ 194.073200][ T7973] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 194.073215][ T7973] ? do_syscall_64+0x26/0x610 [ 194.073238][ T7973] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.084073][ T7973] ? do_syscall_64+0x26/0x610 [ 194.084095][ T7973] __x64_sys_sendmsg+0x78/0xb0 [ 194.084121][ T7973] do_syscall_64+0x103/0x610 [ 194.120206][ T7973] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.126115][ T7973] RIP: 0033:0x4582b9 [ 194.126532][ T7985] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 194.130019][ T7973] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 194.130028][ T7973] RSP: 002b:00007f5b953ffc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e 18:05:00 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x6, 0x0, 0x0) 18:05:00 executing program 0: r0 = gettid() kcmp(r0, r0, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) 18:05:00 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(0xffffffffffffffff, 0x4068aea3, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xffffffea) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 18:05:00 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) getsockopt$ARPT_SO_GET_ENTRIES(r0, 0x0, 0x61, &(0x7f0000000000)={'filter\x00', 0x4, "0fcbc840"}, 0x0) 18:05:00 executing program 5: syz_mount_image$reiserfs(&(0x7f0000000000)='reiserfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 194.130043][ T7973] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 194.130052][ T7973] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000004 [ 194.130061][ T7973] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 194.130070][ T7973] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5b954006d4 [ 194.130078][ T7973] R13: 00000000004c5279 R14: 00000000004d93f8 R15: 00000000ffffffff [ 194.169488][ T7971] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7971 18:05:00 executing program 3: r0 = syz_open_dev$loop(&(0x7f0000000140)='/dev/loop#\x00', 0x0, 0x100082) r1 = memfd_create(&(0x7f0000000c80)='[trusted$\x00', 0x0) pwritev(r1, &(0x7f00000000c0)=[{&(0x7f00000005c0)='\'', 0x1}], 0x1, 0x81806) mlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$EVIOCGKEYCODE_V2(0xffffffffffffffff, 0x80284504, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r1, 0x0, 0x20000102000007) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b92481f2b6049517f74de08916cf213343b15d035fc2fe51426f3c9125e1da89cad2929cd06aca1bd4b0a988279268e61234ff8a41cd19abd481eb55130d64ca", "a3510a8deb27705deb2fac58f4f379ddd8e50e8d868ee0425ecfc1c6f4a716df3e4be867d973bcc3e056a1a04eafdeacbd0e434a62db69a6bd53316c42f16b21", "f0642b0793a51cd04ad5c00d6cf24b506d17a8df96c5968a4226e09f847e4b08"}) fcntl$getown(r0, 0x9) [ 194.233485][ T7971] caller is sk_mc_loop+0x1d/0x210 [ 194.238623][ T7971] CPU: 0 PID: 7971 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 194.247641][ T7971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 194.257703][ T7971] Call Trace: [ 194.257729][ T7971] dump_stack+0x172/0x1f0 [ 194.257753][ T7971] __this_cpu_preempt_check+0x246/0x270 [ 194.257771][ T7971] sk_mc_loop+0x1d/0x210 [ 194.257788][ T7971] ip_mc_output+0x2ef/0xf70 [ 194.257811][ T7971] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 194.265441][ T7971] ? ip_append_data.part.0+0x170/0x170 [ 194.279700][ T7971] ? ip_make_skb+0x1b1/0x2c0 [ 194.279717][ T7971] ? ip_reply_glue_bits+0xc0/0xc0 [ 194.279737][ T7971] ip_local_out+0xc4/0x1b0 [ 194.279754][ T7971] ip_send_skb+0x42/0xf0 [ 194.279776][ T7971] udp_send_skb.isra.0+0x6b2/0x1180 [ 194.299555][ T7989] REISERFS warning (device loop5): sh-2021 reiserfs_fill_super: can not find reiserfs on loop5 [ 194.300353][ T7971] ? xfrm_lookup_route+0x5b/0x1f0 [ 194.300387][ T7971] udp_sendmsg+0x1dfd/0x2820 [ 194.300423][ T7971] ? ip_reply_glue_bits+0xc0/0xc0 [ 194.309202][ T7971] ? udp4_lib_lookup_skb+0x440/0x440 [ 194.309246][ T7971] ? __might_sleep+0x95/0x190 [ 194.309267][ T7971] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 194.324800][ T7971] ? aa_sk_perm+0x288/0x880 [ 194.324826][ T7971] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 194.324845][ T7971] inet_sendmsg+0x147/0x5e0 [ 194.324870][ T7971] ? udp4_lib_lookup_skb+0x440/0x440 [ 194.334488][ T7971] ? inet_sendmsg+0x147/0x5e0 [ 194.334503][ T7971] ? ipip_gro_receive+0x100/0x100 [ 194.334528][ T7971] sock_sendmsg+0xdd/0x130 [ 194.334548][ T7971] ___sys_sendmsg+0x3e2/0x930 [ 194.334568][ T7971] ? copy_msghdr_from_user+0x430/0x430 [ 194.334589][ T7971] ? __lock_acquire+0x548/0x3fb0 [ 194.404273][ T7971] ? lock_downgrade+0x880/0x880 [ 194.409128][ T7971] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.415383][ T7971] ? kasan_check_read+0x11/0x20 [ 194.420257][ T7971] ? __might_fault+0x12b/0x1e0 [ 194.425025][ T7971] ? find_held_lock+0x35/0x130 [ 194.429795][ T7971] ? __might_fault+0x12b/0x1e0 [ 194.434571][ T7971] ? lock_downgrade+0x880/0x880 [ 194.439445][ T7971] ? ___might_sleep+0x163/0x280 [ 194.444307][ T7971] __sys_sendmmsg+0x1bf/0x4d0 [ 194.448988][ T7971] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 194.454024][ T7971] ? _copy_to_user+0xc9/0x120 [ 194.458705][ T7971] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 194.465035][ T7971] ? put_timespec64+0xda/0x140 [ 194.469798][ T7971] ? nsecs_to_jiffies+0x30/0x30 [ 194.474661][ T7971] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 194.480127][ T7971] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 194.485589][ T7971] ? do_syscall_64+0x26/0x610 [ 194.490265][ T7971] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.496331][ T7971] ? do_syscall_64+0x26/0x610 [ 194.501016][ T7971] __x64_sys_sendmmsg+0x9d/0x100 [ 194.505979][ T7971] do_syscall_64+0x103/0x610 [ 194.510576][ T7971] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.516471][ T7971] RIP: 0033:0x4582b9 [ 194.520364][ T7971] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 194.539986][ T7971] RSP: 002b:00007f75fef1cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 194.548417][ T7971] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 194.556405][ T7971] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 194.564387][ T7971] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 194.572367][ T7971] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75fef1d6d4 [ 194.580349][ T7971] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 194.616128][ T7971] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7971 [ 194.625579][ T7971] caller is sk_mc_loop+0x1d/0x210 [ 194.630798][ T7971] CPU: 1 PID: 7971 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 194.639825][ T7971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 194.639831][ T7971] Call Trace: [ 194.639854][ T7971] dump_stack+0x172/0x1f0 [ 194.639887][ T7971] __this_cpu_preempt_check+0x246/0x270 [ 194.657750][ T7971] sk_mc_loop+0x1d/0x210 [ 194.667524][ T7971] ip_mc_output+0x2ef/0xf70 [ 194.672052][ T7971] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 194.678156][ T7971] ? ip_append_data.part.0+0x170/0x170 [ 194.683642][ T7971] ? ip_make_skb+0x1b1/0x2c0 [ 194.688241][ T7971] ? ip_reply_glue_bits+0xc0/0xc0 [ 194.693287][ T7971] ip_local_out+0xc4/0x1b0 [ 194.697722][ T7971] ip_send_skb+0x42/0xf0 [ 194.701990][ T7971] udp_send_skb.isra.0+0x6b2/0x1180 [ 194.707202][ T7971] ? xfrm_lookup_route+0x5b/0x1f0 [ 194.712249][ T7971] udp_sendmsg+0x1dfd/0x2820 [ 194.716844][ T7971] ? __lock_acquire+0x548/0x3fb0 [ 194.721802][ T7971] ? ip_reply_glue_bits+0xc0/0xc0 [ 194.726853][ T7971] ? udp4_lib_lookup_skb+0x440/0x440 [ 194.732146][ T7971] ? __might_fault+0x12b/0x1e0 [ 194.736924][ T7971] ? find_held_lock+0x35/0x130 [ 194.741877][ T7971] ? __might_sleep+0x95/0x190 [ 194.746547][ T7971] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 194.752177][ T7971] ? aa_sk_perm+0x288/0x880 [ 194.756814][ T7971] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 194.762391][ T7971] inet_sendmsg+0x147/0x5e0 [ 194.766893][ T7971] ? udp4_lib_lookup_skb+0x440/0x440 [ 194.772195][ T7971] ? inet_sendmsg+0x147/0x5e0 [ 194.776891][ T7971] ? ipip_gro_receive+0x100/0x100 [ 194.781945][ T7971] sock_sendmsg+0xdd/0x130 [ 194.786904][ T7971] ___sys_sendmsg+0x3e2/0x930 [ 194.791599][ T7971] ? copy_msghdr_from_user+0x430/0x430 [ 194.797074][ T7971] ? __lock_acquire+0x548/0x3fb0 [ 194.802020][ T7971] ? lock_downgrade+0x880/0x880 [ 194.806891][ T7971] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.813157][ T7971] ? kasan_check_read+0x11/0x20 [ 194.818020][ T7971] ? __might_fault+0x12b/0x1e0 [ 194.822798][ T7971] ? find_held_lock+0x35/0x130 [ 194.827600][ T7971] ? __might_fault+0x12b/0x1e0 [ 194.832398][ T7971] ? lock_downgrade+0x880/0x880 [ 194.837268][ T7971] ? ___might_sleep+0x163/0x280 [ 194.842127][ T7971] __sys_sendmmsg+0x1bf/0x4d0 [ 194.846811][ T7971] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 194.851850][ T7971] ? _copy_to_user+0xc9/0x120 [ 194.856533][ T7971] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 194.862782][ T7971] ? put_timespec64+0xda/0x140 [ 194.867569][ T7971] ? nsecs_to_jiffies+0x30/0x30 [ 194.872438][ T7971] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 194.877913][ T7971] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 194.883473][ T7971] ? do_syscall_64+0x26/0x610 [ 194.888265][ T7971] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.894351][ T7971] ? do_syscall_64+0x26/0x610 [ 194.899052][ T7971] __x64_sys_sendmmsg+0x9d/0x100 [ 194.904007][ T7971] do_syscall_64+0x103/0x610 [ 194.908614][ T7971] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.914520][ T7971] RIP: 0033:0x4582b9 [ 194.918423][ T7971] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 194.938035][ T7971] RSP: 002b:00007f75fef1cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 194.946458][ T7971] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 194.954441][ T7971] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000004 18:05:01 executing program 4: r0 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c) sendmsg(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)=',|', 0x2}], 0x1}, 0x0) [ 194.962507][ T7971] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 194.970483][ T7971] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75fef1d6d4 [ 194.978470][ T7971] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 195.008605][ T7971] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7971 [ 195.018229][ T7971] caller is sk_mc_loop+0x1d/0x210 [ 195.023334][ T7971] CPU: 1 PID: 7971 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 195.032401][ T7971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 195.042477][ T7971] Call Trace: [ 195.045792][ T7971] dump_stack+0x172/0x1f0 [ 195.050143][ T7971] __this_cpu_preempt_check+0x246/0x270 [ 195.055989][ T7971] sk_mc_loop+0x1d/0x210 [ 195.060579][ T7971] ip_mc_output+0x2ef/0xf70 [ 195.065306][ T7971] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 195.070446][ T7971] ? ip_append_data.part.0+0x170/0x170 [ 195.075958][ T7971] ? ip_make_skb+0x1b1/0x2c0 [ 195.080567][ T7971] ? ip_reply_glue_bits+0xc0/0xc0 [ 195.085617][ T7971] ip_local_out+0xc4/0x1b0 [ 195.090052][ T7971] ip_send_skb+0x42/0xf0 [ 195.094308][ T7971] udp_send_skb.isra.0+0x6b2/0x1180 [ 195.099515][ T7971] ? xfrm_lookup_route+0x5b/0x1f0 [ 195.099540][ T7971] udp_sendmsg+0x1dfd/0x2820 [ 195.099556][ T7971] ? __lock_acquire+0x548/0x3fb0 [ 195.099577][ T7971] ? ip_reply_glue_bits+0xc0/0xc0 [ 195.119204][ T7971] ? udp4_lib_lookup_skb+0x440/0x440 [ 195.124497][ T7971] ? __might_fault+0x12b/0x1e0 [ 195.129265][ T7971] ? find_held_lock+0x35/0x130 [ 195.134049][ T7971] ? __might_sleep+0x95/0x190 [ 195.138734][ T7971] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 195.144368][ T7971] ? aa_sk_perm+0x288/0x880 [ 195.148894][ T7971] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 195.154485][ T7971] inet_sendmsg+0x147/0x5e0 [ 195.159010][ T7971] ? udp4_lib_lookup_skb+0x440/0x440 [ 195.164410][ T7971] ? inet_sendmsg+0x147/0x5e0 [ 195.169099][ T7971] ? ipip_gro_receive+0x100/0x100 [ 195.174134][ T7971] sock_sendmsg+0xdd/0x130 [ 195.178655][ T7971] ___sys_sendmsg+0x3e2/0x930 [ 195.183341][ T7971] ? copy_msghdr_from_user+0x430/0x430 [ 195.188827][ T7971] ? __lock_acquire+0x548/0x3fb0 [ 195.193777][ T7971] ? lock_downgrade+0x880/0x880 [ 195.198644][ T7971] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 195.204892][ T7971] ? kasan_check_read+0x11/0x20 [ 195.209758][ T7971] ? __might_fault+0x12b/0x1e0 [ 195.214523][ T7971] ? find_held_lock+0x35/0x130 [ 195.219292][ T7971] ? __might_fault+0x12b/0x1e0 [ 195.224074][ T7971] ? lock_downgrade+0x880/0x880 [ 195.229114][ T7971] ? ___might_sleep+0x163/0x280 [ 195.233971][ T7971] __sys_sendmmsg+0x1bf/0x4d0 [ 195.238661][ T7971] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 195.244959][ T7971] ? _copy_to_user+0xc9/0x120 [ 195.250001][ T7971] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 195.256257][ T7971] ? put_timespec64+0xda/0x140 [ 195.261172][ T7971] ? nsecs_to_jiffies+0x30/0x30 [ 195.266038][ T7971] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 195.271508][ T7971] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 195.276986][ T7971] ? do_syscall_64+0x26/0x610 [ 195.281673][ T7971] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 195.287929][ T7971] ? do_syscall_64+0x26/0x610 [ 195.292618][ T7971] __x64_sys_sendmmsg+0x9d/0x100 [ 195.297575][ T7971] do_syscall_64+0x103/0x610 [ 195.302189][ T7971] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 195.310919][ T7971] RIP: 0033:0x4582b9 [ 195.316919][ T7971] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 195.339665][ T7971] RSP: 002b:00007f75fef1cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 195.354104][ T7971] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 195.362981][ T7971] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 195.370962][ T7971] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 195.378951][ T7971] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75fef1d6d4 [ 195.387022][ T7971] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 195.432938][ T7971] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7971 [ 195.442605][ T7971] caller is sk_mc_loop+0x1d/0x210 [ 195.447662][ T7971] CPU: 1 PID: 7971 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 195.456702][ T7971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 195.467054][ T7971] Call Trace: [ 195.467081][ T7971] dump_stack+0x172/0x1f0 [ 195.467105][ T7971] __this_cpu_preempt_check+0x246/0x270 [ 195.467127][ T7971] sk_mc_loop+0x1d/0x210 [ 195.475730][ T7971] ip_mc_output+0x2ef/0xf70 [ 195.475752][ T7971] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 195.475773][ T7971] ? ip_append_data.part.0+0x170/0x170 [ 195.501136][ T7971] ? ip_make_skb+0x1b1/0x2c0 [ 195.505997][ T7971] ? ip_reply_glue_bits+0xc0/0xc0 [ 195.511035][ T7971] ip_local_out+0xc4/0x1b0 [ 195.516861][ T7971] ip_send_skb+0x42/0xf0 [ 195.523041][ T7971] udp_send_skb.isra.0+0x6b2/0x1180 [ 195.528528][ T7971] ? xfrm_lookup_route+0x5b/0x1f0 [ 195.534880][ T7971] udp_sendmsg+0x1dfd/0x2820 [ 195.539487][ T7971] ? __lock_acquire+0x548/0x3fb0 [ 195.544455][ T7971] ? ip_reply_glue_bits+0xc0/0xc0 [ 195.549492][ T7971] ? udp4_lib_lookup_skb+0x440/0x440 [ 195.554779][ T7971] ? __might_fault+0x12b/0x1e0 [ 195.559548][ T7971] ? find_held_lock+0x35/0x130 [ 195.564893][ T7971] ? __might_sleep+0x95/0x190 [ 195.569603][ T7971] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 195.575241][ T7971] ? aa_sk_perm+0x288/0x880 [ 195.579751][ T7971] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 195.585300][ T7971] inet_sendmsg+0x147/0x5e0 [ 195.589834][ T7971] ? udp4_lib_lookup_skb+0x440/0x440 [ 195.595134][ T7971] ? inet_sendmsg+0x147/0x5e0 [ 195.599807][ T7971] ? ipip_gro_receive+0x100/0x100 [ 195.604845][ T7971] sock_sendmsg+0xdd/0x130 [ 195.609265][ T7971] ___sys_sendmsg+0x3e2/0x930 [ 195.613954][ T7971] ? copy_msghdr_from_user+0x430/0x430 [ 195.619429][ T7971] ? __lock_acquire+0x548/0x3fb0 [ 195.624381][ T7971] ? lock_downgrade+0x880/0x880 [ 195.629238][ T7971] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 195.635501][ T7971] ? kasan_check_read+0x11/0x20 [ 195.640367][ T7971] ? __might_fault+0x12b/0x1e0 [ 195.645153][ T7971] ? find_held_lock+0x35/0x130 [ 195.649923][ T7971] ? __might_fault+0x12b/0x1e0 [ 195.654699][ T7971] ? lock_downgrade+0x880/0x880 [ 195.659563][ T7971] ? ___might_sleep+0x163/0x280 [ 195.664425][ T7971] __sys_sendmmsg+0x1bf/0x4d0 [ 195.669151][ T7971] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 195.674307][ T7971] ? _copy_to_user+0xc9/0x120 [ 195.679023][ T7971] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 195.685327][ T7971] ? put_timespec64+0xda/0x140 [ 195.690216][ T7971] ? nsecs_to_jiffies+0x30/0x30 [ 195.695120][ T7971] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 195.700602][ T7971] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 195.706090][ T7971] ? do_syscall_64+0x26/0x610 [ 195.710878][ T7971] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 195.716970][ T7971] ? do_syscall_64+0x26/0x610 [ 195.721669][ T7971] __x64_sys_sendmmsg+0x9d/0x100 [ 195.726644][ T7971] do_syscall_64+0x103/0x610 [ 195.731256][ T7971] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 195.737165][ T7971] RIP: 0033:0x4582b9 [ 195.741070][ T7971] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 195.760706][ T7971] RSP: 002b:00007f75fef1cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 195.769147][ T7971] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 195.781930][ T7971] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 195.791011][ T7971] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 195.798995][ T7971] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75fef1d6d4 [ 195.806977][ T7971] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 195.857783][ T7971] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7971 [ 195.867330][ T7971] caller is sk_mc_loop+0x1d/0x210 [ 195.872447][ T7971] CPU: 0 PID: 7971 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 195.872457][ T7971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 195.872462][ T7971] Call Trace: [ 195.872484][ T7971] dump_stack+0x172/0x1f0 [ 195.872508][ T7971] __this_cpu_preempt_check+0x246/0x270 [ 195.872525][ T7971] sk_mc_loop+0x1d/0x210 [ 195.872541][ T7971] ip_mc_output+0x2ef/0xf70 [ 195.872570][ T7971] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 195.872587][ T7971] ? ip_append_data.part.0+0x170/0x170 [ 195.872598][ T7971] ? ip_make_skb+0x1b1/0x2c0 [ 195.872611][ T7971] ? ip_reply_glue_bits+0xc0/0xc0 [ 195.934089][ T7971] ip_local_out+0xc4/0x1b0 [ 195.938513][ T7971] ip_send_skb+0x42/0xf0 [ 195.942765][ T7971] udp_send_skb.isra.0+0x6b2/0x1180 [ 195.947963][ T7971] ? xfrm_lookup_route+0x5b/0x1f0 [ 195.952998][ T7971] udp_sendmsg+0x1dfd/0x2820 [ 195.957600][ T7971] ? __lock_acquire+0x548/0x3fb0 [ 195.962545][ T7971] ? ip_reply_glue_bits+0xc0/0xc0 [ 195.967577][ T7971] ? udp4_lib_lookup_skb+0x440/0x440 [ 195.972873][ T7971] ? __might_fault+0x12b/0x1e0 [ 195.977650][ T7971] ? find_held_lock+0x35/0x130 [ 195.982445][ T7971] ? __might_sleep+0x95/0x190 [ 195.987122][ T7971] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 195.992751][ T7971] ? aa_sk_perm+0x288/0x880 [ 195.997260][ T7971] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 196.002807][ T7971] inet_sendmsg+0x147/0x5e0 [ 196.007314][ T7971] ? udp4_lib_lookup_skb+0x440/0x440 [ 196.012593][ T7971] ? inet_sendmsg+0x147/0x5e0 [ 196.017269][ T7971] ? ipip_gro_receive+0x100/0x100 [ 196.022299][ T7971] sock_sendmsg+0xdd/0x130 [ 196.026724][ T7971] ___sys_sendmsg+0x3e2/0x930 [ 196.031426][ T7971] ? copy_msghdr_from_user+0x430/0x430 [ 196.036900][ T7971] ? __lock_acquire+0x548/0x3fb0 [ 196.041844][ T7971] ? lock_downgrade+0x880/0x880 [ 196.046698][ T7971] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 196.052947][ T7971] ? kasan_check_read+0x11/0x20 [ 196.057810][ T7971] ? __might_fault+0x12b/0x1e0 [ 196.062574][ T7971] ? find_held_lock+0x35/0x130 [ 196.067352][ T7971] ? __might_fault+0x12b/0x1e0 [ 196.072133][ T7971] ? lock_downgrade+0x880/0x880 [ 196.077004][ T7971] ? ___might_sleep+0x163/0x280 [ 196.081856][ T7971] __sys_sendmmsg+0x1bf/0x4d0 [ 196.086535][ T7971] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 196.091571][ T7971] ? _copy_to_user+0xc9/0x120 [ 196.096251][ T7971] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 196.102492][ T7971] ? put_timespec64+0xda/0x140 [ 196.107258][ T7971] ? nsecs_to_jiffies+0x30/0x30 [ 196.112118][ T7971] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 196.117605][ T7971] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 196.123095][ T7971] ? do_syscall_64+0x26/0x610 [ 196.127777][ T7971] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.133848][ T7971] ? do_syscall_64+0x26/0x610 [ 196.138539][ T7971] __x64_sys_sendmmsg+0x9d/0x100 [ 196.143493][ T7971] do_syscall_64+0x103/0x610 [ 196.148087][ T7971] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.153989][ T7971] RIP: 0033:0x4582b9 [ 196.157885][ T7971] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 196.177683][ T7971] RSP: 002b:00007f75fef1cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 196.186115][ T7971] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 196.194089][ T7971] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 196.202062][ T7971] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 196.210054][ T7971] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75fef1d6d4 [ 196.218048][ T7971] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 196.232729][ T8014] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8014 [ 196.242175][ T8014] caller is ip6_finish_output+0x335/0xdc0 [ 196.247923][ T8014] CPU: 0 PID: 8014 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 196.256971][ T8014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 196.268098][ T8014] Call Trace: [ 196.271701][ T8014] dump_stack+0x172/0x1f0 [ 196.276053][ T8014] __this_cpu_preempt_check+0x246/0x270 [ 196.281622][ T8014] ip6_finish_output+0x335/0xdc0 [ 196.286583][ T8014] ip6_output+0x235/0x7f0 [ 196.290958][ T8014] ? ip6_finish_output+0xdc0/0xdc0 [ 196.294599][ T7971] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7971 [ 196.296086][ T8014] ? ip6_fragment+0x3980/0x3980 [ 196.296114][ T8014] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 196.305470][ T7971] caller is sk_mc_loop+0x1d/0x210 [ 196.310271][ T8014] ip6_local_out+0xc4/0x1b0 [ 196.310293][ T8014] ip6_send_skb+0xbb/0x350 [ 196.310312][ T8014] ip6_push_pending_frames+0xc8/0xf0 [ 196.310338][ T8014] rawv6_sendmsg+0x299c/0x35e0 [ 196.340096][ T8014] ? rawv6_getsockopt+0x150/0x150 [ 196.345135][ T8014] ? aa_profile_af_perm+0x320/0x320 [ 196.350341][ T8014] ? _copy_from_user+0xdd/0x150 [ 196.355231][ T8014] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 196.360959][ T8014] ? rw_copy_check_uvector+0x2a6/0x330 [ 196.366438][ T8014] ? ___might_sleep+0x163/0x280 [ 196.371299][ T8014] ? __might_sleep+0x95/0x190 [ 196.375992][ T8014] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 196.381540][ T8014] inet_sendmsg+0x147/0x5e0 [ 196.386051][ T8014] ? rawv6_getsockopt+0x150/0x150 [ 196.391072][ T8014] ? inet_sendmsg+0x147/0x5e0 [ 196.395752][ T8014] ? ipip_gro_receive+0x100/0x100 [ 196.400791][ T8014] sock_sendmsg+0xdd/0x130 [ 196.405220][ T8014] ___sys_sendmsg+0x806/0x930 [ 196.409904][ T8014] ? copy_msghdr_from_user+0x430/0x430 [ 196.415385][ T8014] ? kasan_check_read+0x11/0x20 [ 196.420337][ T8014] ? __fget+0x381/0x550 [ 196.424515][ T8014] ? ksys_dup3+0x3e0/0x3e0 [ 196.428940][ T8014] ? lock_downgrade+0x880/0x880 [ 196.433804][ T8014] ? __fget_light+0x1a9/0x230 [ 196.438480][ T8014] ? __fdget+0x1b/0x20 [ 196.442553][ T8014] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 196.448798][ T8014] __sys_sendmsg+0x105/0x1d0 [ 196.453397][ T8014] ? __ia32_sys_shutdown+0x80/0x80 [ 196.458541][ T8014] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 196.464003][ T8014] ? do_syscall_64+0x26/0x610 [ 196.468679][ T8014] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.474755][ T8014] ? do_syscall_64+0x26/0x610 [ 196.479441][ T8014] __x64_sys_sendmsg+0x78/0xb0 [ 196.484210][ T8014] do_syscall_64+0x103/0x610 [ 196.488804][ T8014] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.494697][ T8014] RIP: 0033:0x4582b9 [ 196.498593][ T8014] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 196.518395][ T8014] RSP: 002b:00007f5b95420c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 196.526836][ T8014] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 196.534809][ T8014] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 196.542791][ T8014] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 196.550766][ T8014] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5b954216d4 [ 196.558742][ T8014] R13: 00000000004c5279 R14: 00000000004d93f8 R15: 00000000ffffffff [ 196.566743][ T7971] CPU: 1 PID: 7971 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 196.575778][ T7971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 196.585850][ T7971] Call Trace: [ 196.589161][ T7971] dump_stack+0x172/0x1f0 [ 196.593507][ T7971] __this_cpu_preempt_check+0x246/0x270 [ 196.599057][ T7971] sk_mc_loop+0x1d/0x210 [ 196.603303][ T7971] ip_mc_output+0x2ef/0xf70 [ 196.607812][ T7971] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 196.612934][ T7971] ? ip_append_data.part.0+0x170/0x170 [ 196.618400][ T7971] ? ip_make_skb+0x1b1/0x2c0 [ 196.623001][ T7971] ? ip_reply_glue_bits+0xc0/0xc0 [ 196.628027][ T7971] ip_local_out+0xc4/0x1b0 [ 196.632465][ T7971] ip_send_skb+0x42/0xf0 [ 196.636710][ T7971] udp_send_skb.isra.0+0x6b2/0x1180 [ 196.641916][ T7971] ? xfrm_lookup_route+0x5b/0x1f0 [ 196.646951][ T7971] udp_sendmsg+0x1dfd/0x2820 [ 196.651554][ T7971] ? __lock_acquire+0x548/0x3fb0 [ 196.656508][ T7971] ? ip_reply_glue_bits+0xc0/0xc0 [ 196.661545][ T7971] ? udp4_lib_lookup_skb+0x440/0x440 [ 196.666841][ T7971] ? __might_fault+0x12b/0x1e0 [ 196.671622][ T7971] ? find_held_lock+0x35/0x130 [ 196.676418][ T7971] ? __might_sleep+0x95/0x190 [ 196.682154][ T7971] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 196.687790][ T7971] ? aa_sk_perm+0x288/0x880 [ 196.692310][ T7971] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 196.697865][ T7971] inet_sendmsg+0x147/0x5e0 [ 196.702392][ T7971] ? udp4_lib_lookup_skb+0x440/0x440 [ 196.707680][ T7971] ? inet_sendmsg+0x147/0x5e0 [ 196.712359][ T7971] ? ipip_gro_receive+0x100/0x100 [ 196.717412][ T7971] sock_sendmsg+0xdd/0x130 [ 196.721832][ T7971] ___sys_sendmsg+0x3e2/0x930 [ 196.726516][ T7971] ? copy_msghdr_from_user+0x430/0x430 [ 196.731979][ T7971] ? __lock_acquire+0x548/0x3fb0 [ 196.736923][ T7971] ? lock_downgrade+0x880/0x880 [ 196.741805][ T7971] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 196.748056][ T7971] ? kasan_check_read+0x11/0x20 [ 196.752938][ T7971] ? __might_fault+0x12b/0x1e0 [ 196.757884][ T7971] ? find_held_lock+0x35/0x130 [ 196.762662][ T7971] ? __might_fault+0x12b/0x1e0 [ 196.767538][ T7971] ? lock_downgrade+0x880/0x880 [ 196.772410][ T7971] ? ___might_sleep+0x163/0x280 [ 196.777267][ T7971] __sys_sendmmsg+0x1bf/0x4d0 [ 196.781949][ T7971] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 196.787500][ T7971] ? _copy_to_user+0xc9/0x120 [ 196.792184][ T7971] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 196.798421][ T7971] ? put_timespec64+0xda/0x140 [ 196.803192][ T7971] ? nsecs_to_jiffies+0x30/0x30 [ 196.808051][ T7971] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 196.813522][ T7971] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 196.818978][ T7971] ? do_syscall_64+0x26/0x610 [ 196.823735][ T7971] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.830067][ T7971] ? do_syscall_64+0x26/0x610 [ 196.834855][ T7971] __x64_sys_sendmmsg+0x9d/0x100 [ 196.840258][ T7971] do_syscall_64+0x103/0x610 [ 196.844864][ T7971] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.850764][ T7971] RIP: 0033:0x4582b9 [ 196.854663][ T7971] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 196.874274][ T7971] RSP: 002b:00007f75fef1cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 196.882700][ T7971] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 196.890689][ T7971] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 196.898674][ T7971] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 196.906739][ T7971] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75fef1d6d4 [ 196.914713][ T7971] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 196.942708][ T7971] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7971 [ 196.952417][ T7971] caller is sk_mc_loop+0x1d/0x210 [ 196.957475][ T7971] CPU: 1 PID: 7971 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 196.966763][ T7971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 196.976832][ T7971] Call Trace: [ 196.980138][ T7971] dump_stack+0x172/0x1f0 [ 196.984483][ T7971] __this_cpu_preempt_check+0x246/0x270 [ 196.990216][ T7971] sk_mc_loop+0x1d/0x210 [ 196.994491][ T7971] ip_mc_output+0x2ef/0xf70 [ 196.999014][ T7971] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 197.004140][ T7971] ? ip_append_data.part.0+0x170/0x170 [ 197.009909][ T7971] ? ip_make_skb+0x1b1/0x2c0 [ 197.014502][ T7971] ? ip_reply_glue_bits+0xc0/0xc0 [ 197.021127][ T7971] ip_local_out+0xc4/0x1b0 [ 197.025557][ T7971] ip_send_skb+0x42/0xf0 [ 197.029805][ T7971] udp_send_skb.isra.0+0x6b2/0x1180 [ 197.035104][ T7971] ? xfrm_lookup_route+0x5b/0x1f0 [ 197.040143][ T7971] udp_sendmsg+0x1dfd/0x2820 [ 197.044741][ T7971] ? __lock_acquire+0x548/0x3fb0 [ 197.049776][ T7971] ? ip_reply_glue_bits+0xc0/0xc0 [ 197.056994][ T7971] ? udp4_lib_lookup_skb+0x440/0x440 [ 197.062294][ T7971] ? __might_fault+0x12b/0x1e0 [ 197.067068][ T7971] ? find_held_lock+0x35/0x130 [ 197.071861][ T7971] ? __might_sleep+0x95/0x190 [ 197.077511][ T7971] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 197.083162][ T7971] ? aa_sk_perm+0x288/0x880 [ 197.087810][ T7971] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 197.093371][ T7971] inet_sendmsg+0x147/0x5e0 [ 197.097894][ T7971] ? udp4_lib_lookup_skb+0x440/0x440 [ 197.103203][ T7971] ? inet_sendmsg+0x147/0x5e0 [ 197.107890][ T7971] ? ipip_gro_receive+0x100/0x100 [ 197.112936][ T7971] sock_sendmsg+0xdd/0x130 [ 197.117359][ T7971] ___sys_sendmsg+0x3e2/0x930 [ 197.122055][ T7971] ? copy_msghdr_from_user+0x430/0x430 [ 197.127519][ T7971] ? __lock_acquire+0x548/0x3fb0 [ 197.132462][ T7971] ? lock_downgrade+0x880/0x880 [ 197.137313][ T7971] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 197.143566][ T7971] ? kasan_check_read+0x11/0x20 [ 197.148430][ T7971] ? __might_fault+0x12b/0x1e0 [ 197.153206][ T7971] ? find_held_lock+0x35/0x130 [ 197.157982][ T7971] ? __might_fault+0x12b/0x1e0 [ 197.162783][ T7971] ? lock_downgrade+0x880/0x880 [ 197.167685][ T7971] ? ___might_sleep+0x163/0x280 [ 197.172730][ T7971] __sys_sendmmsg+0x1bf/0x4d0 [ 197.177430][ T7971] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 197.182478][ T7971] ? _copy_to_user+0xc9/0x120 [ 197.187167][ T7971] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 197.193534][ T7971] ? put_timespec64+0xda/0x140 [ 197.198327][ T7971] ? nsecs_to_jiffies+0x30/0x30 [ 197.203312][ T7971] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 197.208787][ T7971] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 197.214272][ T7971] ? do_syscall_64+0x26/0x610 [ 197.219006][ T7971] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.225098][ T7971] ? do_syscall_64+0x26/0x610 [ 197.229800][ T7971] __x64_sys_sendmmsg+0x9d/0x100 [ 197.234769][ T7971] do_syscall_64+0x103/0x610 [ 197.239480][ T7971] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.245563][ T7971] RIP: 0033:0x4582b9 [ 197.249477][ T7971] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 197.269386][ T7971] RSP: 002b:00007f75fef1cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 197.277818][ T7971] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 197.285798][ T7971] RDX: 0400000000000030 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 197.293775][ T7971] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 197.302366][ T7971] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75fef1d6d4 [ 197.310359][ T7971] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff 18:05:03 executing program 1: r0 = socket$vsock_stream(0x28, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) connect$packet(r1, &(0x7f0000000100), 0x14) 18:05:03 executing program 2: ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000180)={'nr0\x01\x00\x00\xc3\x00', 0x40004005}) ioctl$TUNSETPERSIST(0xffffffffffffffff, 0x400454cb, 0x1) bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x3, 0x0, 0x0, 0x40, 0x0, 0xffffffffffffff9c}, 0x2c) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) ioctl$TUNGETFEATURES(0xffffffffffffffff, 0x800454cf, 0x0) socket$kcm(0x2, 0x3, 0x2) bpf$BPF_PROG_GET_NEXT_ID(0xb, 0x0, 0x0) gettid() bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000300)={&(0x7f0000000240)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='/group.stat\x00', 0x2761, 0x0) r0 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) close(r0) 18:05:03 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") syz_mount_image$reiserfs(&(0x7f0000000000)='reiserfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 18:05:03 executing program 5: sendmmsg(0xffffffffffffffff, &(0x7f0000001840)=[{{&(0x7f0000000740)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @initdev}}}, 0x80, 0x0}, 0x53a}], 0x1, 0x1) r0 = gettid() memfd_create(0x0, 0x0) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000940)='/dev/snapshot\x00', 0x20601, 0x0) socket$inet(0x2, 0x0, 0x0) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vhost-vsock\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) kcmp(r0, r0, 0x0, r2, r1) 18:05:03 executing program 4: r0 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c) sendmsg(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)=',|', 0x2}], 0x1}, 0x0) 18:05:03 executing program 3: fdatasync(0xffffffffffffffff) sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x584c07d9, &(0x7f0000000980), 0x100000000000008a, 0x0, 0xfffffffffffffe03}, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') socket$inet6(0xa, 0x3, 0x2) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000fd6000/0x2000)=nil, 0x2000, 0x2000, 0x0, &(0x7f0000aa8000/0x2000)=nil) munlockall() r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IP_VS_SO_GET_VERSION(r0, 0x0, 0x480, &(0x7f00000009c0), &(0x7f0000000980)=0x40) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'lo\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xed\x1f'}) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0) 18:05:03 executing program 4: r0 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c) sendmsg(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)=',|', 0x2}], 0x1}, 0x0) [ 197.495604][ T8034] REISERFS warning (device loop0): sh-2021 reiserfs_fill_super: can not find reiserfs on loop0 18:05:03 executing program 4: r0 = socket$inet6(0xa, 0x3, 0x8000000003c) sendmsg(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)=',|', 0x2}], 0x1}, 0x0) 18:05:03 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) write$binfmt_elf64(r0, 0x0, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x10001, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) setsockopt$inet6_MRT6_DEL_MFC(0xffffffffffffffff, 0x29, 0xcd, 0x0, 0x0) openat$ashmem(0xffffffffffffff9c, 0x0, 0x0, 0x0) timer_create(0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000840), &(0x7f0000000a00)=0xc) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000640)="2ad4d425", 0x4) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='pagemap\x00') sendfile(r2, r3, 0x0, 0x10000000000443) ppoll(&(0x7f0000000680)=[{}, {r2}], 0x2, 0x0, 0x0, 0x0) 18:05:03 executing program 1: sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) getrandom(0x0, 0x0, 0x4) r0 = gettid() ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, &(0x7f0000000000)={0x9, 0x0, 0x0, 0x0, 0x1, [{0x5}]}) memfd_create(0x0, 0x0) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000940)='/dev/snapshot\x00', 0x0, 0x0) socket$inet(0x2, 0x0, 0x0) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vhost-vsock\x00', 0x2, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) kcmp(r0, r0, 0x0, r2, r1) 18:05:03 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x6, &(0x7f0000000000)={0x0, @remote, 0x0, 0x0, 'mh \x00'}, 0x2c) [ 197.648770][ T8049] REISERFS warning (device loop0): sh-2021 reiserfs_fill_super: can not find reiserfs on loop0 18:05:03 executing program 4: r0 = socket$inet6(0xa, 0x3, 0x8000000003c) sendmsg(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)=',|', 0x2}], 0x1}, 0x0) 18:05:03 executing program 5: sendmmsg(0xffffffffffffffff, &(0x7f0000001840)=[{{&(0x7f0000000740)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @initdev}}}, 0x80, 0x0}, 0x53a}], 0x1, 0x1) r0 = gettid() memfd_create(0x0, 0x0) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000940)='/dev/snapshot\x00', 0x20601, 0x0) socket$inet(0x2, 0x0, 0x0) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vhost-vsock\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) kcmp(r0, r0, 0x0, r2, r1) 18:05:03 executing program 0: socketpair(0x1, 0x3, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$kcm(r0, &(0x7f0000000740)={0x0, 0x0, 0x0}, 0x0) close(r0) socketpair$unix(0x1, 0x10000000000001, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write$cgroup_int(r1, 0x0, 0x0) 18:05:04 executing program 4: r0 = socket$inet6(0xa, 0x3, 0x8000000003c) sendmsg(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)=',|', 0x2}], 0x1}, 0x0) 18:05:04 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") getxattr(0x0, 0x0, 0x0, 0x0) 18:05:04 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000680)=0xfff, 0x4) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000100), 0x921b527a62bfd8af) write$binfmt_elf64(r0, &(0x7f00000016c0)=ANY=[@ANYPTR=&(0x7f00000005c0)=ANY=[@ANYPTR=&(0x7f00000004c0)=ANY=[@ANYRES16], @ANYRES32, @ANYRES64=0x0, @ANYPTR=&(0x7f0000000580)=ANY=[@ANYPTR64, @ANYRESHEX, @ANYPTR64, @ANYRES32=0x0]], @ANYRESDEC, @ANYRES16], 0x10000017c) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000740)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x1ffc}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x400100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070") 18:05:04 executing program 4: connect$inet6(0xffffffffffffffff, &(0x7f0000000240)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c) sendmsg(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)=',|', 0x2}], 0x1}, 0x0) 18:05:04 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$inet_udp_int(r0, 0x11, 0x0, 0x0, &(0x7f0000000080)) 18:05:04 executing program 2: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) bind$bt_l2cap(r0, &(0x7f0000000180)={0x1f, 0x7, {0x8, 0x9, 0x7, 0x3, 0x1, 0x8}, 0x0, 0x2}, 0xe) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/kvm\x00', 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_sys\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r3, 0x4068aea3, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000080)) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000440)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r5 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) ftruncate(r5, 0x208200) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TIOCSSOFTCAR(r6, 0x541a, &(0x7f0000000280)=0xf3) write(r7, &(0x7f00000001c0), 0xffffffea) write$P9_RAUTH(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) vmsplice(r6, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) getsockopt$IP_VS_SO_GET_DESTS(r5, 0x0, 0x484, 0x0, &(0x7f0000000100)) r8 = open(&(0x7f0000000780)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r8, 0x0) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000100)="460f300f07c483614804ee08440f20c03506000000440f22c0c402f93473230f09f20f013cb9b805000000b9c00000000f01d90fc728c4c1f9e79f2e000000", 0x3f}], 0x1, 0x0, 0x0, 0x0) ioctl$IOC_PR_RELEASE(r2, 0x401070ca, &(0x7f00000001c0)={0x7, 0xf8c, 0x1}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1ff) ioctl$KVM_GET_CPUID2(r0, 0xc008ae91, &(0x7f0000000300)=ANY=[@ANYBLOB="0200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e88a3ec0984e7d94106371373203df000000000000000000000000000000000000009c80f700"/103]) read$FUSE(r0, 0x0, 0x0) 18:05:04 executing program 3: r0 = gettid() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") getpgid(r0) 18:05:04 executing program 4: connect$inet6(0xffffffffffffffff, &(0x7f0000000240)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c) sendmsg(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)=',|', 0x2}], 0x1}, 0x0) 18:05:04 executing program 0: ioctl$ASHMEM_SET_NAME(0xffffffffffffffff, 0x41007701, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000640)="2ad4d425", 0x4) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='pagemap\x00') sendfile(r1, r2, 0x0, 0x10000000000443) read(r1, 0x0, 0x0) write$FUSE_DIRENT(0xffffffffffffffff, 0x0, 0x0) sendmsg$xdp(r1, &(0x7f0000000300)={&(0x7f0000000140), 0x10, 0x0}, 0x0) 18:05:04 executing program 5: sendmmsg(0xffffffffffffffff, &(0x7f0000001840)=[{{&(0x7f0000000740)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @initdev}}}, 0x80, 0x0}, 0x53a}], 0x1, 0x1) r0 = gettid() memfd_create(0x0, 0x0) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000940)='/dev/snapshot\x00', 0x20601, 0x0) socket$inet(0x2, 0x0, 0x0) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vhost-vsock\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) kcmp(r0, r0, 0x0, r2, r1)