[ 38.524148][ T26] audit: type=1800 audit(1554684968.453:26): pid=7712 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 38.551572][ T26] audit: type=1800 audit(1554684968.453:27): pid=7712 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 38.573512][ T26] audit: type=1800 audit(1554684968.453:28): pid=7712 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 39.431930][ T26] audit: type=1800 audit(1554684969.383:29): pid=7712 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.73' (ECDSA) to the list of known hosts. 2019/04/08 00:56:23 fuzzer started 2019/04/08 00:56:26 dialing manager at 10.128.0.26:34543 2019/04/08 00:56:26 syscalls: 2408 2019/04/08 00:56:26 code coverage: enabled 2019/04/08 00:56:26 comparison tracing: enabled 2019/04/08 00:56:26 extra coverage: extra coverage is not supported by the kernel 2019/04/08 00:56:26 setuid sandbox: enabled 2019/04/08 00:56:26 namespace sandbox: enabled 2019/04/08 00:56:26 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/08 00:56:26 fault injection: enabled 2019/04/08 00:56:26 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/08 00:56:26 net packet injection: enabled 2019/04/08 00:56:26 net device setup: enabled 00:58:36 executing program 0: syzkaller login: [ 187.030151][ T7876] IPVS: ftp: loaded support on port[0] = 21 00:58:37 executing program 1: [ 187.158642][ T7876] chnl_net:caif_netlink_parms(): no params data found [ 187.271195][ T7876] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.279590][ T7876] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.287821][ T7876] device bridge_slave_0 entered promiscuous mode [ 187.305517][ T7876] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.313411][ T7876] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.322588][ T7876] device bridge_slave_1 entered promiscuous mode [ 187.346545][ T7876] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 187.358105][ T7876] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 187.362044][ T7879] IPVS: ftp: loaded support on port[0] = 21 00:58:37 executing program 2: [ 187.397411][ T7876] team0: Port device team_slave_0 added [ 187.407213][ T7876] team0: Port device team_slave_1 added [ 187.523109][ T7876] device hsr_slave_0 entered promiscuous mode 00:58:37 executing program 3: [ 187.569257][ T7876] device hsr_slave_1 entered promiscuous mode [ 187.693021][ T7876] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.700485][ T7876] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.708213][ T7876] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.715366][ T7876] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.776102][ T7881] IPVS: ftp: loaded support on port[0] = 21 [ 187.797304][ T7879] chnl_net:caif_netlink_parms(): no params data found [ 187.828366][ T7884] IPVS: ftp: loaded support on port[0] = 21 00:58:37 executing program 4: [ 187.935378][ T7879] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.945052][ T7879] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.953302][ T7879] device bridge_slave_0 entered promiscuous mode [ 188.002187][ T7879] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.010367][ T7879] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.021442][ T7879] device bridge_slave_1 entered promiscuous mode [ 188.121682][ T7879] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 188.133230][ T7876] 8021q: adding VLAN 0 to HW filter on device bond0 [ 188.148609][ T7888] IPVS: ftp: loaded support on port[0] = 21 [ 188.176634][ T7879] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 188.189708][ T22] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.208882][ T22] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.218280][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready 00:58:38 executing program 5: [ 188.274514][ T7881] chnl_net:caif_netlink_parms(): no params data found [ 188.300798][ T7876] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.308813][ T7879] team0: Port device team_slave_0 added [ 188.316830][ T7879] team0: Port device team_slave_1 added [ 188.337278][ T2968] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 188.347110][ T2968] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 188.407793][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 188.417435][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 188.425896][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.433037][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.441056][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 188.449740][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 188.457992][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.465090][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.472709][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 188.481387][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 188.490139][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 188.498575][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 188.507768][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 188.570742][ T7879] device hsr_slave_0 entered promiscuous mode [ 188.619337][ T7879] device hsr_slave_1 entered promiscuous mode [ 188.667993][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 188.677381][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 188.685676][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 188.694278][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 188.732494][ T7892] IPVS: ftp: loaded support on port[0] = 21 [ 188.735902][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 188.748459][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 188.762503][ T7881] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.769804][ T7881] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.777430][ T7881] device bridge_slave_0 entered promiscuous mode [ 188.802748][ T7876] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 188.815248][ T7884] chnl_net:caif_netlink_parms(): no params data found [ 188.828097][ T7881] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.835811][ T7881] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.843796][ T7881] device bridge_slave_1 entered promiscuous mode [ 188.954017][ T7881] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 188.966369][ T7881] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 188.982659][ T7888] chnl_net:caif_netlink_parms(): no params data found [ 189.013561][ T7884] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.020757][ T7884] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.028487][ T7884] device bridge_slave_0 entered promiscuous mode [ 189.038642][ T7884] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.047541][ T7884] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.055666][ T7884] device bridge_slave_1 entered promiscuous mode [ 189.087624][ T7881] team0: Port device team_slave_0 added [ 189.096996][ T7881] team0: Port device team_slave_1 added [ 189.112160][ T7876] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 189.201841][ T7881] device hsr_slave_0 entered promiscuous mode [ 189.270174][ T7881] device hsr_slave_1 entered promiscuous mode [ 189.330056][ T7888] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.337169][ T7888] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.345991][ T7888] device bridge_slave_0 entered promiscuous mode [ 189.355078][ T7884] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 189.395422][ T7888] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.403570][ T7888] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.412254][ T7888] device bridge_slave_1 entered promiscuous mode [ 189.433424][ T7884] bond0: Enslaving bond_slave_1 as an active interface with an up link 00:58:39 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x3, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0xb, &(0x7f0000000140)=@assoc_value={0x0, 0x4}, 0x8) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) close(r1) close(r0) [ 189.465785][ T7888] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 189.497395][ T7888] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 189.597464][ T7884] team0: Port device team_slave_0 added [ 189.604662][ T7888] team0: Port device team_slave_0 added [ 189.615026][ T7888] team0: Port device team_slave_1 added [ 189.625456][ T7884] team0: Port device team_slave_1 added [ 189.640925][ T7879] 8021q: adding VLAN 0 to HW filter on device bond0 [ 189.712721][ T7884] device hsr_slave_0 entered promiscuous mode [ 189.779306][ T7884] device hsr_slave_1 entered promiscuous mode 00:58:39 executing program 0: r0 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000000100)) [ 189.828606][ T7892] chnl_net:caif_netlink_parms(): no params data found [ 189.852331][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 189.865024][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 00:58:39 executing program 0: r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x2}}) [ 189.896072][ T7879] 8021q: adding VLAN 0 to HW filter on device team0 00:58:39 executing program 0: r0 = socket$inet(0x2, 0x80001, 0x84) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000200)=0x7, 0x4) sendmsg(r0, &(0x7f0000000000)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x57, &(0x7f00000002c0)=[{&(0x7f0000001840), 0xff81}], 0x1}, 0x0) 00:58:39 executing program 0: r0 = socket$inet(0x2, 0x80001, 0x84) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000200)=0x7, 0x4) sendmsg(r0, &(0x7f0000000000)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x57, &(0x7f00000002c0)=[{&(0x7f0000001840), 0xff81}], 0x1}, 0x0) [ 189.971652][ T7888] device hsr_slave_0 entered promiscuous mode [ 190.009437][ T7888] device hsr_slave_1 entered promiscuous mode 00:58:40 executing program 0: r0 = socket$inet(0x2, 0x80001, 0x84) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000200)=0x7, 0x4) sendmsg(r0, &(0x7f0000000000)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x57, &(0x7f00000002c0)=[{&(0x7f0000001840), 0xff81}], 0x1}, 0x0) [ 190.054451][ T7881] 8021q: adding VLAN 0 to HW filter on device bond0 00:58:40 executing program 0: r0 = socket$inet(0x2, 0x80001, 0x84) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000200)=0x7, 0x4) sendmsg(r0, &(0x7f0000000000)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x57, &(0x7f00000002c0)=[{&(0x7f0000001840), 0xff81}], 0x1}, 0x0) [ 190.128265][ T7892] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.135523][ T7892] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.143552][ T7892] device bridge_slave_0 entered promiscuous mode [ 190.156772][ T7892] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.166743][ T7892] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.184191][ T7892] device bridge_slave_1 entered promiscuous mode [ 190.202510][ T7881] 8021q: adding VLAN 0 to HW filter on device team0 [ 190.210870][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 190.220129][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 190.228505][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.235632][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.246705][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.263674][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.272409][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.279499][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.286997][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 190.295738][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 190.303399][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 190.312092][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 190.346932][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 190.358433][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 190.367168][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.376105][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 190.384725][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 190.393138][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.400245][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.408437][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 190.416476][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 190.445541][ T7892] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 190.466373][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.475664][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.484970][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.492101][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.499847][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 190.509819][ T7892] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 190.532627][ T7892] team0: Port device team_slave_0 added [ 190.542744][ T2968] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 190.551264][ T2968] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 190.567844][ T7881] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 190.579936][ T7881] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 190.603401][ T7892] team0: Port device team_slave_1 added [ 190.671835][ T7892] device hsr_slave_0 entered promiscuous mode [ 190.709233][ T7892] device hsr_slave_1 entered promiscuous mode [ 190.765548][ T7879] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 190.776177][ T7879] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 190.789830][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 190.798538][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 190.807480][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.816059][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 190.824611][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 190.833300][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 190.841724][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 190.849957][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 190.858105][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 190.866991][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 190.875235][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 190.886547][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 190.894833][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 190.910050][ T7881] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 190.917304][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 190.925384][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 190.934134][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 190.945222][ T7884] 8021q: adding VLAN 0 to HW filter on device bond0 [ 190.982855][ T7888] 8021q: adding VLAN 0 to HW filter on device bond0 [ 190.996749][ T7884] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.022443][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 191.034749][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 191.074329][ T7879] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 191.096569][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 191.107999][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 191.117039][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.124167][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.132817][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 191.141485][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 191.150043][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.157117][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.164922][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 191.173679][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 191.187090][ T7888] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.213484][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 191.222313][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 191.230260][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 191.259684][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 191.268308][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 191.295390][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.302557][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state 00:58:41 executing program 1: r0 = add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f00000002c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f0000000300)='asymmetric\x00', &(0x7f0000000040)=@secondary='builtin_and_secondary_trusted\x00') add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000080)={'syz'}, 0x0, 0x0, r0) 00:58:41 executing program 0: r0 = socket$inet(0x2, 0x80001, 0x84) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) sendmsg(r0, &(0x7f0000000000)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x57, &(0x7f00000002c0)=[{&(0x7f0000001840), 0xff81}], 0x1}, 0x0) [ 191.310762][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 191.320212][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 191.331420][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.338485][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.357300][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 191.366599][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 191.384209][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 191.393541][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 191.421650][ T7892] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.460038][ T2968] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 191.476696][ T2968] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 191.484764][ T2968] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 191.493715][ T2968] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 191.502390][ T2968] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 191.511250][ T2968] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 191.520141][ T2968] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 191.528439][ T2968] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 191.536876][ T2968] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 191.545323][ T2968] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 191.554100][ T2968] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 191.562638][ T2968] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 191.571093][ T2968] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 191.579514][ T2968] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 191.587785][ T2968] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 191.596806][ T2968] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 191.608752][ T7888] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 191.620614][ T7888] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 191.636217][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 191.644787][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 191.654885][ T7884] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 191.666138][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 191.674165][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 191.686640][ T7892] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.712736][ T7888] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 191.729519][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 191.738251][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 191.747305][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.754442][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.762514][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 191.771834][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 191.780311][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.787486][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.795447][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 191.852972][ T7885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 191.873780][ T7885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 191.885279][ T7885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 191.894502][ T7885] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 191.903636][ T7885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 191.912481][ T7885] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 191.921829][ T7885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 191.930788][ T7885] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 191.939270][ T7885] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 191.950763][ T7884] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 191.963477][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 191.975041][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 191.986148][ T7892] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 192.010450][ T7892] 8021q: adding VLAN 0 to HW filter on device batadv0 00:58:42 executing program 3: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) socket$inet(0x2, 0x3, 0x83) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x0, 0xfffffffffffffffc}, 0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bind$inet(r2, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 00:58:42 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.threads\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) 00:58:42 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000140)='/dev/loop#\x00', 0x0, 0x100082) memfd_create(&(0x7f00000002c0)='wlan1\x00d5sum\x00', 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0xfdfdffff, "b92481f2b6049517f74de08916cf213343b15d035fc2fe51426f3c9125e1da89cad2929cd06aca1bd4b0a988279268e61234ff8a41cd19abd481eb55130d64ca", "a3510a8deb27705deb2fac58f4f379ddd8e50e8d868ee0425ecfc1c6f4a716df3e4be867d973bcc3e056a1a04eafdeacbd0e434a62db69a6bd53316c42f16b21", "f0642b0793a51cd04ad5c00d6cf24b506d17a8df96c5968a4226e09f847e4b08"}) 00:58:42 executing program 0: r0 = socket$inet(0x2, 0x80001, 0x84) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) sendmsg(r0, &(0x7f0000000000)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x57, &(0x7f00000002c0)=[{&(0x7f0000001840), 0xff81}], 0x1}, 0x0) 00:58:42 executing program 1: r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x8) accept(r0, 0x0, 0x0) accept4(r0, 0x0, 0x0, 0x0) 00:58:42 executing program 4: r0 = open(&(0x7f00000008c0)='./file0\x00', 0x20141046, 0x0) write$binfmt_aout(r0, &(0x7f0000000180)=ANY=[@ANYBLOB='^'], 0x1) [ 192.171504][ C0] hrtimer: interrupt took 27578 ns [ 192.275588][ T7966] check_preemption_disabled: 1 callbacks suppressed [ 192.275613][ T7966] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7966 [ 192.292283][ T7966] caller is sk_mc_loop+0x1d/0x210 [ 192.297422][ T7966] CPU: 1 PID: 7966 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 192.306471][ T7966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 192.316539][ T7966] Call Trace: [ 192.319866][ T7966] dump_stack+0x172/0x1f0 [ 192.324226][ T7966] __this_cpu_preempt_check+0x246/0x270 [ 192.329798][ T7966] sk_mc_loop+0x1d/0x210 [ 192.334073][ T7966] ip_mc_output+0x2ef/0xf70 [ 192.338602][ T7966] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 192.343820][ T7966] ? __ip_make_skb+0xf15/0x1820 [ 192.348718][ T7966] ? ip_append_data.part.0+0x170/0x170 [ 192.354195][ T7966] ? dst_release+0x62/0xb0 [ 192.358658][ T7966] ? __ip_make_skb+0xf93/0x1820 [ 192.363559][ T7966] ip_local_out+0xc4/0x1b0 [ 192.367997][ T7966] ip_send_skb+0x42/0xf0 [ 192.372259][ T7966] ip_push_pending_frames+0x64/0x80 [ 192.377479][ T7966] raw_sendmsg+0x1e6d/0x2f20 [ 192.382098][ T7966] ? compat_raw_getsockopt+0x100/0x100 [ 192.387572][ T7966] ? find_held_lock+0x35/0x130 [ 192.392366][ T7966] ? __lock_acquire+0x548/0x3fb0 [ 192.397352][ T7966] ? ___might_sleep+0x163/0x280 [ 192.402328][ T7966] ? __might_sleep+0x95/0x190 [ 192.407115][ T7966] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 192.412758][ T7966] ? aa_sk_perm+0x288/0x880 [ 192.417284][ T7966] ? lockdep_hardirqs_on+0x418/0x5d0 [ 192.422606][ T7966] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 192.428175][ T7966] inet_sendmsg+0x147/0x5e0 [ 192.432784][ T7966] ? compat_raw_getsockopt+0x100/0x100 [ 192.438367][ T7966] ? inet_sendmsg+0x147/0x5e0 [ 192.443152][ T7966] ? ipip_gro_receive+0x100/0x100 [ 192.448200][ T7966] sock_sendmsg+0xdd/0x130 [ 192.452652][ T7966] kernel_sendmsg+0x44/0x50 [ 192.457200][ T7966] sock_no_sendpage+0x116/0x150 [ 192.462070][ T7966] ? sock_kfree_s+0x70/0x70 [ 192.466623][ T7966] inet_sendpage+0x44a/0x630 [ 192.471242][ T7966] kernel_sendpage+0x95/0xf0 [ 192.475958][ T7966] ? inet_sendmsg+0x5e0/0x5e0 [ 192.480693][ T7966] sock_sendpage+0x8b/0xc0 [ 192.485131][ T7966] ? pipe_lock+0x6e/0x80 [ 192.489574][ T7966] pipe_to_sendpage+0x299/0x370 [ 192.494460][ T7966] ? kernel_sendpage+0xf0/0xf0 [ 192.499250][ T7966] ? direct_splice_actor+0x1a0/0x1a0 [ 192.504557][ T7966] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.510820][ T7966] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 192.516929][ T7966] __splice_from_pipe+0x395/0x7d0 00:58:42 executing program 0: r0 = socket$inet(0x2, 0x80001, 0x84) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) sendmsg(r0, &(0x7f0000000000)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x57, &(0x7f00000002c0)=[{&(0x7f0000001840), 0xff81}], 0x1}, 0x0) 00:58:42 executing program 4: syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r0 = syz_open_dev$audion(0x0, 0x0, 0x0) ioctl$VIDIOC_G_OUTPUT(r0, 0x8004562e, 0x0) [ 192.521977][ T7966] ? direct_splice_actor+0x1a0/0x1a0 [ 192.527288][ T7966] ? direct_splice_actor+0x1a0/0x1a0 [ 192.532679][ T7966] splice_from_pipe+0x108/0x170 [ 192.537550][ T7966] ? splice_shrink_spd+0xd0/0xd0 [ 192.542506][ T7966] ? apparmor_file_permission+0x25/0x30 [ 192.542536][ T7966] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.542554][ T7966] ? security_file_permission+0x94/0x380 [ 192.542573][ T7966] generic_splice_sendpage+0x3c/0x50 [ 192.542586][ T7966] ? splice_from_pipe+0x170/0x170 [ 192.542601][ T7966] do_splice+0x70a/0x13c0 [ 192.542626][ T7966] ? opipe_prep.part.0+0x2d0/0x2d0 [ 192.542648][ T7966] ? __fget_light+0x1a9/0x230 [ 192.542666][ T7966] __x64_sys_splice+0x2c6/0x330 [ 192.570597][ T7966] do_syscall_64+0x103/0x610 [ 192.570618][ T7966] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.570630][ T7966] RIP: 0033:0x4582b9 [ 192.570645][ T7966] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00:58:42 executing program 5: r0 = memfd_create(&(0x7f0000000100)='#em3#/\x00', 0x0) write$P9_RXATTRWALK(r0, &(0x7f0000000080)={0xfffffffffffffe3f}, 0x1) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8000000}) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xb, 0x11, r0, 0x0) mincore(&(0x7f0000005000/0x4000)=nil, 0x4000, &(0x7f00000000c0)=""/15) 00:58:42 executing program 0: r0 = socket$inet(0x2, 0x80001, 0x84) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000200)=0x7, 0x4) sendmsg(r0, &(0x7f0000000000)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x57, &(0x7f00000002c0)=[{&(0x7f0000001840), 0xff81}], 0x1}, 0x0) [ 192.570652][ T7966] RSP: 002b:00007f9863070c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 192.570665][ T7966] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 192.570673][ T7966] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 192.570681][ T7966] RBP: 000000000073bfa0 R08: 0000000000010005 R09: 0000000000000000 [ 192.570689][ T7966] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f98630716d4 [ 192.570697][ T7966] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff 00:58:42 executing program 4: r0 = socket$unix(0x1, 0x1, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0xffffff7c) r1 = socket$unix(0x1, 0x1, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) listen(r1, 0x0) connect$unix(r0, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) semget$private(0x0, 0x0, 0x0) write$P9_RUNLINKAT(r0, 0x0, 0x0) [ 192.571515][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 192.672295][ T7966] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7966 [ 192.688618][ T7966] caller is sk_mc_loop+0x1d/0x210 [ 192.693734][ T7966] CPU: 1 PID: 7966 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 192.702775][ T7966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 192.712878][ T7966] Call Trace: [ 192.716189][ T7966] dump_stack+0x172/0x1f0 [ 192.720539][ T7966] __this_cpu_preempt_check+0x246/0x270 [ 192.726103][ T7966] sk_mc_loop+0x1d/0x210 [ 192.730371][ T7966] ip_mc_output+0x2ef/0xf70 [ 192.734902][ T7966] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 192.740030][ T7966] ? __ip_make_skb+0xf15/0x1820 [ 192.744905][ T7966] ? ip_append_data.part.0+0x170/0x170 [ 192.750394][ T7966] ? dst_release+0x62/0xb0 [ 192.754882][ T7966] ? __ip_make_skb+0xf93/0x1820 [ 192.759758][ T7966] ip_local_out+0xc4/0x1b0 [ 192.764199][ T7966] ip_send_skb+0x42/0xf0 [ 192.768457][ T7966] ip_push_pending_frames+0x64/0x80 [ 192.773673][ T7966] raw_sendmsg+0x1e6d/0x2f20 [ 192.782034][ T7966] ? compat_raw_getsockopt+0x100/0x100 [ 192.787525][ T7966] ? find_held_lock+0x35/0x130 [ 192.792414][ T7966] ? __lock_acquire+0x548/0x3fb0 [ 192.797401][ T7966] ? ___might_sleep+0x163/0x280 [ 192.802377][ T7966] ? __might_sleep+0x95/0x190 [ 192.807083][ T7966] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 192.812855][ T7966] ? aa_sk_perm+0x288/0x880 [ 192.817406][ T7966] ? lockdep_hardirqs_on+0x418/0x5d0 [ 192.822728][ T7966] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 192.828300][ T7966] inet_sendmsg+0x147/0x5e0 [ 192.832826][ T7966] ? compat_raw_getsockopt+0x100/0x100 [ 192.838301][ T7966] ? inet_sendmsg+0x147/0x5e0 [ 192.842996][ T7966] ? ipip_gro_receive+0x100/0x100 [ 192.848047][ T7966] sock_sendmsg+0xdd/0x130 [ 192.852484][ T7966] kernel_sendmsg+0x44/0x50 [ 192.856999][ T7966] sock_no_sendpage+0x116/0x150 [ 192.861870][ T7966] ? sock_kfree_s+0x70/0x70 [ 192.866410][ T7966] inet_sendpage+0x44a/0x630 [ 192.871102][ T7966] kernel_sendpage+0x95/0xf0 [ 192.875696][ T7966] ? inet_sendmsg+0x5e0/0x5e0 00:58:42 executing program 0: r0 = socket$inet(0x2, 0x80001, 0x84) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000200)=0x7, 0x4) sendmsg(r0, &(0x7f0000000000)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x57, &(0x7f00000002c0)=[{&(0x7f0000001840), 0xff81}], 0x1}, 0x0) [ 192.875717][ T7966] sock_sendpage+0x8b/0xc0 [ 192.875733][ T7966] ? pipe_lock+0x6e/0x80 [ 192.875754][ T7966] pipe_to_sendpage+0x299/0x370 [ 192.894367][ T7966] ? kernel_sendpage+0xf0/0xf0 [ 192.899157][ T7966] ? direct_splice_actor+0x1a0/0x1a0 [ 192.904459][ T7966] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.910710][ T7966] ? anon_pipe_buf_release+0x1c6/0x270 [ 192.916185][ T7966] __splice_from_pipe+0x395/0x7d0 [ 192.921228][ T7966] ? direct_splice_actor+0x1a0/0x1a0 [ 192.926640][ T7966] ? direct_splice_actor+0x1a0/0x1a0 [ 192.932423][ T7966] splice_from_pipe+0x108/0x170 [ 192.937293][ T7966] ? splice_shrink_spd+0xd0/0xd0 [ 192.942260][ T7966] ? apparmor_file_permission+0x25/0x30 [ 192.947825][ T7966] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.954091][ T7966] ? security_file_permission+0x94/0x380 [ 192.954115][ T7966] generic_splice_sendpage+0x3c/0x50 [ 192.954130][ T7966] ? splice_from_pipe+0x170/0x170 [ 192.954151][ T7966] do_splice+0x70a/0x13c0 [ 192.974528][ T7966] ? opipe_prep.part.0+0x2d0/0x2d0 [ 192.979671][ T7966] ? __fget_light+0x1a9/0x230 [ 192.984378][ T7966] __x64_sys_splice+0x2c6/0x330 [ 192.989374][ T7966] do_syscall_64+0x103/0x610 [ 192.993995][ T7966] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.999908][ T7966] RIP: 0033:0x4582b9 [ 193.003813][ T7966] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 193.023429][ T7966] RSP: 002b:00007f9863070c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 193.023445][ T7966] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 193.023452][ T7966] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 193.023459][ T7966] RBP: 000000000073bfa0 R08: 0000000000010005 R09: 0000000000000000 [ 193.023466][ T7966] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f98630716d4 [ 193.023475][ T7966] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 193.023934][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 193.078068][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 193.127500][ T7966] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7966 [ 193.137133][ T7966] caller is sk_mc_loop+0x1d/0x210 [ 193.142249][ T7966] CPU: 1 PID: 7966 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 193.151292][ T7966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 193.161386][ T7966] Call Trace: [ 193.161411][ T7966] dump_stack+0x172/0x1f0 [ 193.161434][ T7966] __this_cpu_preempt_check+0x246/0x270 [ 193.161455][ T7966] sk_mc_loop+0x1d/0x210 [ 193.169073][ T7966] ip_mc_output+0x2ef/0xf70 [ 193.183374][ T7966] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 193.188491][ T7966] ? __ip_make_skb+0xf15/0x1820 [ 193.188510][ T7966] ? ip_append_data.part.0+0x170/0x170 [ 193.188531][ T7966] ? dst_release+0x62/0xb0 [ 193.204196][ T7966] ? __ip_make_skb+0xf93/0x1820 [ 193.209072][ T7966] ip_local_out+0xc4/0x1b0 [ 193.213519][ T7966] ip_send_skb+0x42/0xf0 [ 193.213537][ T7966] ip_push_pending_frames+0x64/0x80 [ 193.213560][ T7966] raw_sendmsg+0x1e6d/0x2f20 [ 193.227607][ T7966] ? compat_raw_getsockopt+0x100/0x100 [ 193.233182][ T7966] ? find_held_lock+0x35/0x130 [ 193.237970][ T7966] ? __lock_acquire+0x548/0x3fb0 [ 193.242949][ T7966] ? ___might_sleep+0x163/0x280 [ 193.247821][ T7966] ? __might_sleep+0x95/0x190 [ 193.252624][ T7966] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 193.258289][ T7966] ? aa_sk_perm+0x288/0x880 [ 193.262822][ T7966] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 193.268404][ T7966] inet_sendmsg+0x147/0x5e0 [ 193.272917][ T7966] ? compat_raw_getsockopt+0x100/0x100 [ 193.278395][ T7966] ? inet_sendmsg+0x147/0x5e0 [ 193.283081][ T7966] ? ipip_gro_receive+0x100/0x100 [ 193.288115][ T7966] sock_sendmsg+0xdd/0x130 [ 193.292542][ T7966] kernel_sendmsg+0x44/0x50 [ 193.297062][ T7966] sock_no_sendpage+0x116/0x150 [ 193.301938][ T7966] ? sock_kfree_s+0x70/0x70 [ 193.306455][ T7966] ? debug_check_no_obj_freed+0x211/0x444 [ 193.312202][ T7966] ? mark_held_locks+0xa4/0xf0 [ 193.316992][ T7966] inet_sendpage+0x44a/0x630 [ 193.321610][ T7966] kernel_sendpage+0x95/0xf0 [ 193.326225][ T7966] ? inet_sendmsg+0x5e0/0x5e0 [ 193.330926][ T7966] sock_sendpage+0x8b/0xc0 [ 193.335372][ T7966] ? lockdep_hardirqs_on+0x418/0x5d0 [ 193.340683][ T7966] pipe_to_sendpage+0x299/0x370 [ 193.345566][ T7966] ? kernel_sendpage+0xf0/0xf0 [ 193.350323][ T7966] ? direct_splice_actor+0x1a0/0x1a0 [ 193.355595][ T7966] ? __put_page+0x92/0xd0 [ 193.359950][ T7966] ? anon_pipe_buf_release+0x1c6/0x270 [ 193.365418][ T7966] __splice_from_pipe+0x395/0x7d0 [ 193.370571][ T7966] ? direct_splice_actor+0x1a0/0x1a0 [ 193.376040][ T7966] ? direct_splice_actor+0x1a0/0x1a0 [ 193.381321][ T7966] splice_from_pipe+0x108/0x170 [ 193.386174][ T7966] ? splice_shrink_spd+0xd0/0xd0 [ 193.391309][ T7966] ? apparmor_file_permission+0x25/0x30 [ 193.396849][ T7966] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 193.403109][ T7966] ? security_file_permission+0x94/0x380 [ 193.408758][ T7966] generic_splice_sendpage+0x3c/0x50 [ 193.414047][ T7966] ? splice_from_pipe+0x170/0x170 [ 193.419083][ T7966] do_splice+0x70a/0x13c0 [ 193.423434][ T7966] ? opipe_prep.part.0+0x2d0/0x2d0 [ 193.428547][ T7966] ? __fget_light+0x1a9/0x230 [ 193.433238][ T7966] __x64_sys_splice+0x2c6/0x330 [ 193.438082][ T7966] do_syscall_64+0x103/0x610 [ 193.442689][ T7966] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 193.448599][ T7966] RIP: 0033:0x4582b9 [ 193.452573][ T7966] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 193.472250][ T7966] RSP: 002b:00007f9863070c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 193.480661][ T7966] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 193.488632][ T7966] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 193.496591][ T7966] RBP: 000000000073bfa0 R08: 0000000000010005 R09: 0000000000000000 [ 193.504554][ T7966] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f98630716d4 [ 193.512517][ T7966] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 193.523769][ T7966] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7966 [ 193.533209][ T7966] caller is sk_mc_loop+0x1d/0x210 [ 193.538252][ T7966] CPU: 0 PID: 7966 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 193.547384][ T7966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 193.557562][ T7966] Call Trace: [ 193.560888][ T7966] dump_stack+0x172/0x1f0 [ 193.565233][ T7966] __this_cpu_preempt_check+0x246/0x270 [ 193.570763][ T7966] sk_mc_loop+0x1d/0x210 [ 193.574992][ T7966] ip_mc_output+0x2ef/0xf70 [ 193.579498][ T7966] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 193.584592][ T7966] ? __ip_make_skb+0xf15/0x1820 [ 193.589442][ T7966] ? ip_append_data.part.0+0x170/0x170 [ 193.594882][ T7966] ? dst_release+0x62/0xb0 [ 193.599277][ T7966] ? __ip_make_skb+0xf93/0x1820 [ 193.604119][ T7966] ip_local_out+0xc4/0x1b0 [ 193.608561][ T7966] ip_send_skb+0x42/0xf0 [ 193.612821][ T7966] ip_push_pending_frames+0x64/0x80 [ 193.618023][ T7966] raw_sendmsg+0x1e6d/0x2f20 [ 193.622602][ T7966] ? compat_raw_getsockopt+0x100/0x100 [ 193.628042][ T7966] ? find_held_lock+0x35/0x130 [ 193.632786][ T7966] ? __lock_acquire+0x548/0x3fb0 [ 193.637713][ T7966] ? ___might_sleep+0x163/0x280 [ 193.642546][ T7966] ? __might_sleep+0x95/0x190 [ 193.647205][ T7966] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 193.652818][ T7966] ? aa_sk_perm+0x288/0x880 [ 193.657311][ T7966] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 193.662839][ T7966] inet_sendmsg+0x147/0x5e0 [ 193.667343][ T7966] ? compat_raw_getsockopt+0x100/0x100 [ 193.672788][ T7966] ? inet_sendmsg+0x147/0x5e0 [ 193.677471][ T7966] ? ipip_gro_receive+0x100/0x100 [ 193.682581][ T7966] sock_sendmsg+0xdd/0x130 [ 193.686998][ T7966] kernel_sendmsg+0x44/0x50 [ 193.691484][ T7966] sock_no_sendpage+0x116/0x150 [ 193.696316][ T7966] ? sock_kfree_s+0x70/0x70 [ 193.700804][ T7966] ? debug_check_no_obj_freed+0x211/0x444 [ 193.706510][ T7966] ? mark_held_locks+0xa4/0xf0 [ 193.711261][ T7966] inet_sendpage+0x44a/0x630 [ 193.715835][ T7966] kernel_sendpage+0x95/0xf0 [ 193.720409][ T7966] ? inet_sendmsg+0x5e0/0x5e0 [ 193.725074][ T7966] sock_sendpage+0x8b/0xc0 [ 193.729473][ T7966] ? lockdep_hardirqs_on+0x418/0x5d0 [ 193.734760][ T7966] pipe_to_sendpage+0x299/0x370 [ 193.739593][ T7966] ? kernel_sendpage+0xf0/0xf0 [ 193.744427][ T7966] ? direct_splice_actor+0x1a0/0x1a0 [ 193.749708][ T7966] ? __put_page+0x92/0xd0 [ 193.754040][ T7966] ? anon_pipe_buf_release+0x1c6/0x270 [ 193.759483][ T7966] __splice_from_pipe+0x395/0x7d0 [ 193.764505][ T7966] ? direct_splice_actor+0x1a0/0x1a0 [ 193.769802][ T7966] ? direct_splice_actor+0x1a0/0x1a0 [ 193.775091][ T7966] splice_from_pipe+0x108/0x170 [ 193.779926][ T7966] ? splice_shrink_spd+0xd0/0xd0 [ 193.784883][ T7966] ? apparmor_file_permission+0x25/0x30 [ 193.790414][ T7966] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 193.796665][ T7966] ? security_file_permission+0x94/0x380 [ 193.802416][ T7966] generic_splice_sendpage+0x3c/0x50 [ 193.807687][ T7966] ? splice_from_pipe+0x170/0x170 [ 193.812693][ T7966] do_splice+0x70a/0x13c0 [ 193.817007][ T7966] ? opipe_prep.part.0+0x2d0/0x2d0 [ 193.822112][ T7966] ? __fget_light+0x1a9/0x230 [ 193.826789][ T7966] __x64_sys_splice+0x2c6/0x330 [ 193.831627][ T7966] do_syscall_64+0x103/0x610 [ 193.836201][ T7966] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 193.842071][ T7966] RIP: 0033:0x4582b9 [ 193.845946][ T7966] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 193.865538][ T7966] RSP: 002b:00007f9863070c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 193.873962][ T7966] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 193.881917][ T7966] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 193.889878][ T7966] RBP: 000000000073bfa0 R08: 0000000000010005 R09: 0000000000000000 [ 193.897846][ T7966] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f98630716d4 [ 193.905810][ T7966] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 193.923962][ T7966] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7966 [ 193.934073][ T7966] caller is sk_mc_loop+0x1d/0x210 [ 193.939152][ T7966] CPU: 0 PID: 7966 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 193.948175][ T7966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 193.958233][ T7966] Call Trace: [ 193.961514][ T7966] dump_stack+0x172/0x1f0 [ 193.965901][ T7966] __this_cpu_preempt_check+0x246/0x270 [ 193.971430][ T7966] sk_mc_loop+0x1d/0x210 [ 193.975677][ T7966] ip_mc_output+0x2ef/0xf70 [ 193.980182][ T7966] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 193.985288][ T7966] ? __ip_make_skb+0xf15/0x1820 [ 193.990131][ T7966] ? ip_append_data.part.0+0x170/0x170 [ 193.995572][ T7966] ? dst_release+0x62/0xb0 [ 193.999975][ T7966] ? __ip_make_skb+0xf93/0x1820 [ 194.004808][ T7966] ip_local_out+0xc4/0x1b0 [ 194.009209][ T7966] ip_send_skb+0x42/0xf0 [ 194.013452][ T7966] ip_push_pending_frames+0x64/0x80 [ 194.018652][ T7966] raw_sendmsg+0x1e6d/0x2f20 [ 194.023246][ T7966] ? compat_raw_getsockopt+0x100/0x100 [ 194.028709][ T7966] ? find_held_lock+0x35/0x130 [ 194.033458][ T7966] ? __lock_acquire+0x548/0x3fb0 [ 194.038417][ T7966] ? ___might_sleep+0x163/0x280 [ 194.043272][ T7966] ? __might_sleep+0x95/0x190 [ 194.047937][ T7966] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 194.053548][ T7966] ? aa_sk_perm+0x288/0x880 [ 194.058036][ T7966] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 194.063590][ T7966] inet_sendmsg+0x147/0x5e0 [ 194.068074][ T7966] ? compat_raw_getsockopt+0x100/0x100 [ 194.073526][ T7966] ? inet_sendmsg+0x147/0x5e0 [ 194.078184][ T7966] ? ipip_gro_receive+0x100/0x100 [ 194.083276][ T7966] sock_sendmsg+0xdd/0x130 [ 194.087679][ T7966] kernel_sendmsg+0x44/0x50 [ 194.092165][ T7966] sock_no_sendpage+0x116/0x150 [ 194.097003][ T7966] ? sock_kfree_s+0x70/0x70 [ 194.101511][ T7966] ? debug_check_no_obj_freed+0x211/0x444 [ 194.107233][ T7966] ? mark_held_locks+0xa4/0xf0 [ 194.111986][ T7966] inet_sendpage+0x44a/0x630 [ 194.116581][ T7966] kernel_sendpage+0x95/0xf0 [ 194.121161][ T7966] ? inet_sendmsg+0x5e0/0x5e0 [ 194.125823][ T7966] sock_sendpage+0x8b/0xc0 [ 194.130399][ T7966] ? lockdep_hardirqs_on+0x418/0x5d0 [ 194.135667][ T7966] pipe_to_sendpage+0x299/0x370 [ 194.140527][ T7966] ? kernel_sendpage+0xf0/0xf0 [ 194.145274][ T7966] ? direct_splice_actor+0x1a0/0x1a0 [ 194.150540][ T7966] ? __put_page+0x92/0xd0 [ 194.154852][ T7966] ? anon_pipe_buf_release+0x1c6/0x270 [ 194.160295][ T7966] __splice_from_pipe+0x395/0x7d0 [ 194.165299][ T7966] ? direct_splice_actor+0x1a0/0x1a0 [ 194.170585][ T7966] ? direct_splice_actor+0x1a0/0x1a0 [ 194.175848][ T7966] splice_from_pipe+0x108/0x170 [ 194.180687][ T7966] ? splice_shrink_spd+0xd0/0xd0 [ 194.185616][ T7966] ? apparmor_file_permission+0x25/0x30 [ 194.191153][ T7966] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.197411][ T7966] ? security_file_permission+0x94/0x380 [ 194.203037][ T7966] generic_splice_sendpage+0x3c/0x50 [ 194.208309][ T7966] ? splice_from_pipe+0x170/0x170 [ 194.213327][ T7966] do_splice+0x70a/0x13c0 [ 194.217675][ T7966] ? opipe_prep.part.0+0x2d0/0x2d0 [ 194.222774][ T7966] ? __fget_light+0x1a9/0x230 [ 194.227439][ T7966] __x64_sys_splice+0x2c6/0x330 [ 194.232456][ T7966] do_syscall_64+0x103/0x610 [ 194.237058][ T7966] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.242940][ T7966] RIP: 0033:0x4582b9 [ 194.246821][ T7966] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 194.266408][ T7966] RSP: 002b:00007f9863070c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 194.274812][ T7966] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 194.282790][ T7966] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 194.290748][ T7966] RBP: 000000000073bfa0 R08: 0000000000010005 R09: 0000000000000000 [ 194.298705][ T7966] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f98630716d4 [ 194.306674][ T7966] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 194.318302][ T7966] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7966 [ 194.328098][ T7966] caller is sk_mc_loop+0x1d/0x210 [ 194.333383][ T7966] CPU: 0 PID: 7966 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 194.342424][ T7966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 194.352462][ T7966] Call Trace: [ 194.355740][ T7966] dump_stack+0x172/0x1f0 [ 194.360084][ T7966] __this_cpu_preempt_check+0x246/0x270 [ 194.365613][ T7966] sk_mc_loop+0x1d/0x210 [ 194.369837][ T7966] ip_mc_output+0x2ef/0xf70 [ 194.374949][ T7966] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 194.380068][ T7966] ? __ip_make_skb+0xf15/0x1820 [ 194.384940][ T7966] ? ip_append_data.part.0+0x170/0x170 [ 194.390515][ T7966] ? dst_release+0x62/0xb0 [ 194.394924][ T7966] ? __ip_make_skb+0xf93/0x1820 [ 194.399779][ T7966] ip_local_out+0xc4/0x1b0 [ 194.404218][ T7966] ip_send_skb+0x42/0xf0 [ 194.408458][ T7966] ip_push_pending_frames+0x64/0x80 [ 194.413648][ T7966] raw_sendmsg+0x1e6d/0x2f20 [ 194.418256][ T7966] ? compat_raw_getsockopt+0x100/0x100 [ 194.423732][ T7966] ? find_held_lock+0x35/0x130 [ 194.428486][ T7966] ? __lock_acquire+0x548/0x3fb0 [ 194.433426][ T7966] ? ___might_sleep+0x163/0x280 [ 194.438552][ T7966] ? __might_sleep+0x95/0x190 [ 194.443230][ T7966] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 194.448909][ T7966] ? aa_sk_perm+0x288/0x880 [ 194.453426][ T7966] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 194.458964][ T7966] inet_sendmsg+0x147/0x5e0 [ 194.463451][ T7966] ? compat_raw_getsockopt+0x100/0x100 [ 194.468902][ T7966] ? inet_sendmsg+0x147/0x5e0 [ 194.473593][ T7966] ? ipip_gro_receive+0x100/0x100 [ 194.478639][ T7966] sock_sendmsg+0xdd/0x130 [ 194.483051][ T7966] kernel_sendmsg+0x44/0x50 [ 194.487833][ T7966] sock_no_sendpage+0x116/0x150 [ 194.492691][ T7966] ? sock_kfree_s+0x70/0x70 [ 194.497183][ T7966] ? debug_check_no_obj_freed+0x211/0x444 [ 194.502900][ T7966] ? mark_held_locks+0xa4/0xf0 [ 194.507675][ T7966] inet_sendpage+0x44a/0x630 [ 194.512373][ T7966] kernel_sendpage+0x95/0xf0 [ 194.516968][ T7966] ? inet_sendmsg+0x5e0/0x5e0 [ 194.521633][ T7966] sock_sendpage+0x8b/0xc0 [ 194.526036][ T7966] ? lockdep_hardirqs_on+0x418/0x5d0 [ 194.531308][ T7966] pipe_to_sendpage+0x299/0x370 [ 194.536151][ T7966] ? kernel_sendpage+0xf0/0xf0 [ 194.540926][ T7966] ? direct_splice_actor+0x1a0/0x1a0 [ 194.546199][ T7966] ? __put_page+0x92/0xd0 [ 194.550524][ T7966] ? anon_pipe_buf_release+0x1c6/0x270 [ 194.555981][ T7966] __splice_from_pipe+0x395/0x7d0 [ 194.561013][ T7966] ? direct_splice_actor+0x1a0/0x1a0 [ 194.566306][ T7966] ? direct_splice_actor+0x1a0/0x1a0 [ 194.571596][ T7966] splice_from_pipe+0x108/0x170 [ 194.576443][ T7966] ? splice_shrink_spd+0xd0/0xd0 [ 194.581393][ T7966] ? apparmor_file_permission+0x25/0x30 [ 194.586934][ T7966] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.593736][ T7966] ? security_file_permission+0x94/0x380 [ 194.599504][ T7966] generic_splice_sendpage+0x3c/0x50 [ 194.604791][ T7966] ? splice_from_pipe+0x170/0x170 [ 194.609816][ T7966] do_splice+0x70a/0x13c0 [ 194.614138][ T7966] ? opipe_prep.part.0+0x2d0/0x2d0 [ 194.619236][ T7966] ? __fget_light+0x1a9/0x230 [ 194.623901][ T7966] __x64_sys_splice+0x2c6/0x330 [ 194.628744][ T7966] do_syscall_64+0x103/0x610 [ 194.633322][ T7966] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.639204][ T7966] RIP: 0033:0x4582b9 [ 194.643082][ T7966] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 194.662670][ T7966] RSP: 002b:00007f9863070c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 194.671066][ T7966] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 194.679022][ T7966] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 194.686978][ T7966] RBP: 000000000073bfa0 R08: 0000000000010005 R09: 0000000000000000 [ 194.694928][ T7966] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f98630716d4 [ 194.702880][ T7966] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 194.715164][ T7966] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7966 [ 194.725152][ T7966] caller is sk_mc_loop+0x1d/0x210 [ 194.730507][ T7966] CPU: 0 PID: 7966 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 194.739555][ T7966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 194.749643][ T7966] Call Trace: [ 194.753008][ T7966] dump_stack+0x172/0x1f0 [ 194.757758][ T7966] __this_cpu_preempt_check+0x246/0x270 [ 194.763296][ T7966] sk_mc_loop+0x1d/0x210 [ 194.767527][ T7966] ip_mc_output+0x2ef/0xf70 [ 194.772020][ T7966] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 194.777125][ T7966] ? __ip_make_skb+0xf15/0x1820 [ 194.781967][ T7966] ? ip_append_data.part.0+0x170/0x170 [ 194.787406][ T7966] ? dst_release+0x62/0xb0 [ 194.791808][ T7966] ? __ip_make_skb+0xf93/0x1820 [ 194.796668][ T7966] ip_local_out+0xc4/0x1b0 [ 194.801073][ T7966] ip_send_skb+0x42/0xf0 [ 194.805298][ T7966] ip_push_pending_frames+0x64/0x80 [ 194.810490][ T7966] raw_sendmsg+0x1e6d/0x2f20 [ 194.815087][ T7966] ? compat_raw_getsockopt+0x100/0x100 [ 194.820647][ T7966] ? find_held_lock+0x35/0x130 [ 194.828753][ T7966] ? __lock_acquire+0x548/0x3fb0 [ 194.833685][ T7966] ? ___might_sleep+0x163/0x280 [ 194.838517][ T7966] ? __might_sleep+0x95/0x190 [ 194.843179][ T7966] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 194.848790][ T7966] ? aa_sk_perm+0x288/0x880 [ 194.853281][ T7966] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 194.858830][ T7966] inet_sendmsg+0x147/0x5e0 [ 194.863356][ T7966] ? compat_raw_getsockopt+0x100/0x100 [ 194.868808][ T7966] ? inet_sendmsg+0x147/0x5e0 [ 194.873474][ T7966] ? ipip_gro_receive+0x100/0x100 [ 194.878575][ T7966] sock_sendmsg+0xdd/0x130 [ 194.882979][ T7966] kernel_sendmsg+0x44/0x50 [ 194.887470][ T7966] sock_no_sendpage+0x116/0x150 [ 194.892304][ T7966] ? sock_kfree_s+0x70/0x70 [ 194.896795][ T7966] ? debug_check_no_obj_freed+0x211/0x444 [ 194.902502][ T7966] ? mark_held_locks+0xa4/0xf0 [ 194.907250][ T7966] inet_sendpage+0x44a/0x630 [ 194.911826][ T7966] kernel_sendpage+0x95/0xf0 [ 194.916396][ T7966] ? inet_sendmsg+0x5e0/0x5e0 [ 194.921064][ T7966] sock_sendpage+0x8b/0xc0 [ 194.925467][ T7966] ? lockdep_hardirqs_on+0x418/0x5d0 [ 194.930738][ T7966] pipe_to_sendpage+0x299/0x370 [ 194.935572][ T7966] ? kernel_sendpage+0xf0/0xf0 [ 194.940324][ T7966] ? direct_splice_actor+0x1a0/0x1a0 [ 194.945601][ T7966] ? __put_page+0x92/0xd0 [ 194.949942][ T7966] ? anon_pipe_buf_release+0x1c6/0x270 [ 194.955408][ T7966] __splice_from_pipe+0x395/0x7d0 [ 194.960452][ T7966] ? direct_splice_actor+0x1a0/0x1a0 [ 194.965732][ T7966] ? direct_splice_actor+0x1a0/0x1a0 [ 194.971027][ T7966] splice_from_pipe+0x108/0x170 [ 194.975892][ T7966] ? splice_shrink_spd+0xd0/0xd0 [ 194.980838][ T7966] ? apparmor_file_permission+0x25/0x30 [ 194.986412][ T7966] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.992653][ T7966] ? security_file_permission+0x94/0x380 [ 194.998300][ T7966] generic_splice_sendpage+0x3c/0x50 [ 195.003572][ T7966] ? splice_from_pipe+0x170/0x170 [ 195.008587][ T7966] do_splice+0x70a/0x13c0 [ 195.013430][ T7966] ? opipe_prep.part.0+0x2d0/0x2d0 [ 195.018532][ T7966] ? __fget_light+0x1a9/0x230 [ 195.023208][ T7966] __x64_sys_splice+0x2c6/0x330 [ 195.028071][ T7966] do_syscall_64+0x103/0x610 [ 195.032671][ T7966] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 195.038563][ T7966] RIP: 0033:0x4582b9 [ 195.042441][ T7966] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 195.062045][ T7966] RSP: 002b:00007f9863070c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 195.070444][ T7966] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 195.078393][ T7966] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 195.086349][ T7966] RBP: 000000000073bfa0 R08: 0000000000010005 R09: 0000000000000000 [ 195.094337][ T7966] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f98630716d4 [ 195.102338][ T7966] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 195.111953][ T7966] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7966 [ 195.121567][ T7966] caller is sk_mc_loop+0x1d/0x210 [ 195.126614][ T7966] CPU: 0 PID: 7966 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 195.135621][ T7966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 195.145662][ T7966] Call Trace: [ 195.149029][ T7966] dump_stack+0x172/0x1f0 [ 195.153371][ T7966] __this_cpu_preempt_check+0x246/0x270 [ 195.158914][ T7966] sk_mc_loop+0x1d/0x210 [ 195.163160][ T7966] ip_mc_output+0x2ef/0xf70 [ 195.167652][ T7966] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 195.172755][ T7966] ? __ip_make_skb+0xf15/0x1820 [ 195.177624][ T7966] ? ip_append_data.part.0+0x170/0x170 [ 195.183081][ T7966] ? dst_release+0x62/0xb0 [ 195.187483][ T7966] ? __ip_make_skb+0xf93/0x1820 [ 195.192339][ T7966] ip_local_out+0xc4/0x1b0 [ 195.196756][ T7966] ip_send_skb+0x42/0xf0 [ 195.201095][ T7966] ip_push_pending_frames+0x64/0x80 [ 195.206290][ T7966] raw_sendmsg+0x1e6d/0x2f20 [ 195.210869][ T7966] ? compat_raw_getsockopt+0x100/0x100 [ 195.216401][ T7966] ? find_held_lock+0x35/0x130 [ 195.221165][ T7966] ? __lock_acquire+0x548/0x3fb0 [ 195.226113][ T7966] ? ___might_sleep+0x163/0x280 [ 195.230968][ T7966] ? __might_sleep+0x95/0x190 [ 195.235662][ T7966] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 195.241295][ T7966] ? aa_sk_perm+0x288/0x880 [ 195.245787][ T7966] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 195.251409][ T7966] inet_sendmsg+0x147/0x5e0 [ 195.255929][ T7966] ? compat_raw_getsockopt+0x100/0x100 [ 195.261395][ T7966] ? inet_sendmsg+0x147/0x5e0 [ 195.266053][ T7966] ? ipip_gro_receive+0x100/0x100 [ 195.271068][ T7966] sock_sendmsg+0xdd/0x130 [ 195.275502][ T7966] kernel_sendmsg+0x44/0x50 [ 195.279997][ T7966] sock_no_sendpage+0x116/0x150 [ 195.284829][ T7966] ? sock_kfree_s+0x70/0x70 [ 195.289318][ T7966] ? debug_check_no_obj_freed+0x211/0x444 [ 195.295024][ T7966] ? mark_held_locks+0xa4/0xf0 [ 195.299944][ T7966] inet_sendpage+0x44a/0x630 [ 195.304536][ T7966] kernel_sendpage+0x95/0xf0 [ 195.309105][ T7966] ? inet_sendmsg+0x5e0/0x5e0 [ 195.313784][ T7966] sock_sendpage+0x8b/0xc0 [ 195.318203][ T7966] ? lockdep_hardirqs_on+0x418/0x5d0 [ 195.323495][ T7966] pipe_to_sendpage+0x299/0x370 [ 195.328624][ T7966] ? kernel_sendpage+0xf0/0xf0 [ 195.333389][ T7966] ? direct_splice_actor+0x1a0/0x1a0 [ 195.338668][ T7966] ? __put_page+0x92/0xd0 [ 195.342994][ T7966] ? anon_pipe_buf_release+0x1c6/0x270 [ 195.348470][ T7966] __splice_from_pipe+0x395/0x7d0 [ 195.353484][ T7966] ? direct_splice_actor+0x1a0/0x1a0 [ 195.358749][ T7966] ? direct_splice_actor+0x1a0/0x1a0 [ 195.364036][ T7966] splice_from_pipe+0x108/0x170 [ 195.368882][ T7966] ? splice_shrink_spd+0xd0/0xd0 [ 195.373814][ T7966] ? apparmor_file_permission+0x25/0x30 [ 195.379618][ T7966] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 195.385868][ T7966] ? security_file_permission+0x94/0x380 [ 195.391581][ T7966] generic_splice_sendpage+0x3c/0x50 [ 195.396856][ T7966] ? splice_from_pipe+0x170/0x170 [ 195.401878][ T7966] do_splice+0x70a/0x13c0 [ 195.406195][ T7966] ? opipe_prep.part.0+0x2d0/0x2d0 [ 195.411314][ T7966] ? __fget_light+0x1a9/0x230 [ 195.415985][ T7966] __x64_sys_splice+0x2c6/0x330 [ 195.420880][ T7966] do_syscall_64+0x103/0x610 [ 195.425457][ T7966] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 195.431329][ T7966] RIP: 0033:0x4582b9 [ 195.435202][ T7966] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 195.454790][ T7966] RSP: 002b:00007f9863070c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 195.463224][ T7966] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 195.471198][ T7966] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 195.479154][ T7966] RBP: 000000000073bfa0 R08: 0000000000010005 R09: 0000000000000000 [ 195.487107][ T7966] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f98630716d4 [ 195.495062][ T7966] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 195.505331][ T7966] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7966 [ 195.514737][ T7966] caller is sk_mc_loop+0x1d/0x210 [ 195.520417][ T7966] CPU: 0 PID: 7966 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 195.529532][ T7966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 195.539604][ T7966] Call Trace: [ 195.542881][ T7966] dump_stack+0x172/0x1f0 [ 195.547196][ T7966] __this_cpu_preempt_check+0x246/0x270 [ 195.552720][ T7966] sk_mc_loop+0x1d/0x210 [ 195.556950][ T7966] ip_mc_output+0x2ef/0xf70 [ 195.561460][ T7966] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 195.566560][ T7966] ? __ip_make_skb+0xf15/0x1820 [ 195.571397][ T7966] ? ip_append_data.part.0+0x170/0x170 [ 195.576855][ T7966] ? dst_release+0x62/0xb0 [ 195.581259][ T7966] ? __ip_make_skb+0xf93/0x1820 [ 195.586093][ T7966] ip_local_out+0xc4/0x1b0 [ 195.590493][ T7966] ip_send_skb+0x42/0xf0 [ 195.594789][ T7966] ip_push_pending_frames+0x64/0x80 [ 195.599988][ T7966] raw_sendmsg+0x1e6d/0x2f20 [ 195.604563][ T7966] ? compat_raw_getsockopt+0x100/0x100 [ 195.610005][ T7966] ? find_held_lock+0x35/0x130 [ 195.614748][ T7966] ? __lock_acquire+0x548/0x3fb0 [ 195.619695][ T7966] ? ___might_sleep+0x163/0x280 [ 195.624526][ T7966] ? __might_sleep+0x95/0x190 [ 195.629188][ T7966] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 195.634796][ T7966] ? aa_sk_perm+0x288/0x880 [ 195.639282][ T7966] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 195.644808][ T7966] inet_sendmsg+0x147/0x5e0 [ 195.649295][ T7966] ? compat_raw_getsockopt+0x100/0x100 [ 195.654745][ T7966] ? inet_sendmsg+0x147/0x5e0 [ 195.659404][ T7966] ? ipip_gro_receive+0x100/0x100 [ 195.664408][ T7966] sock_sendmsg+0xdd/0x130 [ 195.668805][ T7966] kernel_sendmsg+0x44/0x50 [ 195.673291][ T7966] sock_no_sendpage+0x116/0x150 [ 195.678119][ T7966] ? sock_kfree_s+0x70/0x70 [ 195.682611][ T7966] ? debug_check_no_obj_freed+0x211/0x444 [ 195.688320][ T7966] ? mark_held_locks+0xa4/0xf0 [ 195.693079][ T7966] inet_sendpage+0x44a/0x630 [ 195.697673][ T7966] kernel_sendpage+0x95/0xf0 [ 195.702246][ T7966] ? inet_sendmsg+0x5e0/0x5e0 [ 195.706906][ T7966] sock_sendpage+0x8b/0xc0 [ 195.711313][ T7966] ? lockdep_hardirqs_on+0x418/0x5d0 [ 195.716585][ T7966] pipe_to_sendpage+0x299/0x370 [ 195.721438][ T7966] ? kernel_sendpage+0xf0/0xf0 [ 195.726184][ T7966] ? direct_splice_actor+0x1a0/0x1a0 [ 195.731452][ T7966] ? __put_page+0x92/0xd0 [ 195.735777][ T7966] ? anon_pipe_buf_release+0x1c6/0x270 [ 195.741219][ T7966] __splice_from_pipe+0x395/0x7d0 [ 195.747190][ T7966] ? direct_splice_actor+0x1a0/0x1a0 [ 195.752480][ T7966] ? direct_splice_actor+0x1a0/0x1a0 [ 195.757749][ T7966] splice_from_pipe+0x108/0x170 [ 195.762590][ T7966] ? splice_shrink_spd+0xd0/0xd0 [ 195.767531][ T7966] ? apparmor_file_permission+0x25/0x30 [ 195.773065][ T7966] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 195.779293][ T7966] ? security_file_permission+0x94/0x380 [ 195.785018][ T7966] generic_splice_sendpage+0x3c/0x50 [ 195.790287][ T7966] ? splice_from_pipe+0x170/0x170 [ 195.795290][ T7966] do_splice+0x70a/0x13c0 [ 195.799604][ T7966] ? opipe_prep.part.0+0x2d0/0x2d0 [ 195.804696][ T7966] ? __fget_light+0x1a9/0x230 [ 195.809355][ T7966] __x64_sys_splice+0x2c6/0x330 [ 195.814207][ T7966] do_syscall_64+0x103/0x610 [ 195.818782][ T7966] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 195.825572][ T7966] RIP: 0033:0x4582b9 [ 195.829466][ T7966] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 195.849082][ T7966] RSP: 002b:00007f9863070c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 195.857497][ T7966] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 195.865476][ T7966] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 195.873448][ T7966] RBP: 000000000073bfa0 R08: 0000000000010005 R09: 0000000000000000 [ 195.881403][ T7966] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f98630716d4 [ 195.889380][ T7966] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 195.901973][ T7966] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7966 [ 195.911423][ T7966] caller is sk_mc_loop+0x1d/0x210 [ 195.916528][ T7966] CPU: 0 PID: 7966 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 195.925526][ T7966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 195.936233][ T7966] Call Trace: [ 195.939513][ T7966] dump_stack+0x172/0x1f0 [ 195.943828][ T7966] __this_cpu_preempt_check+0x246/0x270 [ 195.949357][ T7966] sk_mc_loop+0x1d/0x210 [ 195.953590][ T7966] ip_mc_output+0x2ef/0xf70 [ 195.958075][ T7966] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 195.963168][ T7966] ? __ip_make_skb+0xf15/0x1820 [ 195.968002][ T7966] ? ip_append_data.part.0+0x170/0x170 [ 195.973530][ T7966] ? dst_release+0x62/0xb0 [ 195.977927][ T7966] ? __ip_make_skb+0xf93/0x1820 [ 195.982785][ T7966] ip_local_out+0xc4/0x1b0 [ 195.987184][ T7966] ip_send_skb+0x42/0xf0 [ 195.991422][ T7966] ip_push_pending_frames+0x64/0x80 [ 195.996685][ T7966] raw_sendmsg+0x1e6d/0x2f20 [ 196.001260][ T7966] ? compat_raw_getsockopt+0x100/0x100 [ 196.006698][ T7966] ? find_held_lock+0x35/0x130 [ 196.011471][ T7966] ? __lock_acquire+0x548/0x3fb0 [ 196.016407][ T7966] ? ___might_sleep+0x163/0x280 [ 196.021245][ T7966] ? __might_sleep+0x95/0x190 [ 196.025920][ T7966] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 196.031536][ T7966] ? aa_sk_perm+0x288/0x880 [ 196.036022][ T7966] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 196.041547][ T7966] inet_sendmsg+0x147/0x5e0 [ 196.046032][ T7966] ? compat_raw_getsockopt+0x100/0x100 [ 196.051470][ T7966] ? inet_sendmsg+0x147/0x5e0 [ 196.056126][ T7966] ? ipip_gro_receive+0x100/0x100 [ 196.061130][ T7966] sock_sendmsg+0xdd/0x130 [ 196.065525][ T7966] kernel_sendmsg+0x44/0x50 [ 196.070010][ T7966] sock_no_sendpage+0x116/0x150 [ 196.074857][ T7966] ? sock_kfree_s+0x70/0x70 [ 196.079351][ T7966] ? debug_check_no_obj_freed+0x211/0x444 [ 196.085079][ T7966] ? mark_held_locks+0xa4/0xf0 [ 196.089831][ T7966] inet_sendpage+0x44a/0x630 [ 196.094420][ T7966] kernel_sendpage+0x95/0xf0 [ 196.098988][ T7966] ? inet_sendmsg+0x5e0/0x5e0 [ 196.103645][ T7966] sock_sendpage+0x8b/0xc0 [ 196.108055][ T7966] ? lockdep_hardirqs_on+0x418/0x5d0 [ 196.113341][ T7966] pipe_to_sendpage+0x299/0x370 [ 196.118184][ T7966] ? kernel_sendpage+0xf0/0xf0 [ 196.122931][ T7966] ? direct_splice_actor+0x1a0/0x1a0 [ 196.128197][ T7966] ? __put_page+0x92/0xd0 [ 196.132508][ T7966] ? anon_pipe_buf_release+0x1c6/0x270 [ 196.137949][ T7966] __splice_from_pipe+0x395/0x7d0 [ 196.142978][ T7966] ? direct_splice_actor+0x1a0/0x1a0 [ 196.148252][ T7966] ? direct_splice_actor+0x1a0/0x1a0 [ 196.153541][ T7966] splice_from_pipe+0x108/0x170 [ 196.158400][ T7966] ? splice_shrink_spd+0xd0/0xd0 [ 196.163335][ T7966] ? apparmor_file_permission+0x25/0x30 [ 196.168891][ T7966] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 196.175171][ T7966] ? security_file_permission+0x94/0x380 [ 196.180816][ T7966] generic_splice_sendpage+0x3c/0x50 [ 196.186095][ T7966] ? splice_from_pipe+0x170/0x170 [ 196.191113][ T7966] do_splice+0x70a/0x13c0 [ 196.195433][ T7966] ? opipe_prep.part.0+0x2d0/0x2d0 [ 196.200527][ T7966] ? __fget_light+0x1a9/0x230 [ 196.205183][ T7966] __x64_sys_splice+0x2c6/0x330 [ 196.210033][ T7966] do_syscall_64+0x103/0x610 [ 196.214609][ T7966] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.220491][ T7966] RIP: 0033:0x4582b9 00:58:46 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000300)={0x26, 'aead\x00', 0x0, 0x0, 'morus640\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x5, 0x0, 0x0) 00:58:46 executing program 1: socketpair(0x1d, 0x0, 0x0, 0x0) 00:58:46 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.threads\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) 00:58:46 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.threads\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) 00:58:46 executing program 0: r0 = socket$inet(0x2, 0x80001, 0x84) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000200)=0x7, 0x4) sendmsg(r0, &(0x7f0000000000)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x57, &(0x7f00000002c0)=[{&(0x7f0000001840), 0xff81}], 0x1}, 0x0) 00:58:46 executing program 5: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_int(r2, 0x0, 0xb, &(0x7f0000000040)=0x3, 0x4) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xfffffc8f) sendto$inet(r2, 0x0, 0x0, 0xc000, &(0x7f0000000200)={0x2, 0x4e23}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) recvmsg(r2, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x2000) [ 196.224371][ T7966] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 196.243993][ T7966] RSP: 002b:00007f9863070c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 196.252480][ T7966] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 196.260441][ T7966] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 196.268398][ T7966] RBP: 000000000073bfa0 R08: 0000000000010005 R09: 0000000000000000 [ 196.276367][ T7966] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f98630716d4 [ 196.284323][ T7966] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff 00:58:46 executing program 0: bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000200)=0x7, 0x4) sendmsg(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x57, &(0x7f00000002c0)=[{&(0x7f0000001840), 0xff81}], 0x1}, 0x0) 00:58:46 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioprio_set$pid(0x2, 0x0, 0x0) clone(0x80802a4524, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 00:58:46 executing program 0: bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000200)=0x7, 0x4) sendmsg(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x57, &(0x7f00000002c0)=[{&(0x7f0000001840), 0xff81}], 0x1}, 0x0) 00:58:46 executing program 4: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x0, 0x0) poll(&(0x7f0000000080)=[{r0}], 0x1, 0x0) ioctl$int_in(r0, 0x800000c0045002, &(0x7f00000004c0)) 00:58:46 executing program 3: r0 = socket$packet(0x11, 0x400000000003, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000080)=[{0x28, 0x0, 0x0, 0xfffff004}, {0x80000006}]}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x3, 0x2) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) sendmmsg(r2, &(0x7f00000092c0), 0x4000000000002ee, 0x0) 00:58:46 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f0000000000)=@ethtool_ringparam={0x8}}) 00:58:46 executing program 0: bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000200)=0x7, 0x4) sendmsg(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x57, &(0x7f00000002c0)=[{&(0x7f0000001840), 0xff81}], 0x1}, 0x0) 00:58:46 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.threads\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) 00:58:46 executing program 0: r0 = socket$inet(0x2, 0x0, 0x84) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000200)=0x7, 0x4) sendmsg(r0, &(0x7f0000000000)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x57, &(0x7f00000002c0)=[{&(0x7f0000001840), 0xff81}], 0x1}, 0x0) 00:58:46 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket(0x10, 0x2, 0x0) sendto(r1, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x4e4}, {&(0x7f00000024c0)=""/4096, 0xc00}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0x8, &(0x7f0000002400)=""/191, 0x1f9}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) 00:58:46 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x2000001000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000900)={0x18, 0x0, {0x1, @dev={[], 0xc}, 'bridge0\x00'}}, 0x1e) sendmmsg(r1, &(0x7f00000000c0)=[{{0x0, 0x0, 0x0}}], 0x400000000000162, 0x0) [ 197.198945][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 197.204828][ C1] protocol 88fb is buggy, dev hsr_slave_1 00:58:47 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$P9_RSETATTR(0xffffffffffffffff, 0x0, 0x0) r0 = gettid() capget(&(0x7f0000000280)={0x20080522, r0}, &(0x7f00000004c0)) 00:58:47 executing program 0: r0 = socket$inet(0x2, 0x0, 0x84) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000200)=0x7, 0x4) sendmsg(r0, &(0x7f0000000000)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x57, &(0x7f00000002c0)=[{&(0x7f0000001840), 0xff81}], 0x1}, 0x0) 00:58:47 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x2000001000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000900)={0x18, 0x0, {0x1, @dev={[], 0xc}, 'bridge0\x00'}}, 0x1e) sendmmsg(r1, &(0x7f00000000c0)=[{{0x0, 0x0, 0x0}}], 0x400000000000162, 0x0) 00:58:47 executing program 1: r0 = socket(0x40000000002, 0x3, 0x80000000002) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='bridge_slave_0\x00', 0x10) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f00000000c0)=0x2, 0x4) setsockopt$sock_int(r0, 0x1, 0x3f, &(0x7f0000000040)=0x101, 0x4) sendto$unix(r0, 0x0, 0x0, 0x0, &(0x7f0000000180)=@abs={0x0, 0x0, 0x10000e0}, 0x6e) recvmmsg(r0, &(0x7f0000005f40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 00:58:47 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.threads\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) [ 197.323582][ T8077] raw_sendmsg: syz-executor.1 forgot to set AF_INET. Fix it! [ 197.339373][ T8044] check_preemption_disabled: 1010 callbacks suppressed [ 197.339393][ T8044] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/8044 [ 197.356105][ T8044] caller is ip6_finish_output+0x335/0xdc0 [ 197.362185][ T8077] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/8077 [ 197.362228][ T8077] caller is sk_mc_loop+0x1d/0x210 [ 197.362246][ T8077] CPU: 0 PID: 8077 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 197.362256][ T8077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 197.362261][ T8077] Call Trace: [ 197.362284][ T8077] dump_stack+0x172/0x1f0 [ 197.362323][ T8077] __this_cpu_preempt_check+0x246/0x270 [ 197.408917][ T8077] sk_mc_loop+0x1d/0x210 [ 197.413161][ T8077] ip_mc_output+0x2ef/0xf70 [ 197.417666][ T8077] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 197.422781][ T8077] ? __ip_make_skb+0xf15/0x1820 [ 197.427638][ T8077] ? ip_append_data.part.0+0x170/0x170 [ 197.433143][ T8077] ? dst_release+0x62/0xb0 [ 197.437564][ T8077] ? __ip_make_skb+0xf93/0x1820 [ 197.442417][ T8077] ip_local_out+0xc4/0x1b0 [ 197.446839][ T8077] ip_send_skb+0x42/0xf0 [ 197.451083][ T8077] ip_push_pending_frames+0x64/0x80 [ 197.456291][ T8077] raw_sendmsg+0x1e6d/0x2f20 [ 197.460895][ T8077] ? compat_raw_getsockopt+0x100/0x100 [ 197.466382][ T8077] ? tomoyo_check_inet_address+0x321/0x700 [ 197.472199][ T8077] ? __fget+0x35a/0x550 [ 197.476385][ T8077] ? ___might_sleep+0x163/0x280 [ 197.481248][ T8077] ? __might_sleep+0x95/0x190 [ 197.486033][ T8077] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 197.491678][ T8077] ? aa_sk_perm+0x288/0x880 [ 197.496188][ T8077] ? lock_downgrade+0x880/0x880 [ 197.501249][ T8077] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 197.506805][ T8077] inet_sendmsg+0x147/0x5e0 [ 197.511312][ T8077] ? compat_raw_getsockopt+0x100/0x100 [ 197.516779][ T8077] ? inet_sendmsg+0x147/0x5e0 [ 197.521483][ T8077] ? ipip_gro_receive+0x100/0x100 [ 197.526507][ T8077] sock_sendmsg+0xdd/0x130 [ 197.530929][ T8077] __sys_sendto+0x262/0x380 [ 197.535439][ T8077] ? __ia32_sys_getpeername+0xb0/0xb0 [ 197.540831][ T8077] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 197.547103][ T8077] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 197.552569][ T8077] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 197.558025][ T8077] ? do_syscall_64+0x26/0x610 [ 197.562699][ T8077] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.568771][ T8077] __x64_sys_sendto+0xe1/0x1a0 [ 197.573540][ T8077] do_syscall_64+0x103/0x610 [ 197.578135][ T8077] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.584023][ T8077] RIP: 0033:0x4582b9 [ 197.587918][ T8077] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 197.607526][ T8077] RSP: 002b:00007fd010771c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 197.615937][ T8077] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 197.623910][ T8077] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 197.631887][ T8077] RBP: 000000000073bf00 R08: 0000000020000180 R09: 000000000000006e [ 197.639864][ T8077] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd0107726d4 [ 197.647844][ T8077] R13: 00000000004c5a1a R14: 00000000004d9dd0 R15: 00000000ffffffff [ 197.655836][ T8044] CPU: 1 PID: 8044 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 197.664902][ T8044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 197.674961][ T8044] Call Trace: [ 197.678268][ T8044] dump_stack+0x172/0x1f0 [ 197.682633][ T8044] __this_cpu_preempt_check+0x246/0x270 [ 197.688207][ T8044] ip6_finish_output+0x335/0xdc0 [ 197.693175][ T8044] ip6_output+0x235/0x7f0 [ 197.697530][ T8044] ? ip6_finish_output+0xdc0/0xdc0 [ 197.702842][ T8044] ? ip6_fragment+0x3980/0x3980 [ 197.707711][ T8044] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 197.713273][ T8044] ip6_local_out+0xc4/0x1b0 [ 197.717791][ T8044] ip6_send_skb+0xbb/0x350 [ 197.722228][ T8044] ip6_push_pending_frames+0xc8/0xf0 [ 197.727531][ T8044] rawv6_sendmsg+0x299c/0x35e0 [ 197.732324][ T8044] ? rawv6_getsockopt+0x150/0x150 [ 197.737366][ T8044] ? aa_profile_af_perm+0x320/0x320 [ 197.742586][ T8044] ? find_held_lock+0x35/0x130 [ 197.747363][ T8044] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 197.753666][ T8044] ? rw_copy_check_uvector+0x2a6/0x330 [ 197.759144][ T8044] ? ___might_sleep+0x163/0x280 [ 197.764007][ T8044] ? __might_sleep+0x95/0x190 [ 197.768705][ T8044] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 197.768726][ T8044] inet_sendmsg+0x147/0x5e0 [ 197.768742][ T8044] ? rawv6_getsockopt+0x150/0x150 [ 197.768760][ T8044] ? inet_sendmsg+0x147/0x5e0 [ 197.788492][ T8044] ? ipip_gro_receive+0x100/0x100 [ 197.793534][ T8044] sock_sendmsg+0xdd/0x130 [ 197.797968][ T8044] ___sys_sendmsg+0x3e2/0x930 [ 197.802668][ T8044] ? copy_msghdr_from_user+0x430/0x430 [ 197.808143][ T8044] ? __lock_acquire+0x548/0x3fb0 [ 197.813093][ T8044] ? trace_hardirqs_on_caller+0x6a/0x220 [ 197.818747][ T8044] ? __might_fault+0x12b/0x1e0 [ 197.824317][ T8044] ? find_held_lock+0x35/0x130 [ 197.829134][ T8044] ? __might_fault+0x12b/0x1e0 [ 197.833926][ T8044] ? lock_downgrade+0x880/0x880 [ 197.838827][ T8044] ? ___might_sleep+0x163/0x280 [ 197.843724][ T8044] __sys_sendmmsg+0x1bf/0x4d0 [ 197.848418][ T8044] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 197.853469][ T8044] ? _copy_to_user+0xc9/0x120 [ 197.858162][ T8044] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 197.864499][ T8044] ? put_timespec64+0xda/0x140 [ 197.869262][ T8044] ? nsecs_to_jiffies+0x30/0x30 [ 197.874126][ T8044] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 197.879596][ T8044] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 197.885064][ T8044] ? do_syscall_64+0x26/0x610 [ 197.889748][ T8044] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.895825][ T8044] ? do_syscall_64+0x26/0x610 [ 197.900516][ T8044] __x64_sys_sendmmsg+0x9d/0x100 [ 197.905468][ T8044] do_syscall_64+0x103/0x610 [ 197.910187][ T8044] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.916098][ T8044] RIP: 0033:0x4582b9 [ 197.919998][ T8044] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 197.940142][ T8044] RSP: 002b:00007f9863070c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 197.948578][ T8044] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 197.956567][ T8044] RDX: 04000000000002ee RSI: 00000000200092c0 RDI: 0000000000000006 [ 197.964568][ T8044] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 197.972733][ T8044] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f98630716d4 [ 197.980719][ T8044] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 197.991871][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 197.997662][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 198.003523][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 198.009325][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 198.015158][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 198.021006][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 198.059869][ T8044] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/8044 [ 198.069299][ T8044] caller is sk_mc_loop+0x1d/0x210 [ 198.074372][ T8044] CPU: 1 PID: 8044 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 198.083404][ T8044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 198.093472][ T8044] Call Trace: [ 198.096787][ T8044] dump_stack+0x172/0x1f0 [ 198.101149][ T8044] __this_cpu_preempt_check+0x246/0x270 [ 198.106727][ T8044] sk_mc_loop+0x1d/0x210 [ 198.110992][ T8044] ip6_finish_output2+0x17a5/0x2550 [ 198.116208][ T8044] ? find_held_lock+0x35/0x130 [ 198.120985][ T8044] ? ip6_mtu+0x2e6/0x460 [ 198.125259][ T8044] ? ip6_forward_finish+0x580/0x580 [ 198.130476][ T8044] ? lock_downgrade+0x880/0x880 [ 198.135338][ T8044] ? rcu_read_unlock_special+0xf3/0x210 [ 198.141068][ T8044] ip6_finish_output+0x614/0xdc0 [ 198.146024][ T8044] ? ip6_finish_output+0x614/0xdc0 [ 198.151247][ T8044] ip6_output+0x235/0x7f0 [ 198.155599][ T8044] ? ip6_finish_output+0xdc0/0xdc0 [ 198.160733][ T8044] ? ip6_fragment+0x3980/0x3980 [ 198.165597][ T8044] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 198.171164][ T8044] ip6_local_out+0xc4/0x1b0 [ 198.175769][ T8044] ip6_send_skb+0xbb/0x350 [ 198.180198][ T8044] ip6_push_pending_frames+0xc8/0xf0 [ 198.185495][ T8044] rawv6_sendmsg+0x299c/0x35e0 [ 198.190281][ T8044] ? rawv6_getsockopt+0x150/0x150 [ 198.195316][ T8044] ? aa_profile_af_perm+0x320/0x320 [ 198.200553][ T8044] ? find_held_lock+0x35/0x130 [ 198.205331][ T8044] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 198.211594][ T8044] ? rw_copy_check_uvector+0x2a6/0x330 [ 198.217063][ T8044] ? ___might_sleep+0x163/0x280 [ 198.221919][ T8044] ? __might_sleep+0x95/0x190 [ 198.226617][ T8044] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 198.232173][ T8044] inet_sendmsg+0x147/0x5e0 [ 198.236679][ T8044] ? rawv6_getsockopt+0x150/0x150 [ 198.241701][ T8044] ? inet_sendmsg+0x147/0x5e0 [ 198.246383][ T8044] ? ipip_gro_receive+0x100/0x100 [ 198.251411][ T8044] sock_sendmsg+0xdd/0x130 [ 198.255932][ T8044] ___sys_sendmsg+0x3e2/0x930 [ 198.260720][ T8044] ? copy_msghdr_from_user+0x430/0x430 [ 198.266191][ T8044] ? __lock_acquire+0x548/0x3fb0 [ 198.271125][ T8044] ? trace_hardirqs_on_caller+0x6a/0x220 [ 198.276771][ T8044] ? __might_fault+0x12b/0x1e0 [ 198.281532][ T8044] ? find_held_lock+0x35/0x130 [ 198.286288][ T8044] ? __might_fault+0x12b/0x1e0 [ 198.291059][ T8044] ? lock_downgrade+0x880/0x880 [ 198.295915][ T8044] ? ___might_sleep+0x163/0x280 [ 198.300773][ T8044] __sys_sendmmsg+0x1bf/0x4d0 [ 198.305487][ T8044] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 198.310526][ T8044] ? _copy_to_user+0xc9/0x120 [ 198.315203][ T8044] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 198.321458][ T8044] ? put_timespec64+0xda/0x140 [ 198.326235][ T8044] ? nsecs_to_jiffies+0x30/0x30 [ 198.331105][ T8044] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 198.336583][ T8044] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 198.342046][ T8044] ? do_syscall_64+0x26/0x610 [ 198.346728][ T8044] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 198.352803][ T8044] ? do_syscall_64+0x26/0x610 [ 198.357490][ T8044] __x64_sys_sendmmsg+0x9d/0x100 [ 198.362455][ T8044] do_syscall_64+0x103/0x610 [ 198.367064][ T8044] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 198.372987][ T8044] RIP: 0033:0x4582b9 [ 198.376892][ T8044] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 198.396678][ T8044] RSP: 002b:00007f9863070c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 198.399003][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 198.405104][ T8044] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 198.410947][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 198.418792][ T8044] RDX: 04000000000002ee RSI: 00000000200092c0 RDI: 0000000000000006 [ 198.418808][ T8044] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 198.440563][ T8044] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f98630716d4 [ 198.448534][ T8044] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 198.456880][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 198.462725][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 198.470095][ T8094] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/8094 [ 198.472532][ T8091] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/8091 [ 198.479646][ T8094] caller is sk_mc_loop+0x1d/0x210 [ 198.488949][ T8091] caller is ip6_finish_output+0x335/0xdc0 [ 198.493955][ T8094] CPU: 0 PID: 8094 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 198.508655][ T8094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 198.518722][ T8094] Call Trace: [ 198.522044][ T8094] dump_stack+0x172/0x1f0 [ 198.526397][ T8094] __this_cpu_preempt_check+0x246/0x270 [ 198.531969][ T8094] sk_mc_loop+0x1d/0x210 [ 198.536224][ T8094] ip_mc_output+0x2ef/0xf70 [ 198.540736][ T8094] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 198.545846][ T8094] ? __ip_make_skb+0xf15/0x1820 [ 198.550707][ T8094] ? ip_append_data.part.0+0x170/0x170 [ 198.556164][ T8094] ? dst_release+0x62/0xb0 [ 198.560582][ T8094] ? __ip_make_skb+0xf93/0x1820 [ 198.565439][ T8094] ip_local_out+0xc4/0x1b0 [ 198.569865][ T8094] ip_send_skb+0x42/0xf0 [ 198.574288][ T8094] ip_push_pending_frames+0x64/0x80 [ 198.579487][ T8094] raw_sendmsg+0x1e6d/0x2f20 [ 198.584102][ T8094] ? compat_raw_getsockopt+0x100/0x100 [ 198.589566][ T8094] ? tomoyo_check_inet_address+0x321/0x700 [ 198.595427][ T8094] ? __fget+0x35a/0x550 [ 198.599607][ T8094] ? ___might_sleep+0x163/0x280 [ 198.604460][ T8094] ? __might_sleep+0x95/0x190 [ 198.609150][ T8094] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 198.614786][ T8094] ? aa_sk_perm+0x288/0x880 [ 198.619288][ T8094] ? lock_downgrade+0x880/0x880 [ 198.624150][ T8094] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 198.629703][ T8094] inet_sendmsg+0x147/0x5e0 [ 198.634211][ T8094] ? compat_raw_getsockopt+0x100/0x100 [ 198.639670][ T8094] ? inet_sendmsg+0x147/0x5e0 [ 198.644350][ T8094] ? ipip_gro_receive+0x100/0x100 [ 198.649393][ T8094] sock_sendmsg+0xdd/0x130 [ 198.653817][ T8094] __sys_sendto+0x262/0x380 [ 198.658326][ T8094] ? __ia32_sys_getpeername+0xb0/0xb0 [ 198.663733][ T8094] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 198.669989][ T8094] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 198.675539][ T8094] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 198.681008][ T8094] ? do_syscall_64+0x26/0x610 [ 198.685683][ T8094] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 198.691757][ T8094] __x64_sys_sendto+0xe1/0x1a0 [ 198.696524][ T8094] do_syscall_64+0x103/0x610 [ 198.701120][ T8094] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 198.707009][ T8094] RIP: 0033:0x4582b9 [ 198.710908][ T8094] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 198.730602][ T8094] RSP: 002b:00007fd010750c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 198.739013][ T8094] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 198.746984][ T8094] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 198.754956][ T8094] RBP: 000000000073bfa0 R08: 0000000020000180 R09: 000000000000006e [ 198.762927][ T8094] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd0107516d4 [ 198.770899][ T8094] R13: 00000000004c5a1a R14: 00000000004d9dd0 R15: 00000000ffffffff [ 198.779262][ T8091] CPU: 1 PID: 8091 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 198.789872][ T8091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 198.799954][ T8091] Call Trace: [ 198.799982][ T8091] dump_stack+0x172/0x1f0 [ 198.800004][ T8091] __this_cpu_preempt_check+0x246/0x270 [ 198.800024][ T8091] ip6_finish_output+0x335/0xdc0 [ 198.800046][ T8091] ip6_output+0x235/0x7f0 [ 198.822436][ T8091] ? ip6_finish_output+0xdc0/0xdc0 [ 198.822458][ T8091] ? ip6_fragment+0x3980/0x3980 [ 198.822480][ T8091] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 198.837982][ T8091] ip6_local_out+0xc4/0x1b0 [ 198.842502][ T8091] ip6_send_skb+0xbb/0x350 [ 198.846927][ T8091] ip6_push_pending_frames+0xc8/0xf0 [ 198.852225][ T8091] rawv6_sendmsg+0x299c/0x35e0 [ 198.857019][ T8091] ? rawv6_getsockopt+0x150/0x150 [ 198.862052][ T8091] ? aa_profile_af_perm+0x320/0x320 [ 198.867256][ T8091] ? find_held_lock+0x35/0x130 [ 198.872113][ T8091] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 198.878356][ T8091] ? rw_copy_check_uvector+0x2a6/0x330 [ 198.883827][ T8091] ? ___might_sleep+0x163/0x280 [ 198.888689][ T8091] ? __might_sleep+0x95/0x190 [ 198.893389][ T8091] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 198.898948][ T8091] inet_sendmsg+0x147/0x5e0 [ 198.903467][ T8091] ? rawv6_getsockopt+0x150/0x150 [ 198.908492][ T8091] ? inet_sendmsg+0x147/0x5e0 [ 198.913177][ T8091] ? ipip_gro_receive+0x100/0x100 [ 198.918315][ T8091] sock_sendmsg+0xdd/0x130 [ 198.922744][ T8091] ___sys_sendmsg+0x3e2/0x930 [ 198.927439][ T8091] ? copy_msghdr_from_user+0x430/0x430 [ 198.933374][ T8091] ? lock_downgrade+0x880/0x880 [ 198.938231][ T8091] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 198.944481][ T8091] ? kasan_check_read+0x11/0x20 [ 198.949338][ T8091] ? __fget+0x381/0x550 [ 198.953532][ T8091] ? ksys_dup3+0x3e0/0x3e0 [ 198.957952][ T8091] ? find_held_lock+0x35/0x130 [ 198.962718][ T8091] ? kcov_ioctl+0x53/0x200 [ 198.967137][ T8091] ? __fget_light+0x1a9/0x230 [ 198.971814][ T8091] ? __fdget+0x1b/0x20 [ 198.975882][ T8091] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 198.982123][ T8091] ? sockfd_lookup_light+0xcb/0x180 [ 198.987318][ T8091] __sys_sendmmsg+0x1bf/0x4d0 [ 198.992010][ T8091] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 198.997046][ T8091] ? _copy_to_user+0xc9/0x120 [ 199.001738][ T8091] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.007989][ T8091] ? put_timespec64+0xda/0x140 [ 199.012760][ T8091] ? nsecs_to_jiffies+0x30/0x30 [ 199.017637][ T8091] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.023097][ T8091] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.028555][ T8091] ? do_syscall_64+0x26/0x610 [ 199.033242][ T8091] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.039405][ T8091] ? do_syscall_64+0x26/0x610 [ 199.044099][ T8091] __x64_sys_sendmmsg+0x9d/0x100 [ 199.049056][ T8091] do_syscall_64+0x103/0x610 [ 199.053676][ T8091] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.059573][ T8091] RIP: 0033:0x4582b9 [ 199.063492][ T8091] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 199.083100][ T8091] RSP: 002b:00007f9862fecc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 199.091531][ T8091] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 199.099611][ T8091] RDX: 04000000000002ee RSI: 00000000200092c0 RDI: 0000000000000006 [ 199.107587][ T8091] RBP: 000000000073c220 R08: 0000000000000000 R09: 0000000000000000 [ 199.115576][ T8091] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9862fed6d4 [ 199.123545][ T8091] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 199.139285][ T8091] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/8091 [ 199.148707][ T8091] caller is sk_mc_loop+0x1d/0x210 [ 199.153902][ T8091] CPU: 1 PID: 8091 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 199.162937][ T8091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.172995][ T8091] Call Trace: [ 199.176298][ T8091] dump_stack+0x172/0x1f0 [ 199.180671][ T8091] __this_cpu_preempt_check+0x246/0x270 [ 199.186233][ T8091] sk_mc_loop+0x1d/0x210 [ 199.190490][ T8091] ip6_finish_output2+0x17a5/0x2550 [ 199.195706][ T8091] ? find_held_lock+0x35/0x130 [ 199.200487][ T8091] ? ip6_mtu+0x2e6/0x460 [ 199.204745][ T8091] ? ip6_forward_finish+0x580/0x580 [ 199.209948][ T8091] ? lock_downgrade+0x880/0x880 [ 199.214800][ T8091] ? rcu_read_unlock_special+0xf3/0x210 [ 199.220364][ T8091] ip6_finish_output+0x614/0xdc0 [ 199.225305][ T8091] ? ip6_finish_output+0x614/0xdc0 [ 199.230427][ T8091] ip6_output+0x235/0x7f0 [ 199.234765][ T8091] ? ip6_finish_output+0xdc0/0xdc0 [ 199.239888][ T8091] ? ip6_fragment+0x3980/0x3980 [ 199.244741][ T8091] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 199.250289][ T8091] ip6_local_out+0xc4/0x1b0 [ 199.254798][ T8091] ip6_send_skb+0xbb/0x350 [ 199.259226][ T8091] ip6_push_pending_frames+0xc8/0xf0 [ 199.264514][ T8091] rawv6_sendmsg+0x299c/0x35e0 [ 199.269282][ T8091] ? rawv6_getsockopt+0x150/0x150 [ 199.274306][ T8091] ? aa_profile_af_perm+0x320/0x320 [ 199.279505][ T8091] ? find_held_lock+0x35/0x130 [ 199.284268][ T8091] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.290507][ T8091] ? rw_copy_check_uvector+0x2a6/0x330 [ 199.295987][ T8091] ? ___might_sleep+0x163/0x280 [ 199.300839][ T8091] ? __might_sleep+0x95/0x190 [ 199.305535][ T8091] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 199.311093][ T8091] inet_sendmsg+0x147/0x5e0 [ 199.315597][ T8091] ? rawv6_getsockopt+0x150/0x150 [ 199.320618][ T8091] ? inet_sendmsg+0x147/0x5e0 [ 199.325290][ T8091] ? ipip_gro_receive+0x100/0x100 [ 199.330406][ T8091] sock_sendmsg+0xdd/0x130 [ 199.334825][ T8091] ___sys_sendmsg+0x3e2/0x930 [ 199.339507][ T8091] ? copy_msghdr_from_user+0x430/0x430 [ 199.344977][ T8091] ? lock_downgrade+0x880/0x880 [ 199.349826][ T8091] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.356074][ T8091] ? kasan_check_read+0x11/0x20 [ 199.360930][ T8091] ? __fget+0x381/0x550 [ 199.365086][ T8091] ? ksys_dup3+0x3e0/0x3e0 [ 199.369510][ T8091] ? find_held_lock+0x35/0x130 [ 199.374269][ T8091] ? kcov_ioctl+0x53/0x200 [ 199.378685][ T8091] ? __fget_light+0x1a9/0x230 [ 199.383368][ T8091] ? __fdget+0x1b/0x20 [ 199.387441][ T8091] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.393701][ T8091] ? sockfd_lookup_light+0xcb/0x180 [ 199.398927][ T8091] __sys_sendmmsg+0x1bf/0x4d0 [ 199.403629][ T8091] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 199.408685][ T8091] ? _copy_to_user+0xc9/0x120 [ 199.413379][ T8091] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.419623][ T8091] ? put_timespec64+0xda/0x140 [ 199.424390][ T8091] ? nsecs_to_jiffies+0x30/0x30 [ 199.429251][ T8091] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.434706][ T8091] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.440161][ T8091] ? do_syscall_64+0x26/0x610 [ 199.444851][ T8091] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.450923][ T8091] ? do_syscall_64+0x26/0x610 [ 199.455689][ T8091] __x64_sys_sendmmsg+0x9d/0x100 [ 199.460631][ T8091] do_syscall_64+0x103/0x610 [ 199.465227][ T8091] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.471115][ T8091] RIP: 0033:0x4582b9 [ 199.475008][ T8091] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 199.494612][ T8091] RSP: 002b:00007f9862fecc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 199.503031][ T8091] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 199.511007][ T8091] RDX: 04000000000002ee RSI: 00000000200092c0 RDI: 0000000000000006 [ 199.518981][ T8091] RBP: 000000000073c220 R08: 0000000000000000 R09: 0000000000000000 [ 199.526961][ T8091] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9862fed6d4 [ 199.534940][ T8091] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 199.570718][ T8091] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/8091 [ 199.580434][ T8091] caller is ip6_finish_output+0x335/0xdc0 [ 199.586195][ T8091] CPU: 1 PID: 8091 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 199.595211][ T8091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.605263][ T8091] Call Trace: [ 199.608559][ T8091] dump_stack+0x172/0x1f0 [ 199.612911][ T8091] __this_cpu_preempt_check+0x246/0x270 [ 199.618469][ T8091] ip6_finish_output+0x335/0xdc0 [ 199.623425][ T8091] ip6_output+0x235/0x7f0 [ 199.627760][ T8091] ? ip6_finish_output+0xdc0/0xdc0 [ 199.632881][ T8091] ? ip6_fragment+0x3980/0x3980 [ 199.637733][ T8091] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 199.643286][ T8091] ip6_local_out+0xc4/0x1b0 [ 199.647791][ T8091] ip6_send_skb+0xbb/0x350 [ 199.652216][ T8091] ip6_push_pending_frames+0xc8/0xf0 [ 199.657500][ T8091] rawv6_sendmsg+0x299c/0x35e0 [ 199.662272][ T8091] ? rawv6_getsockopt+0x150/0x150 [ 199.667291][ T8091] ? aa_profile_af_perm+0x320/0x320 [ 199.672493][ T8091] ? find_held_lock+0x35/0x130 [ 199.677256][ T8091] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.683499][ T8091] ? rw_copy_check_uvector+0x2a6/0x330 [ 199.689055][ T8091] ? ___might_sleep+0x163/0x280 [ 199.693908][ T8091] ? __might_sleep+0x95/0x190 [ 199.698597][ T8091] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 199.704144][ T8091] inet_sendmsg+0x147/0x5e0 [ 199.708650][ T8091] ? rawv6_getsockopt+0x150/0x150 [ 199.713681][ T8091] ? inet_sendmsg+0x147/0x5e0 [ 199.718372][ T8091] ? ipip_gro_receive+0x100/0x100 [ 199.723411][ T8091] sock_sendmsg+0xdd/0x130 [ 199.727838][ T8091] ___sys_sendmsg+0x3e2/0x930 [ 199.732528][ T8091] ? copy_msghdr_from_user+0x430/0x430 [ 199.738000][ T8091] ? __lock_acquire+0x548/0x3fb0 [ 199.742946][ T8091] ? lock_downgrade+0x880/0x880 [ 199.747806][ T8091] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.754147][ T8091] ? kasan_check_read+0x11/0x20 [ 199.759010][ T8091] ? __might_fault+0x12b/0x1e0 [ 199.763771][ T8091] ? find_held_lock+0x35/0x130 [ 199.768538][ T8091] ? __might_fault+0x12b/0x1e0 [ 199.773311][ T8091] ? lock_downgrade+0x880/0x880 [ 199.778187][ T8091] ? ___might_sleep+0x163/0x280 [ 199.783067][ T8091] __sys_sendmmsg+0x1bf/0x4d0 [ 199.787752][ T8091] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 199.792810][ T8091] ? _copy_to_user+0xc9/0x120 [ 199.797491][ T8091] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.803732][ T8091] ? put_timespec64+0xda/0x140 [ 199.808501][ T8091] ? nsecs_to_jiffies+0x30/0x30 [ 199.813364][ T8091] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.818847][ T8091] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.824753][ T8091] ? do_syscall_64+0x26/0x610 [ 199.829439][ T8091] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.835511][ T8091] ? do_syscall_64+0x26/0x610 [ 199.840283][ T8091] __x64_sys_sendmmsg+0x9d/0x100 [ 199.845233][ T8091] do_syscall_64+0x103/0x610 [ 199.849837][ T8091] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.855742][ T8091] RIP: 0033:0x4582b9 [ 199.859653][ T8091] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 199.879278][ T8091] RSP: 002b:00007f9862fecc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 199.887810][ T8091] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 199.895812][ T8091] RDX: 04000000000002ee RSI: 00000000200092c0 RDI: 0000000000000006 [ 199.903788][ T8091] RBP: 000000000073c220 R08: 0000000000000000 R09: 0000000000000000 [ 199.911782][ T8091] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9862fed6d4 [ 199.919854][ T8091] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 199.931778][ T8091] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/8091 [ 199.941305][ T8091] caller is sk_mc_loop+0x1d/0x210 [ 199.946392][ T8091] CPU: 1 PID: 8091 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 199.955410][ T8091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.965462][ T8091] Call Trace: [ 199.968777][ T8091] dump_stack+0x172/0x1f0 [ 199.973118][ T8091] __this_cpu_preempt_check+0x246/0x270 [ 199.978667][ T8091] sk_mc_loop+0x1d/0x210 [ 199.982913][ T8091] ip6_finish_output2+0x17a5/0x2550 [ 199.988107][ T8091] ? find_held_lock+0x35/0x130 [ 199.992958][ T8091] ? ip6_mtu+0x2e6/0x460 [ 199.997209][ T8091] ? ip6_forward_finish+0x580/0x580 [ 200.002426][ T8091] ? lock_downgrade+0x880/0x880 [ 200.007282][ T8091] ? rcu_read_unlock_special+0xf3/0x210 [ 200.012837][ T8091] ip6_finish_output+0x614/0xdc0 [ 200.017779][ T8091] ? ip6_finish_output+0x614/0xdc0 [ 200.022903][ T8091] ip6_output+0x235/0x7f0 [ 200.027256][ T8091] ? ip6_finish_output+0xdc0/0xdc0 [ 200.032470][ T8091] ? ip6_fragment+0x3980/0x3980 [ 200.037331][ T8091] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 200.042901][ T8091] ip6_local_out+0xc4/0x1b0 [ 200.047429][ T8091] ip6_send_skb+0xbb/0x350 [ 200.051869][ T8091] ip6_push_pending_frames+0xc8/0xf0 [ 200.057158][ T8091] rawv6_sendmsg+0x299c/0x35e0 [ 200.061928][ T8091] ? rawv6_getsockopt+0x150/0x150 [ 200.067036][ T8091] ? aa_profile_af_perm+0x320/0x320 [ 200.072250][ T8091] ? find_held_lock+0x35/0x130 [ 200.077028][ T8091] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 200.083295][ T8091] ? rw_copy_check_uvector+0x2a6/0x330 [ 200.088776][ T8091] ? ___might_sleep+0x163/0x280 [ 200.093636][ T8091] ? __might_sleep+0x95/0x190 [ 200.098333][ T8091] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 200.103902][ T8091] inet_sendmsg+0x147/0x5e0 [ 200.108420][ T8091] ? rawv6_getsockopt+0x150/0x150 [ 200.113450][ T8091] ? inet_sendmsg+0x147/0x5e0 [ 200.118139][ T8091] ? ipip_gro_receive+0x100/0x100 [ 200.123179][ T8091] sock_sendmsg+0xdd/0x130 [ 200.127613][ T8091] ___sys_sendmsg+0x3e2/0x930 [ 200.132414][ T8091] ? copy_msghdr_from_user+0x430/0x430 [ 200.137906][ T8091] ? __lock_acquire+0x548/0x3fb0 [ 200.144333][ T8091] ? lock_downgrade+0x880/0x880 [ 200.149195][ T8091] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 200.155461][ T8091] ? kasan_check_read+0x11/0x20 [ 200.160318][ T8091] ? __might_fault+0x12b/0x1e0 [ 200.165088][ T8091] ? find_held_lock+0x35/0x130 [ 200.169881][ T8091] ? __might_fault+0x12b/0x1e0 [ 200.174665][ T8091] ? lock_downgrade+0x880/0x880 [ 200.179528][ T8091] ? ___might_sleep+0x163/0x280 [ 200.184384][ T8091] __sys_sendmmsg+0x1bf/0x4d0 [ 200.189066][ T8091] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 200.194103][ T8091] ? _copy_to_user+0xc9/0x120 [ 200.198878][ T8091] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 200.205174][ T8091] ? put_timespec64+0xda/0x140 [ 200.209960][ T8091] ? nsecs_to_jiffies+0x30/0x30 [ 200.214822][ T8091] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 200.220294][ T8091] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 200.225771][ T8091] ? do_syscall_64+0x26/0x610 [ 200.230462][ T8091] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.236540][ T8091] ? do_syscall_64+0x26/0x610 [ 200.241227][ T8091] __x64_sys_sendmmsg+0x9d/0x100 [ 200.246180][ T8091] do_syscall_64+0x103/0x610 [ 200.250779][ T8091] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.256680][ T8091] RIP: 0033:0x4582b9 [ 200.260582][ T8091] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 200.280290][ T8091] RSP: 002b:00007f9862fecc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 200.288720][ T8091] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 200.296719][ T8091] RDX: 04000000000002ee RSI: 00000000200092c0 RDI: 0000000000000006 [ 200.304694][ T8091] RBP: 000000000073c220 R08: 0000000000000000 R09: 0000000000000000 [ 200.312665][ T8091] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9862fed6d4 [ 200.320636][ T8091] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 200.334645][ T8091] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/8091 [ 200.344277][ T8091] caller is ip6_finish_output+0x335/0xdc0 [ 200.350114][ T8091] CPU: 1 PID: 8091 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 200.359237][ T8091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 200.369325][ T8091] Call Trace: [ 200.372639][ T8091] dump_stack+0x172/0x1f0 [ 200.376974][ T8091] __this_cpu_preempt_check+0x246/0x270 [ 200.382507][ T8091] ip6_finish_output+0x335/0xdc0 [ 200.387429][ T8091] ip6_output+0x235/0x7f0 [ 200.391759][ T8091] ? ip6_finish_output+0xdc0/0xdc0 [ 200.396874][ T8091] ? ip6_fragment+0x3980/0x3980 [ 200.401727][ T8091] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 200.407259][ T8091] ip6_local_out+0xc4/0x1b0 [ 200.411761][ T8091] ip6_send_skb+0xbb/0x350 [ 200.416176][ T8091] ip6_push_pending_frames+0xc8/0xf0 [ 200.421447][ T8091] rawv6_sendmsg+0x299c/0x35e0 [ 200.426205][ T8091] ? rawv6_getsockopt+0x150/0x150 [ 200.431230][ T8091] ? aa_profile_af_perm+0x320/0x320 [ 200.436440][ T8091] ? find_held_lock+0x35/0x130 [ 200.441196][ T8091] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 200.447441][ T8091] ? rw_copy_check_uvector+0x2a6/0x330 [ 200.452919][ T8091] ? ___might_sleep+0x163/0x280 [ 200.457794][ T8091] ? __might_sleep+0x95/0x190 [ 200.462462][ T8091] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 200.467991][ T8091] inet_sendmsg+0x147/0x5e0 [ 200.472585][ T8091] ? rawv6_getsockopt+0x150/0x150 [ 200.477708][ T8091] ? inet_sendmsg+0x147/0x5e0 [ 200.482394][ T8091] ? ipip_gro_receive+0x100/0x100 [ 200.487400][ T8091] sock_sendmsg+0xdd/0x130 [ 200.491812][ T8091] ___sys_sendmsg+0x3e2/0x930 [ 200.496492][ T8091] ? copy_msghdr_from_user+0x430/0x430 [ 200.501933][ T8091] ? __lock_acquire+0x548/0x3fb0 [ 200.506850][ T8091] ? lock_downgrade+0x880/0x880 [ 200.511697][ T8091] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 200.517953][ T8091] ? kasan_check_read+0x11/0x20 [ 200.522805][ T8091] ? __might_fault+0x12b/0x1e0 [ 200.527557][ T8091] ? find_held_lock+0x35/0x130 [ 200.532314][ T8091] ? __might_fault+0x12b/0x1e0 [ 200.537095][ T8091] ? lock_downgrade+0x880/0x880 [ 200.541933][ T8091] ? ___might_sleep+0x163/0x280 [ 200.546789][ T8091] __sys_sendmmsg+0x1bf/0x4d0 [ 200.551469][ T8091] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 200.556497][ T8091] ? _copy_to_user+0xc9/0x120 [ 200.561249][ T8091] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 200.567488][ T8091] ? put_timespec64+0xda/0x140 [ 200.572252][ T8091] ? nsecs_to_jiffies+0x30/0x30 [ 200.577122][ T8091] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 200.582595][ T8091] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 200.588062][ T8091] ? do_syscall_64+0x26/0x610 [ 200.592743][ T8091] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.598813][ T8091] ? do_syscall_64+0x26/0x610 [ 200.603493][ T8091] __x64_sys_sendmmsg+0x9d/0x100 [ 200.608514][ T8091] do_syscall_64+0x103/0x610 [ 200.613116][ T8091] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.619012][ T8091] RIP: 0033:0x4582b9 [ 200.622917][ T8091] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 200.642802][ T8091] RSP: 002b:00007f9862fecc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 200.651230][ T8091] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 200.659208][ T8091] RDX: 04000000000002ee RSI: 00000000200092c0 RDI: 0000000000000006 [ 200.667183][ T8091] RBP: 000000000073c220 R08: 0000000000000000 R09: 0000000000000000 [ 200.675146][ T8091] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9862fed6d4 [ 200.683111][ T8091] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 200.691988][ T8091] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/8091 [ 200.701409][ T8091] caller is sk_mc_loop+0x1d/0x210 [ 200.706536][ T8091] CPU: 0 PID: 8091 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 200.715537][ T8091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 200.725621][ T8091] Call Trace: [ 200.728914][ T8091] dump_stack+0x172/0x1f0 [ 200.733239][ T8091] __this_cpu_preempt_check+0x246/0x270 [ 200.738770][ T8091] sk_mc_loop+0x1d/0x210 [ 200.742999][ T8091] ip6_finish_output2+0x17a5/0x2550 [ 200.748175][ T8091] ? find_held_lock+0x35/0x130 [ 200.752922][ T8091] ? ip6_mtu+0x2e6/0x460 [ 200.757166][ T8091] ? ip6_forward_finish+0x580/0x580 [ 200.762444][ T8091] ? lock_downgrade+0x880/0x880 [ 200.767285][ T8091] ? rcu_read_unlock_special+0xf3/0x210 [ 200.772821][ T8091] ip6_finish_output+0x614/0xdc0 [ 200.777737][ T8091] ? ip6_finish_output+0x614/0xdc0 [ 200.782835][ T8091] ip6_output+0x235/0x7f0 [ 200.787150][ T8091] ? ip6_finish_output+0xdc0/0xdc0 [ 200.792242][ T8091] ? ip6_fragment+0x3980/0x3980 [ 200.797071][ T8091] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 200.802597][ T8091] ip6_local_out+0xc4/0x1b0 [ 200.807107][ T8091] ip6_send_skb+0xbb/0x350 [ 200.811529][ T8091] ip6_push_pending_frames+0xc8/0xf0 [ 200.816794][ T8091] rawv6_sendmsg+0x299c/0x35e0 [ 200.821543][ T8091] ? rawv6_getsockopt+0x150/0x150 [ 200.829203][ T8091] ? aa_profile_af_perm+0x320/0x320 [ 200.834415][ T8091] ? find_held_lock+0x35/0x130 [ 200.839164][ T8091] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 200.845492][ T8091] ? rw_copy_check_uvector+0x2a6/0x330 [ 200.850961][ T8091] ? ___might_sleep+0x163/0x280 [ 200.856080][ T8091] ? __might_sleep+0x95/0x190 [ 200.860748][ T8091] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 200.866284][ T8091] inet_sendmsg+0x147/0x5e0 [ 200.870783][ T8091] ? rawv6_getsockopt+0x150/0x150 [ 200.875787][ T8091] ? inet_sendmsg+0x147/0x5e0 [ 200.880442][ T8091] ? ipip_gro_receive+0x100/0x100 [ 200.885448][ T8091] sock_sendmsg+0xdd/0x130 [ 200.889846][ T8091] ___sys_sendmsg+0x3e2/0x930 [ 200.894533][ T8091] ? copy_msghdr_from_user+0x430/0x430 [ 200.900002][ T8091] ? __lock_acquire+0x548/0x3fb0 [ 200.904922][ T8091] ? lock_downgrade+0x880/0x880 [ 200.909766][ T8091] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 200.916141][ T8091] ? kasan_check_read+0x11/0x20 [ 200.920984][ T8091] ? __might_fault+0x12b/0x1e0 [ 200.925760][ T8091] ? find_held_lock+0x35/0x130 [ 200.930523][ T8091] ? __might_fault+0x12b/0x1e0 [ 200.935278][ T8091] ? lock_downgrade+0x880/0x880 [ 200.940117][ T8091] ? ___might_sleep+0x163/0x280 [ 200.944947][ T8091] __sys_sendmmsg+0x1bf/0x4d0 [ 200.949606][ T8091] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 200.954617][ T8091] ? _copy_to_user+0xc9/0x120 [ 200.959304][ T8091] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 200.965529][ T8091] ? put_timespec64+0xda/0x140 [ 200.970298][ T8091] ? nsecs_to_jiffies+0x30/0x30 [ 200.975142][ T8091] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 200.980582][ T8091] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 200.986027][ T8091] ? do_syscall_64+0x26/0x610 [ 200.990689][ T8091] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.996742][ T8091] ? do_syscall_64+0x26/0x610 [ 201.001407][ T8091] __x64_sys_sendmmsg+0x9d/0x100 [ 201.006373][ T8091] do_syscall_64+0x103/0x610 [ 201.010967][ T8091] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 201.016848][ T8091] RIP: 0033:0x4582b9 [ 201.020748][ T8091] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 201.040540][ T8091] RSP: 002b:00007f9862fecc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 201.048956][ T8091] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 201.056952][ T8091] RDX: 04000000000002ee RSI: 00000000200092c0 RDI: 0000000000000006 [ 201.064921][ T8091] RBP: 000000000073c220 R08: 0000000000000000 R09: 0000000000000000 [ 201.073001][ T8091] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9862fed6d4 [ 201.080968][ T8091] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff 00:58:51 executing program 3: r0 = socket$packet(0x11, 0x400000000003, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000080)=[{0x28, 0x0, 0x0, 0xfffff004}, {0x80000006}]}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x3, 0x2) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) sendmmsg(r2, &(0x7f00000092c0), 0x4000000000002ee, 0x0) 00:58:51 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.threads\x00', 0x2, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) 00:58:51 executing program 0: r0 = socket$inet(0x2, 0x0, 0x84) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000200)=0x7, 0x4) sendmsg(r0, &(0x7f0000000000)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x57, &(0x7f00000002c0)=[{&(0x7f0000001840), 0xff81}], 0x1}, 0x0) 00:58:51 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$P9_RSETATTR(0xffffffffffffffff, 0x0, 0x0) r0 = gettid() capget(&(0x7f0000000280)={0x20080522, r0}, &(0x7f00000004c0)) 00:58:51 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x2000001000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000900)={0x18, 0x0, {0x1, @dev={[], 0xc}, 'bridge0\x00'}}, 0x1e) sendmmsg(r1, &(0x7f00000000c0)=[{{0x0, 0x0, 0x0}}], 0x400000000000162, 0x0) 00:58:51 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000140)='/dev/loop#\x00', 0x0, 0x100082) r1 = memfd_create(&(0x7f00000002c0)='wlan1\x00d5sum\x00', 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, "b92481f2b6049517f74de08916cf213343b15d035fc2fe51426f3c9125e1da89cad2929cd06aca1bd4b0a988279268e61234ff8a41cd19abd481eb55130d64ca", "a3510a8deb27705deb2fac58f4f379ddd8e50e8d868ee0425ecfc1c6f4a716df3e4be867d973bcc3e056a1a04eafdeacbd0e434a62db69a6bd53316c42f16b21", "f0642b0793a51cd04ad5c00d6cf24b506d17a8df96c5968a4226e09f847e4b08"}) 00:58:51 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x2000001000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000900)={0x18, 0x0, {0x1, @dev={[], 0xc}, 'bridge0\x00'}}, 0x1e) sendmmsg(r1, &(0x7f00000000c0)=[{{0x0, 0x0, 0x0}}], 0x400000000000162, 0x0) 00:58:51 executing program 0: r0 = socket$inet(0x2, 0x80001, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000200)=0x7, 0x4) sendmsg(r0, &(0x7f0000000000)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x57, &(0x7f00000002c0)=[{&(0x7f0000001840), 0xff81}], 0x1}, 0x0) 00:58:51 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.threads\x00', 0x2, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) 00:58:51 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$P9_RSETATTR(0xffffffffffffffff, 0x0, 0x0) r0 = gettid() capget(&(0x7f0000000280)={0x20080522, r0}, &(0x7f00000004c0)) 00:58:51 executing program 1: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uhid\x00', 0x400000002, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc1V+e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00s\x8e%a\x9e\xe2\xbf\xd0\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000000)=""/11, 0xb}, 0x120) write$UHID_DESTROY(r0, &(0x7f0000000100), 0x4) readv(r0, &(0x7f0000000500)=[{&(0x7f0000000040)=""/39, 0x27}], 0x1) 00:58:51 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x2000001000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r1 = socket$pppoe(0x18, 0x1, 0x0) sendmmsg(r1, &(0x7f00000000c0)=[{{0x0, 0x0, 0x0}}], 0x400000000000162, 0x0) [ 201.668215][ T5] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 201.702745][ T5] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 201.736144][ T5] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 201.785597][ T5] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 201.809117][ T5] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 201.820720][ T5] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 201.835186][ T5] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 201.843285][ T5] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 201.856690][ T5] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 201.873434][ T5] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 201.881333][ T5] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 201.893067][ T5] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz1 [ 201.937159][ T22] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 201.955149][ T22] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 201.978718][ T22] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 201.992648][ T22] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 202.000261][ T22] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 202.007683][ T22] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 202.015359][ T22] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 00:58:52 executing program 3: r0 = socket$packet(0x11, 0x400000000003, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000080)=[{0x28, 0x0, 0x0, 0xfffff004}, {0x80000006}]}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x3, 0x2) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) sendmmsg(r2, &(0x7f00000092c0), 0x4000000000002ee, 0x0) 00:58:52 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.threads\x00', 0x2, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) 00:58:52 executing program 0: r0 = socket$inet(0x2, 0x80001, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000200)=0x7, 0x4) sendmsg(r0, &(0x7f0000000000)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x57, &(0x7f00000002c0)=[{&(0x7f0000001840), 0xff81}], 0x1}, 0x0) 00:58:52 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$P9_RSETATTR(0xffffffffffffffff, 0x0, 0x0) r0 = gettid() capget(&(0x7f0000000280)={0x20080522, r0}, &(0x7f00000004c0)) 00:58:52 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x2000001000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r1 = socket$pppoe(0x18, 0x1, 0x0) sendmmsg(r1, &(0x7f00000000c0)=[{{0x0, 0x0, 0x0}}], 0x400000000000162, 0x0) 00:58:52 executing program 1: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = gettid() syz_open_dev$vcsa(0x0, 0x0, 0x0) capget(&(0x7f0000000280)={0x20080522, r0}, &(0x7f00000004c0)) [ 202.022841][ T22] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 202.030295][ T22] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 202.037691][ T22] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 202.045138][ T22] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 202.054283][ T22] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz1 00:58:52 executing program 0: r0 = socket$inet(0x2, 0x80001, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000200)=0x7, 0x4) sendmsg(r0, &(0x7f0000000000)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x57, &(0x7f00000002c0)=[{&(0x7f0000001840), 0xff81}], 0x1}, 0x0) 00:58:52 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x2000001000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r1 = socket$pppoe(0x18, 0x1, 0x0) sendmmsg(r1, &(0x7f00000000c0)=[{{0x0, 0x0, 0x0}}], 0x400000000000162, 0x0) 00:58:52 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) 00:58:52 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$P9_RSETATTR(0xffffffffffffffff, 0x0, 0x0) capget(&(0x7f0000000280)={0x20080522}, &(0x7f00000004c0))