[ 37.951546][ T26] audit: type=1800 audit(1554688235.859:25): pid=7602 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 37.971915][ T26] audit: type=1800 audit(1554688235.859:26): pid=7602 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 37.995228][ T26] audit: type=1800 audit(1554688235.859:27): pid=7602 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 38.029544][ T26] audit: type=1800 audit(1554688235.929:28): pid=7602 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.150' (ECDSA) to the list of known hosts. 2019/04/08 01:50:50 fuzzer started 2019/04/08 01:50:53 dialing manager at 10.128.0.26:34543 2019/04/08 01:50:53 syscalls: 2408 2019/04/08 01:50:53 code coverage: enabled 2019/04/08 01:50:53 comparison tracing: enabled 2019/04/08 01:50:53 extra coverage: extra coverage is not supported by the kernel 2019/04/08 01:50:53 setuid sandbox: enabled 2019/04/08 01:50:53 namespace sandbox: enabled 2019/04/08 01:50:53 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/08 01:50:53 fault injection: enabled 2019/04/08 01:50:53 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/08 01:50:53 net packet injection: enabled 2019/04/08 01:50:53 net device setup: enabled 01:53:03 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000480)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x129f0817) syz_execute_func(&(0x7f0000000040)="410f01f964ff0941c3c4e2c99758423e46d8731266420fe2e33e0f1110c442019dcc6f") clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCBRDELBR(r0, 0x89a1, 0x0) getsockopt$IPT_SO_GET_INFO(r1, 0x0, 0x40, 0x0, &(0x7f0000000000)) syzkaller login: [ 185.598185][ T7769] IPVS: ftp: loaded support on port[0] = 21 01:53:03 executing program 1: r0 = syz_open_dev$usbmon(&(0x7f0000000540)='/dev/usbmon#\x00', 0x7f, 0x1ffc) ioctl$PPPIOCSDEBUG(r0, 0x40047440, &(0x7f0000000600)=0x80000001) ioctl$SIOCGSTAMP(r0, 0x8906, &(0x7f00000000c0)) r1 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) getsockopt$IP6T_SO_GET_REVISION_TARGET(r1, 0x29, 0x45, &(0x7f0000000100)={'ipvs\x00'}, &(0x7f0000000380)=0xfffffffffffffdaa) r2 = creat(&(0x7f00000004c0)='./bus\x00', 0x0) r3 = socket$inet6(0xa, 0x400000000000, 0x9) ioctl$sock_TIOCINQ(r3, 0x541b, &(0x7f00000002c0)) getresuid(&(0x7f00000001c0), &(0x7f0000000200), &(0x7f0000000280)=0x0) lsetxattr$security_capability(&(0x7f0000000000)='./bus\x00', &(0x7f0000000140)='security.capability\x00', &(0x7f0000000300)=@v3={0x3000000, [{0x1, 0x4}, {0x80000000, 0x80}], r4}, 0x18, 0x1) r5 = dup(r3) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r3) setsockopt$inet6_tcp_int(r5, 0x6, 0x0, &(0x7f0000000700)=0x4, 0xffffff24) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, 0x0, 0x0, 0x2000000c, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback, 0x8}, 0x1c) r6 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r6, 0x1, 0xe, &(0x7f0000d1c000)=0x2a, 0x4) bind$inet6(r6, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @ipv4={[0x8000a0ffffffff], [], @multicast1}}, 0x1c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000340)='trusted.overlay.redirect\x00', &(0x7f0000000480)='./bus\x00', 0x6, 0x3) ioctl$LOOP_CHANGE_FD(r2, 0x4c06, r2) ioctl$VT_RESIZE(r1, 0x5609, &(0x7f0000000500)={0x0, 0x1, 0x400}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) accept$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @initdev}, &(0x7f0000000240)=0xb) lstat(&(0x7f0000000640)='./bus\x00', &(0x7f0000000680)) open(&(0x7f0000000440)='./bus\x00', 0xb34d837af1301117, 0xfffffffffffffffc) [ 185.745300][ T7769] chnl_net:caif_netlink_parms(): no params data found [ 185.813236][ T7769] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.822792][ T7769] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.831721][ T7769] device bridge_slave_0 entered promiscuous mode [ 185.840894][ T7769] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.849658][ T7769] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.858207][ T7769] device bridge_slave_1 entered promiscuous mode [ 185.894448][ T7769] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 185.913064][ T7772] IPVS: ftp: loaded support on port[0] = 21 [ 185.923432][ T7769] bond0: Enslaving bond_slave_1 as an active interface with an up link 01:53:03 executing program 2: r0 = syz_open_dev$sndctrl(&(0x7f0000000140)='/dev/snd/controlC#\x00', 0x0, 0x0) close(r0) [ 185.969940][ T7769] team0: Port device team_slave_0 added [ 185.988762][ T7769] team0: Port device team_slave_1 added [ 186.065119][ T7769] device hsr_slave_0 entered promiscuous mode [ 186.151462][ T7769] device hsr_slave_1 entered promiscuous mode 01:53:04 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = fcntl$dupfd(r0, 0x406, r1) setsockopt$inet6_tcp_int(r2, 0x6, 0x1b, &(0x7f0000000600)=0xf5, 0x4) r3 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r3, 0x40086602, &(0x7f0000000000)=0x30000) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) lstat(&(0x7f0000000680)='./file0\x00', &(0x7f00000001c0)) stat(&(0x7f0000000080)='./file0\x00', 0x0) [ 186.209480][ T7774] IPVS: ftp: loaded support on port[0] = 21 [ 186.320797][ T7769] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.328120][ T7769] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.336066][ T7769] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.343285][ T7769] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.372978][ T7772] chnl_net:caif_netlink_parms(): no params data found [ 186.418244][ T7778] IPVS: ftp: loaded support on port[0] = 21 [ 186.513287][ T7769] 8021q: adding VLAN 0 to HW filter on device bond0 01:53:04 executing program 4: openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x916f133f5929a356) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$EVIOCGMASK(0xffffffffffffffff, 0x80104592, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) ioctl$int_in(r1, 0x5452, &(0x7f0000000080)=0x100000001) setsockopt$inet6_tcp_int(r0, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x4) getrlimit(0xd, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) bind$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @rand_addr, 0x8000000000000000}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) pause() ioctl$sock_SIOCGIFBR(0xffffffffffffffff, 0x8940, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x19, &(0x7f0000000180)=0x6, 0x4) getpgrp(0x0) fcntl$setownex(0xffffffffffffffff, 0xf, 0x0) arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x0) ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, 0x0) mlock2(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0) ioctl$sock_SIOCGIFBR(0xffffffffffffffff, 0x8940, 0x0) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_procfs(0x0, 0x0) ftruncate(r2, 0x7fff) sendfile(r1, r2, 0x0, 0x8000fffffffe) [ 186.554234][ T7772] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.565070][ T7772] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.575730][ T7772] device bridge_slave_0 entered promiscuous mode [ 186.606242][ T7769] 8021q: adding VLAN 0 to HW filter on device team0 [ 186.617084][ T7779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 186.628245][ T7779] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.647231][ T7779] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.665919][ T7779] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 186.706771][ T7772] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.714787][ T7772] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.723095][ T7772] device bridge_slave_1 entered promiscuous mode [ 186.747677][ T7779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 186.749651][ T7783] IPVS: ftp: loaded support on port[0] = 21 [ 186.757933][ T7779] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 186.770758][ T7779] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.777917][ T7779] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.788030][ T7779] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 186.797196][ T7779] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 186.806198][ T7779] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.813328][ T7779] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.822152][ T7779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 186.846790][ T7774] chnl_net:caif_netlink_parms(): no params data found [ 186.868948][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 01:53:04 executing program 5: r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x8) r1 = accept4(r0, 0x0, 0x0, 0x0) dup2(r0, r1) [ 186.894777][ T7772] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 186.913132][ T7772] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 186.930879][ T7769] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 186.943990][ T7769] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 186.960213][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 186.970734][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 186.983581][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 186.994679][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 187.005529][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 187.016292][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 187.026033][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 187.034689][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 187.076477][ T7772] team0: Port device team_slave_0 added [ 187.082396][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 187.090241][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 187.117990][ T7769] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 187.118732][ T7785] IPVS: ftp: loaded support on port[0] = 21 [ 187.133869][ T7772] team0: Port device team_slave_1 added [ 187.274256][ T7772] device hsr_slave_0 entered promiscuous mode [ 187.321392][ T7772] device hsr_slave_1 entered promiscuous mode [ 187.365629][ T7774] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.373031][ T7774] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.380620][ T7774] device bridge_slave_0 entered promiscuous mode [ 187.388326][ T7774] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.395594][ T7774] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.409638][ T7774] device bridge_slave_1 entered promiscuous mode [ 187.435285][ T7778] chnl_net:caif_netlink_parms(): no params data found [ 187.530260][ T7774] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 187.589773][ T7774] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 187.616694][ T7778] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.625728][ T7778] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.633927][ T7778] device bridge_slave_0 entered promiscuous mode [ 187.671121][ T7778] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.678295][ T7778] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.692055][ T7778] device bridge_slave_1 entered promiscuous mode [ 187.714825][ T7783] chnl_net:caif_netlink_parms(): no params data found [ 187.771600][ T7774] team0: Port device team_slave_0 added [ 187.810674][ T7778] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 187.822796][ T7778] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 187.838134][ T7774] team0: Port device team_slave_1 added [ 187.862030][ T7772] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.963603][ T7774] device hsr_slave_0 entered promiscuous mode [ 188.001551][ T7774] device hsr_slave_1 entered promiscuous mode [ 188.056617][ T7783] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.070450][ T7783] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.078678][ T7783] device bridge_slave_0 entered promiscuous mode [ 188.094735][ T7785] chnl_net:caif_netlink_parms(): no params data found [ 188.123718][ T7772] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.132031][ T7778] team0: Port device team_slave_0 added [ 188.142221][ T7783] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.149309][ T7783] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.157708][ T7783] device bridge_slave_1 entered promiscuous mode [ 188.174030][ T7779] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 188.187403][ T7779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 188.202455][ T7778] team0: Port device team_slave_1 added [ 188.231783][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 188.240431][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 188.250773][ T2991] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.257907][ T2991] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.312912][ T7779] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 188.320891][ T7779] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 188.330774][ T7779] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 188.339516][ T7779] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.346644][ T7779] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.355552][ T7779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 188.364582][ T7779] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 188.373612][ T7779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 188.382455][ T7779] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 188.392196][ T7779] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 188.439885][ T7778] device hsr_slave_0 entered promiscuous mode [ 188.481513][ T7778] device hsr_slave_1 entered promiscuous mode [ 188.525569][ T7783] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 188.553674][ T7779] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 188.563418][ T7779] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 188.572571][ T7779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 188.580954][ T7779] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 188.633702][ T7783] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 188.698404][ T7772] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 188.717250][ T7772] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 188.727498][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 188.743246][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 188.757298][ T7785] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.766137][ T7785] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.775287][ T7785] device bridge_slave_0 entered promiscuous mode [ 188.825470][ T7785] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.834333][ T7785] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.846372][ T7785] device bridge_slave_1 entered promiscuous mode [ 188.860622][ T7774] 8021q: adding VLAN 0 to HW filter on device bond0 [ 188.878467][ T7783] team0: Port device team_slave_0 added [ 188.908566][ T7778] 8021q: adding VLAN 0 to HW filter on device bond0 [ 188.926559][ T7783] team0: Port device team_slave_1 added [ 188.939591][ T7785] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 188.954186][ T7772] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 188.968309][ T7778] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.990861][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 189.012054][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 189.019812][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 189.028984][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 189.047007][ T7774] 8021q: adding VLAN 0 to HW filter on device team0 [ 189.060679][ T7785] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 189.098165][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 189.108410][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 189.119347][ T3483] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.126496][ T3483] bridge0: port 1(bridge_slave_0) entered forwarding state [ 189.141974][ T280] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 189.234424][ T7783] device hsr_slave_0 entered promiscuous mode [ 189.250277][ T7800] sock: process `syz-executor.1' is using obsolete setsockopt SO_BSDCOMPAT [ 189.259560][ T7783] device hsr_slave_1 entered promiscuous mode [ 189.330714][ T7785] team0: Port device team_slave_0 added [ 189.338787][ C0] hrtimer: interrupt took 45270 ns [ 189.355176][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 189.368395][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready 01:53:07 executing program 1: syz_execute_func(&(0x7f0000000100)="410f01f964ff0941c3c4e2c99758423e46d8731266420fe2e33e0f1110c442019dcc2f51ef") clone(0x200, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f00000002c0)=""/11, 0xb) symlink(&(0x7f0000000180)='./file1\x00', &(0x7f00000001c0)='./file1\x00') r1 = creat(&(0x7f0000000140)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x1000000000000105) dup2(r0, r1) execve(&(0x7f0000000280)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0) open$dir(&(0x7f0000000100)='./file0\x00', 0x1000000841, 0x0) clone(0x3102001ff6, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000040)='./file1\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000380)) [ 189.391694][ T2991] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.398861][ T2991] bridge0: port 1(bridge_slave_0) entered forwarding state [ 189.406901][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 189.424913][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 189.438318][ T2991] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.445506][ T2991] bridge0: port 2(bridge_slave_1) entered forwarding state [ 189.465034][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 189.488800][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 189.507151][ T2991] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.514297][ T2991] bridge0: port 2(bridge_slave_1) entered forwarding state [ 189.528582][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 189.565430][ T7785] team0: Port device team_slave_1 added [ 189.584053][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 189.596379][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 189.612289][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 189.627680][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 189.637108][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 189.653131][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 189.668065][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 189.678483][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 189.695514][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 189.709420][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 01:53:07 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) vmsplice(r1, &(0x7f0000001500)=[{&(0x7f00000013c0), 0xfffffd90}], 0x1, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x23}}, 0x10) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10009, 0x0) [ 189.720771][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 189.737675][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 189.767743][ T7774] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 189.789263][ T7774] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 189.808912][ T7778] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 189.836575][ T7778] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network 01:53:07 executing program 1: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000240)='./file1\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f0000000080)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) openat(r0, &(0x7f0000000180)='.//ile0\x00', 0x0, 0x0) [ 189.888895][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 189.900418][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 189.923445][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 189.944985][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 189.957075][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 189.979022][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 190.000746][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 190.015098][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 190.039653][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready 01:53:08 executing program 1: syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='projid_map\x00') [ 190.066676][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 190.084789][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 190.092647][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 01:53:08 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000300)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r1, 0x0, 0x7f, 0x400200007fe, &(0x7f0000000080)={0x2, 0x10084e23, @local}, 0x10) write$binfmt_elf64(r1, &(0x7f0000000100)=ANY=[], 0x8a0eeccb) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000000)='yeah\x00', 0x5) recvmsg(r1, &(0x7f0000000240)={&(0x7f0000000740)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x7ffff005}], 0x1, &(0x7f0000000200)=""/20, 0xc2b}, 0x100) [ 190.164660][ T7785] device hsr_slave_0 entered promiscuous mode [ 190.227986][ T7785] device hsr_slave_1 entered promiscuous mode [ 190.303981][ T7783] 8021q: adding VLAN 0 to HW filter on device bond0 [ 190.326229][ T7774] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 190.361808][ T7783] 8021q: adding VLAN 0 to HW filter on device team0 [ 190.388445][ T7778] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 190.417955][ T280] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 190.431000][ T280] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 190.466672][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 190.487910][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready 01:53:08 executing program 2: r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ion\x00', 0x0, 0x0) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vsock\x00', 0x0, 0x0) accept$inet6(r1, 0x0, &(0x7f0000000140)) mkdirat(0xffffffffffffffff, 0x0, 0x0) prctl$PR_GET_NO_NEW_PRIVS(0x27) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x894, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x3102001bfe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000100)={0x80033d, 0x20000000209, 0x0, 0xffffffffffffffff}) r3 = dup2(r0, r2) ioctl$ION_IOC_ALLOC(r3, 0xc0184900, &(0x7f0000000000)={0x9cf0000008, 0x9}) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) connect(r4, &(0x7f0000987ff4)=@un=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) [ 190.515938][ T3483] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.523118][ T3483] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.543708][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.558643][ T3483] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.567581][ T3483] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.574740][ T3483] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.620962][ T7777] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 190.636591][ T7777] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 190.693013][ T7777] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 190.723973][ T7777] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 190.736724][ T7777] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.748426][ T7777] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 190.764967][ T7777] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 190.776800][ T7777] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 190.796984][ T7783] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 190.819383][ T7783] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 190.868664][ T7840] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 190.886491][ T7840] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 190.908092][ T7840] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 190.926339][ T7840] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 190.963566][ T7785] 8021q: adding VLAN 0 to HW filter on device bond0 [ 190.972565][ T7840] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 191.006008][ T7783] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 191.030271][ T7779] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 191.042103][ T7779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 191.053119][ T7785] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.091296][ T7779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 191.099958][ T7779] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 191.115646][ T7779] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.122796][ T7779] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.209107][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 191.219876][ T7857] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 191.227154][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 191.255667][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 191.267310][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.271864][ T7857] check_preemption_disabled: 2 callbacks suppressed [ 191.271886][ T7857] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/7857 [ 191.274464][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.281228][ T7857] caller is ip6_finish_output+0x335/0xdc0 [ 191.296802][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 191.297708][ T7857] CPU: 1 PID: 7857 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 191.304941][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 191.311272][ T7857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 191.311279][ T7857] Call Trace: [ 191.311307][ T7857] dump_stack+0x172/0x1f0 [ 191.311332][ T7857] __this_cpu_preempt_check+0x246/0x270 [ 191.311364][ T7857] ip6_finish_output+0x335/0xdc0 [ 191.311388][ T7857] ip6_output+0x235/0x7f0 [ 191.311407][ T7857] ? ip6_finish_output+0xdc0/0xdc0 [ 191.311425][ T7857] ? ip6_fragment+0x3980/0x3980 [ 191.311449][ T7857] ip6_xmit+0xe41/0x20c0 [ 191.311473][ T7857] ? ip6_finish_output2+0x2550/0x2550 [ 191.311489][ T7857] ? mark_held_locks+0xf0/0xf0 [ 191.311505][ T7857] ? ip6_setup_cork+0x1870/0x1870 [ 191.311535][ T7857] inet6_csk_xmit+0x2fb/0x5d0 [ 191.311549][ T7857] ? inet6_csk_update_pmtu+0x190/0x190 [ 191.311564][ T7857] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 191.311585][ T7857] ? csum_ipv6_magic+0x20/0x80 [ 191.311607][ T7857] __tcp_transmit_skb+0x1a32/0x3750 [ 191.311634][ T7857] ? __tcp_select_window+0x8b0/0x8b0 [ 191.311653][ T7857] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 191.311669][ T7857] ? tcp_fastopen_no_cookie+0xe0/0x190 [ 191.311685][ T7857] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 191.311705][ T7857] tcp_connect+0x1e47/0x4280 [ 191.328648][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 191.338666][ T7857] ? tcp_push_one+0x110/0x110 [ 191.338686][ T7857] ? secure_tcpv6_ts_off+0x24f/0x360 [ 191.338702][ T7857] ? secure_dccpv6_sequence_number+0x280/0x280 [ 191.338719][ T7857] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 191.338732][ T7857] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 191.338747][ T7857] ? prandom_u32_state+0x13/0x180 [ 191.338768][ T7857] tcp_v6_connect+0x150b/0x20a0 [ 191.338784][ T7857] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 191.338803][ T7857] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 191.338828][ T7857] ? find_held_lock+0x35/0x130 [ 191.338844][ T7857] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 191.338866][ T7857] __inet_stream_connect+0x83f/0xea0 [ 191.338878][ T7857] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 191.338893][ T7857] ? __inet_stream_connect+0x83f/0xea0 [ 191.338917][ T7857] ? inet_dgram_connect+0x2e0/0x2e0 [ 191.338943][ T7857] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 191.338959][ T7857] ? rcu_read_lock_sched_held+0x110/0x130 [ 191.338983][ T7857] ? kmem_cache_alloc_trace+0x354/0x760 [ 191.351314][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 191.352144][ T7857] ? __lock_acquire+0x548/0x3fb0 [ 191.352178][ T7857] tcp_sendmsg_locked+0x231f/0x37f0 [ 191.357820][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 191.361440][ T7857] ? mark_held_locks+0xf0/0xf0 [ 191.361460][ T7857] ? mark_held_locks+0xa4/0xf0 [ 191.361480][ T7857] ? tcp_sendpage+0x60/0x60 [ 191.361496][ T7857] ? lock_sock_nested+0x9a/0x120 [ 191.361511][ T7857] ? trace_hardirqs_on+0x67/0x230 [ 191.361525][ T7857] ? lock_sock_nested+0x9a/0x120 [ 191.361543][ T7857] ? __local_bh_enable_ip+0x15a/0x270 [ 191.361566][ T7857] tcp_sendmsg+0x30/0x50 [ 191.361581][ T7857] inet_sendmsg+0x147/0x5e0 [ 191.361595][ T7857] ? ipip_gro_receive+0x100/0x100 [ 191.361617][ T7857] sock_sendmsg+0xdd/0x130 [ 191.376504][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 191.381154][ T7857] __sys_sendto+0x262/0x380 [ 191.381175][ T7857] ? __ia32_sys_getpeername+0xb0/0xb0 [ 191.381209][ T7857] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 191.381240][ T7857] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 191.381255][ T7857] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 191.381277][ T7857] ? do_syscall_64+0x26/0x610 [ 191.390725][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 191.391046][ T7857] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 191.391070][ T7857] __x64_sys_sendto+0xe1/0x1a0 [ 191.391091][ T7857] do_syscall_64+0x103/0x610 [ 191.391111][ T7857] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 191.391123][ T7857] RIP: 0033:0x4582b9 [ 191.391139][ T7857] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 191.391155][ T7857] RSP: 002b:00007fce1764bc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 191.405487][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 191.407513][ T7857] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 191.416342][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 191.417452][ T7857] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 191.417462][ T7857] RBP: 000000000073bf00 R08: 00000000208d4fe4 R09: 000000000000001c [ 191.417471][ T7857] R10: 0000000020000008 R11: 0000000000000246 R12: 00007fce1764c6d4 [ 191.417480][ T7857] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 191.789700][ T7857] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/7857 [ 191.799119][ T7857] caller is ip6_finish_output+0x335/0xdc0 [ 191.804902][ T7857] CPU: 0 PID: 7857 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 191.813920][ T7857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 191.823973][ T7857] Call Trace: [ 191.827276][ T7857] dump_stack+0x172/0x1f0 [ 191.831616][ T7857] __this_cpu_preempt_check+0x246/0x270 [ 191.837174][ T7857] ip6_finish_output+0x335/0xdc0 [ 191.842124][ T7857] ip6_output+0x235/0x7f0 [ 191.846461][ T7857] ? ip6_finish_output+0xdc0/0xdc0 [ 191.851586][ T7857] ? ip6_fragment+0x3980/0x3980 [ 191.856459][ T7857] ip6_xmit+0xe41/0x20c0 [ 191.862249][ T7857] ? ip6_finish_output2+0x2550/0x2550 [ 191.867624][ T7857] ? mark_held_locks+0xf0/0xf0 [ 191.872400][ T7857] ? ip6_setup_cork+0x1870/0x1870 [ 191.877466][ T7857] inet6_csk_xmit+0x2fb/0x5d0 [ 191.882151][ T7857] ? inet6_csk_update_pmtu+0x190/0x190 [ 191.887625][ T7857] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 191.893874][ T7857] ? csum_ipv6_magic+0x20/0x80 [ 191.898652][ T7857] __tcp_transmit_skb+0x1a32/0x3750 [ 191.903862][ T7857] ? memcpy+0x46/0x50 [ 191.907855][ T7857] ? __tcp_select_window+0x8b0/0x8b0 [ 191.913158][ T7857] ? tcp_rbtree_insert+0x188/0x200 [ 191.918270][ T7857] tcp_send_synack+0x4b0/0x15b0 [ 191.923131][ T7857] ? tcp_send_active_reset+0x8e0/0x8e0 [ 191.928595][ T7857] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 191.934837][ T7857] ? tcp_sync_mss+0x2ee/0xa30 [ 191.939522][ T7857] tcp_rcv_state_process+0x225d/0x4d93 [ 191.944986][ T7857] ? tcp_finish_connect+0x510/0x510 [ 191.950194][ T7857] ? __release_sock+0xca/0x3a0 [ 191.954967][ T7857] ? find_held_lock+0x35/0x130 [ 191.959734][ T7857] ? mark_held_locks+0xa4/0xf0 [ 191.964523][ T7857] ? __local_bh_enable_ip+0x15a/0x270 [ 191.970549][ T7857] ? _raw_spin_unlock_bh+0x31/0x40 [ 191.975666][ T7857] ? __local_bh_enable_ip+0x15a/0x270 [ 191.981444][ T7857] tcp_v6_do_rcv+0x7da/0x12c0 [ 191.986123][ T7857] ? tcp_v6_do_rcv+0x7da/0x12c0 [ 191.991016][ T7857] __release_sock+0x12e/0x3a0 [ 191.995706][ T7857] release_sock+0x59/0x1c0 [ 192.000144][ T7857] __inet_stream_connect+0x59f/0xea0 [ 192.005535][ T7857] ? inet_dgram_connect+0x2e0/0x2e0 [ 192.010741][ T7857] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 192.016122][ T7857] ? do_wait_intr_irq+0x2b0/0x2b0 [ 192.021151][ T7857] ? __lock_acquire+0x548/0x3fb0 [ 192.026102][ T7857] tcp_sendmsg_locked+0x231f/0x37f0 [ 192.031308][ T7857] ? mark_held_locks+0xf0/0xf0 [ 192.036081][ T7857] ? mark_held_locks+0xa4/0xf0 [ 192.040858][ T7857] ? tcp_sendpage+0x60/0x60 [ 192.045375][ T7857] ? lock_sock_nested+0x9a/0x120 [ 192.050318][ T7857] ? trace_hardirqs_on+0x67/0x230 [ 192.055377][ T7857] ? lock_sock_nested+0x9a/0x120 [ 192.060321][ T7857] ? __local_bh_enable_ip+0x15a/0x270 [ 192.065723][ T7857] tcp_sendmsg+0x30/0x50 [ 192.069971][ T7857] inet_sendmsg+0x147/0x5e0 [ 192.074478][ T7857] ? ipip_gro_receive+0x100/0x100 [ 192.079524][ T7857] sock_sendmsg+0xdd/0x130 [ 192.083974][ T7857] __sys_sendto+0x262/0x380 [ 192.088483][ T7857] ? __ia32_sys_getpeername+0xb0/0xb0 [ 192.093882][ T7857] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 192.100141][ T7857] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 192.105606][ T7857] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 192.111068][ T7857] ? do_syscall_64+0x26/0x610 [ 192.115750][ T7857] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.121826][ T7857] __x64_sys_sendto+0xe1/0x1a0 [ 192.126605][ T7857] do_syscall_64+0x103/0x610 [ 192.131204][ T7857] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.137093][ T7857] RIP: 0033:0x4582b9 [ 192.140988][ T7857] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 192.160602][ T7857] RSP: 002b:00007fce1764bc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 192.169113][ T7857] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 192.177092][ T7857] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 192.185069][ T7857] RBP: 000000000073bf00 R08: 00000000208d4fe4 R09: 000000000000001c [ 192.193041][ T7857] R10: 0000000020000008 R11: 0000000000000246 R12: 00007fce1764c6d4 [ 192.201009][ T7857] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 192.215504][ T7785] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 192.227234][ T7785] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 192.228678][ T7857] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/7857 [ 192.244087][ T7857] caller is ip6_finish_output+0x335/0xdc0 [ 192.249820][ T7857] CPU: 1 PID: 7857 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 192.258842][ T7857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 192.263162][ T7785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 192.268930][ T7857] Call Trace: [ 192.278978][ T7857] dump_stack+0x172/0x1f0 [ 192.283335][ T7857] __this_cpu_preempt_check+0x246/0x270 [ 192.288912][ T7857] ip6_finish_output+0x335/0xdc0 [ 192.293881][ T7857] ip6_output+0x235/0x7f0 [ 192.298234][ T7857] ? ip6_finish_output+0xdc0/0xdc0 [ 192.303372][ T7857] ? ip6_fragment+0x3980/0x3980 [ 192.303396][ T7857] ip6_xmit+0xe41/0x20c0 [ 192.303410][ T7857] ? find_held_lock+0x35/0x130 [ 192.303440][ T7857] ? ip6_finish_output2+0x2550/0x2550 [ 192.303455][ T7857] ? mark_held_locks+0xf0/0xf0 [ 192.303470][ T7857] ? ip6_setup_cork+0x1870/0x1870 [ 192.303499][ T7857] inet6_csk_xmit+0x2fb/0x5d0 [ 192.303512][ T7857] ? inet6_csk_update_pmtu+0x190/0x190 [ 192.303525][ T7857] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.303546][ T7857] ? csum_ipv6_magic+0x20/0x80 [ 192.312792][ T7857] __tcp_transmit_skb+0x1a32/0x3750 [ 192.312816][ T7857] ? __tcp_select_window+0x8b0/0x8b0 [ 192.312835][ T7857] ? tcp_mstamp_refresh+0x16/0xa0 [ 192.312852][ T7857] __tcp_send_ack.part.0+0x3c6/0x5b0 [ 192.312879][ T7857] tcp_send_ack+0x88/0xa0 [ 192.379088][ T7857] tcp_send_challenge_ack.isra.0+0x250/0x300 [ 192.385089][ T7857] tcp_validate_incoming+0x55e/0x1660 [ 192.390487][ T7857] tcp_rcv_state_process+0xb6b/0x4d93 [ 192.395873][ T7857] ? tcp_finish_connect+0x510/0x510 [ 192.401113][ T7857] ? __release_sock+0xca/0x3a0 [ 192.405892][ T7857] ? find_held_lock+0x35/0x130 [ 192.410677][ T7857] ? mark_held_locks+0xa4/0xf0 [ 192.415457][ T7857] ? __local_bh_enable_ip+0x15a/0x270 [ 192.420840][ T7857] ? _raw_spin_unlock_bh+0x31/0x40 [ 192.425970][ T7857] ? __local_bh_enable_ip+0x15a/0x270 [ 192.431367][ T7857] tcp_v6_do_rcv+0x7da/0x12c0 [ 192.436066][ T7857] ? tcp_v6_do_rcv+0x7da/0x12c0 [ 192.440947][ T7857] __release_sock+0x12e/0x3a0 [ 192.445647][ T7857] release_sock+0x59/0x1c0 [ 192.450078][ T7857] __inet_stream_connect+0x59f/0xea0 [ 192.455392][ T7857] ? inet_dgram_connect+0x2e0/0x2e0 [ 192.460603][ T7857] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 192.465982][ T7857] ? do_wait_intr_irq+0x2b0/0x2b0 [ 192.471008][ T7857] ? __lock_acquire+0x548/0x3fb0 [ 192.475963][ T7857] tcp_sendmsg_locked+0x231f/0x37f0 [ 192.481176][ T7857] ? mark_held_locks+0xf0/0xf0 [ 192.485953][ T7857] ? mark_held_locks+0xa4/0xf0 [ 192.490728][ T7857] ? tcp_sendpage+0x60/0x60 [ 192.495238][ T7857] ? lock_sock_nested+0x9a/0x120 [ 192.500190][ T7857] ? trace_hardirqs_on+0x67/0x230 [ 192.505225][ T7857] ? lock_sock_nested+0x9a/0x120 [ 192.510181][ T7857] ? __local_bh_enable_ip+0x15a/0x270 [ 192.515575][ T7857] tcp_sendmsg+0x30/0x50 [ 192.519822][ T7857] inet_sendmsg+0x147/0x5e0 [ 192.524332][ T7857] ? ipip_gro_receive+0x100/0x100 [ 192.529403][ T7857] sock_sendmsg+0xdd/0x130 [ 192.533833][ T7857] __sys_sendto+0x262/0x380 [ 192.538345][ T7857] ? __ia32_sys_getpeername+0xb0/0xb0 [ 192.543753][ T7857] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 192.550013][ T7857] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 192.555482][ T7857] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 192.560952][ T7857] ? do_syscall_64+0x26/0x610 [ 192.565638][ T7857] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.571719][ T7857] __x64_sys_sendto+0xe1/0x1a0 [ 192.576493][ T7857] do_syscall_64+0x103/0x610 [ 192.581097][ T7857] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.586992][ T7857] RIP: 0033:0x4582b9 [ 192.590889][ T7857] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 01:53:10 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3) write$binfmt_elf64(r0, &(0x7f0000001380)=ANY=[@ANYBLOB="7f454c4600000000000000000000000000003e00000000000000000000000000400000000000000000000000000000000000000000003800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000034e40d010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002f839a95000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f95c9d0ec9fb42d92d471cbe500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000068cf59650ca795caea7d00"/1133], 0x46d) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) sendto$inet(r0, &(0x7f0000000f40)="03f4a2c970de1d9c3776a9481255ced5dbc57fe63cd931916a02bae17f7850aea473b1c2395dcc0f572febcadeb7fa0f2ee9dc78ccc69169ccfc0bf46dbaba25f3f5a75b77654c0cb9989ea026da080991348232bc2541328a29ec7e06942980144d2ae1b8811ef7af232c4bcb7d89d1aafda6e27d68ed8047debe4f6acdb39851142538045af7a37276d45101a908acd7e6586aaa477a1ed765207d078f68d3f09646ebb175b64f48673bab39a740b280f8876953befe1c9eb8b1494786cdda1a87dbce11989c23041ee13071a5af0e17e267cc0bf8e310b695e5f3bf0f5e0a5ba3393a682e7d0cc9a93e2c8faa4f71f684e0ac9feb65e2", 0xf8, 0x0, 0x0, 0x0) 01:53:10 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600)) r1 = syz_open_pts(r0, 0x0) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x12}) 01:53:10 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="c7da5f1a", 0x4) fcntl$setstatus(r1, 0x4, 0x2001) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='pagemap\x00') sendfile(r1, r2, 0x0, 0x10000000000443) 01:53:10 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x1, 0x0) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f00000066c0), 0xa0d, 0x0, 0x0) getpid() [ 192.610502][ T7857] RSP: 002b:00007fce1764bc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 192.618935][ T7857] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 192.626913][ T7857] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 192.626928][ T7857] RBP: 000000000073bf00 R08: 00000000208d4fe4 R09: 000000000000001c [ 192.626937][ T7857] R10: 0000000020000008 R11: 0000000000000246 R12: 00007fce1764c6d4 [ 192.626945][ T7857] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 192.660235][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 192.671628][ T7860] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/7860 [ 192.680942][ T7860] caller is ip6_finish_output+0x335/0xdc0 [ 192.686735][ T7860] CPU: 0 PID: 7860 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 192.695776][ T7860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 192.705834][ T7860] Call Trace: [ 192.709141][ T7860] dump_stack+0x172/0x1f0 [ 192.713480][ T7860] __this_cpu_preempt_check+0x246/0x270 [ 192.719033][ T7860] ip6_finish_output+0x335/0xdc0 [ 192.723992][ T7860] ip6_output+0x235/0x7f0 [ 192.728320][ T7860] ? ip6_finish_output+0xdc0/0xdc0 [ 192.733458][ T7860] ? ip6_fragment+0x3980/0x3980 [ 192.738316][ T7860] ip6_xmit+0xe41/0x20c0 [ 192.742564][ T7860] ? ip6_finish_output2+0x2550/0x2550 [ 192.747951][ T7860] ? mark_held_locks+0xf0/0xf0 [ 192.752718][ T7860] ? ip6_setup_cork+0x1870/0x1870 [ 192.757769][ T7860] inet6_csk_xmit+0x2fb/0x5d0 [ 192.762991][ T7860] ? inet6_csk_update_pmtu+0x190/0x190 [ 192.768459][ T7860] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.774707][ T7860] ? csum_ipv6_magic+0x20/0x80 [ 192.779483][ T7860] __tcp_transmit_skb+0x1a32/0x3750 [ 192.784695][ T7860] ? __tcp_select_window+0x8b0/0x8b0 [ 192.789975][ T7860] ? lockdep_hardirqs_on+0x418/0x5d0 [ 192.795266][ T7860] ? trace_hardirqs_on+0x67/0x230 [ 192.800315][ T7860] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 192.806098][ T7860] tcp_write_xmit+0xe39/0x5660 [ 192.810859][ T7860] ? tcp_current_mss+0x239/0x390 [ 192.815812][ T7860] tcp_push_one+0xd7/0x110 [ 192.820233][ T7860] do_tcp_sendpages+0x115b/0x1b80 [ 192.825285][ T7860] ? sk_stream_alloc_skb+0xd10/0xd10 [ 192.839255][ T7860] ? __local_bh_enable_ip+0x15a/0x270 [ 192.844636][ T7860] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 192.850380][ T7860] tcp_sendpage_locked+0x84/0xd0 [ 192.855344][ T7860] tcp_sendpage+0x3f/0x60 [ 192.860113][ T7860] ? tcp_sendpage_locked+0xd0/0xd0 [ 192.865227][ T7860] inet_sendpage+0x16b/0x630 [ 192.869822][ T7860] kernel_sendpage+0x95/0xf0 [ 192.874405][ T7860] ? inet_sendmsg+0x5e0/0x5e0 [ 192.879084][ T7860] sock_sendpage+0x8b/0xc0 [ 192.883592][ T7860] pipe_to_sendpage+0x299/0x370 [ 192.888443][ T7860] ? kernel_sendpage+0xf0/0xf0 [ 192.893204][ T7860] ? direct_splice_actor+0x1a0/0x1a0 [ 192.898489][ T7860] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.904727][ T7860] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 192.910792][ T7860] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 192.917036][ T7860] __splice_from_pipe+0x395/0x7d0 [ 192.922060][ T7860] ? direct_splice_actor+0x1a0/0x1a0 [ 192.927351][ T7860] ? direct_splice_actor+0x1a0/0x1a0 [ 192.932643][ T7860] splice_from_pipe+0x108/0x170 [ 192.937492][ T7860] ? splice_shrink_spd+0xd0/0xd0 [ 192.942445][ T7860] generic_splice_sendpage+0x3c/0x50 [ 192.947725][ T7860] ? splice_from_pipe+0x170/0x170 [ 192.952745][ T7860] direct_splice_actor+0x126/0x1a0 [ 192.957860][ T7860] splice_direct_to_actor+0x369/0x970 [ 192.963232][ T7860] ? generic_pipe_buf_nosteal+0x10/0x10 [ 192.968796][ T7860] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.975040][ T7860] ? do_splice_to+0x190/0x190 [ 192.979725][ T7860] ? rw_verify_area+0x118/0x360 [ 192.984584][ T7860] do_splice_direct+0x1da/0x2a0 [ 192.989451][ T7860] ? splice_direct_to_actor+0x970/0x970 [ 192.995006][ T7860] ? rw_verify_area+0x118/0x360 [ 192.999856][ T7860] do_sendfile+0x597/0xd00 [ 193.004284][ T7860] ? do_compat_pwritev64+0x1c0/0x1c0 [ 193.009567][ T7860] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 193.015802][ T7860] ? put_timespec64+0xda/0x140 [ 193.020588][ T7860] __x64_sys_sendfile64+0x1dd/0x220 [ 193.025787][ T7860] ? __ia32_sys_sendfile+0x230/0x230 [ 193.031070][ T7860] ? do_syscall_64+0x26/0x610 [ 193.035750][ T7860] ? lockdep_hardirqs_on+0x418/0x5d0 [ 193.041031][ T7860] ? trace_hardirqs_on+0x67/0x230 [ 193.046064][ T7860] do_syscall_64+0x103/0x610 [ 193.050662][ T7860] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 193.056558][ T7860] RIP: 0033:0x4582b9 [ 193.060455][ T7860] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 193.080068][ T7860] RSP: 002b:00007fce175e8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 193.088473][ T7860] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 193.096450][ T7860] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000006 [ 193.104418][ T7860] RBP: 000000000073c0e0 R08: 0000000000000000 R09: 0000000000000000 [ 193.112392][ T7860] R10: 00008000fffffffe R11: 0000000000000246 R12: 00007fce175e96d4 [ 193.120371][ T7860] R13: 00000000004c5227 R14: 00000000004d9368 R15: 00000000ffffffff [ 193.133283][ T7860] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/7860 [ 193.142671][ T7860] caller is ip6_finish_output+0x335/0xdc0 [ 193.148399][ T7860] CPU: 1 PID: 7860 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 193.157412][ T7860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 193.160183][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 193.167466][ T7860] Call Trace: [ 193.167493][ T7860] dump_stack+0x172/0x1f0 [ 193.167517][ T7860] __this_cpu_preempt_check+0x246/0x270 [ 193.167538][ T7860] ip6_finish_output+0x335/0xdc0 [ 193.167560][ T7860] ip6_output+0x235/0x7f0 [ 193.167582][ T7860] ? ip6_finish_output+0xdc0/0xdc0 [ 193.202763][ T7860] ? ip6_fragment+0x3980/0x3980 [ 193.207619][ T7860] ip6_xmit+0xe41/0x20c0 [ 193.211871][ T7860] ? ip6_finish_output2+0x2550/0x2550 [ 193.217241][ T7860] ? mark_held_locks+0xf0/0xf0 [ 193.222004][ T7860] ? ip6_setup_cork+0x1870/0x1870 [ 193.227033][ T7860] ? inet6_csk_route_socket+0x715/0xf40 [ 193.232677][ T7860] inet6_csk_xmit+0x2fb/0x5d0 [ 193.237364][ T7860] ? inet6_csk_update_pmtu+0x190/0x190 [ 193.242826][ T7860] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 193.249076][ T7860] ? csum_ipv6_magic+0x20/0x80 [ 193.253849][ T7860] __tcp_transmit_skb+0x1a32/0x3750 [ 193.259056][ T7860] ? __tcp_select_window+0x8b0/0x8b0 [ 193.264338][ T7860] ? lockdep_hardirqs_on+0x418/0x5d0 [ 193.269630][ T7860] ? trace_hardirqs_on+0x67/0x230 [ 193.274657][ T7860] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 193.280388][ T7860] tcp_write_xmit+0xe39/0x5660 [ 193.285172][ T7860] __tcp_push_pending_frames+0xb4/0x350 [ 193.290720][ T7860] do_tcp_sendpages+0x167b/0x1b80 [ 193.295763][ T7860] ? sk_stream_alloc_skb+0xd10/0xd10 [ 193.301043][ T7860] ? __local_bh_enable_ip+0x15a/0x270 [ 193.306424][ T7860] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 193.312148][ T7860] tcp_sendpage_locked+0x84/0xd0 [ 193.317086][ T7860] tcp_sendpage+0x3f/0x60 [ 193.321413][ T7860] ? tcp_sendpage_locked+0xd0/0xd0 [ 193.326526][ T7860] inet_sendpage+0x16b/0x630 [ 193.331120][ T7860] kernel_sendpage+0x95/0xf0 [ 193.335724][ T7860] ? inet_sendmsg+0x5e0/0x5e0 [ 193.340415][ T7860] sock_sendpage+0x8b/0xc0 [ 193.344835][ T7860] pipe_to_sendpage+0x299/0x370 [ 193.349683][ T7860] ? kernel_sendpage+0xf0/0xf0 [ 193.354447][ T7860] ? direct_splice_actor+0x1a0/0x1a0 [ 193.359733][ T7860] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 193.365979][ T7860] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 193.372135][ T7860] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 193.378396][ T7860] __splice_from_pipe+0x395/0x7d0 [ 193.383458][ T7860] ? direct_splice_actor+0x1a0/0x1a0 [ 193.388746][ T7860] ? direct_splice_actor+0x1a0/0x1a0 [ 193.394030][ T7860] splice_from_pipe+0x108/0x170 [ 193.398881][ T7860] ? splice_shrink_spd+0xd0/0xd0 [ 193.403829][ T7860] generic_splice_sendpage+0x3c/0x50 [ 193.409111][ T7860] ? splice_from_pipe+0x170/0x170 [ 193.414139][ T7860] direct_splice_actor+0x126/0x1a0 [ 193.419253][ T7860] splice_direct_to_actor+0x369/0x970 [ 193.424624][ T7860] ? generic_pipe_buf_nosteal+0x10/0x10 [ 193.430285][ T7860] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 193.436548][ T7860] ? do_splice_to+0x190/0x190 [ 193.441235][ T7860] ? rw_verify_area+0x118/0x360 [ 193.446092][ T7860] do_splice_direct+0x1da/0x2a0 [ 193.450951][ T7860] ? splice_direct_to_actor+0x970/0x970 [ 193.456504][ T7860] ? rw_verify_area+0x118/0x360 [ 193.461367][ T7860] do_sendfile+0x597/0xd00 [ 193.465793][ T7860] ? do_compat_pwritev64+0x1c0/0x1c0 [ 193.471075][ T7860] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 193.477428][ T7860] ? put_timespec64+0xda/0x140 [ 193.482215][ T7860] __x64_sys_sendfile64+0x1dd/0x220 [ 193.487414][ T7860] ? __ia32_sys_sendfile+0x230/0x230 [ 193.492804][ T7860] ? do_syscall_64+0x26/0x610 [ 193.497481][ T7860] ? lockdep_hardirqs_on+0x418/0x5d0 [ 193.502763][ T7860] ? trace_hardirqs_on+0x67/0x230 [ 193.507788][ T7860] do_syscall_64+0x103/0x610 [ 193.512397][ T7860] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 193.518296][ T7860] RIP: 0033:0x4582b9 [ 193.522185][ T7860] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 193.541780][ T7860] RSP: 002b:00007fce175e8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 193.550187][ T7860] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 193.558156][ T7860] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000006 [ 193.566124][ T7860] RBP: 000000000073c0e0 R08: 0000000000000000 R09: 0000000000000000 [ 193.574091][ T7860] R10: 00008000fffffffe R11: 0000000000000246 R12: 00007fce175e96d4 [ 193.582057][ T7860] R13: 00000000004c5227 R14: 00000000004d9368 R15: 00000000ffffffff [ 193.735548][ T7860] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/7860 [ 193.744999][ T7860] caller is ip6_finish_output+0x335/0xdc0 [ 193.750741][ T7860] CPU: 0 PID: 7860 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 193.759760][ T7860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 193.769813][ T7860] Call Trace: [ 193.769840][ T7860] dump_stack+0x172/0x1f0 [ 193.769865][ T7860] __this_cpu_preempt_check+0x246/0x270 [ 193.769891][ T7860] ip6_finish_output+0x335/0xdc0 [ 193.777503][ T7860] ip6_output+0x235/0x7f0 [ 193.777524][ T7860] ? ip6_finish_output+0xdc0/0xdc0 [ 193.777544][ T7860] ? ip6_fragment+0x3980/0x3980 [ 193.777567][ T7860] ip6_xmit+0xe41/0x20c0 [ 193.806546][ T7860] ? ip6_finish_output2+0x2550/0x2550 [ 193.811932][ T7860] ? mark_held_locks+0xf0/0xf0 [ 193.816708][ T7860] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 193.822955][ T7860] ? ip6_setup_cork+0x1870/0x1870 [ 193.827971][ T7860] ? inet6_csk_route_socket+0x715/0xf40 [ 193.833685][ T7860] inet6_csk_xmit+0x2fb/0x5d0 [ 193.838347][ T7860] ? inet6_csk_update_pmtu+0x190/0x190 [ 193.843798][ T7860] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 193.850030][ T7860] ? csum_ipv6_magic+0x20/0x80 [ 193.854801][ T7860] __tcp_transmit_skb+0x1a32/0x3750 [ 193.860004][ T7860] ? __tcp_select_window+0x8b0/0x8b0 [ 193.865302][ T7860] ? mark_lock+0x1340/0x1380 [ 193.869887][ T7860] ? ktime_get+0x105/0x300 [ 193.874283][ T7860] ? tcp_mstamp_refresh+0x16/0xa0 [ 193.879287][ T7860] ? ktime_get+0x105/0x300 [ 193.883689][ T7860] __tcp_send_ack.part.0+0x3c6/0x5b0 [ 193.888956][ T7860] tcp_send_ack+0x88/0xa0 [ 193.893287][ T7860] __tcp_ack_snd_check+0x165/0x8d0 [ 193.898398][ T7860] tcp_rcv_established+0x175d/0x1fb0 [ 193.903671][ T7860] ? tcp_data_queue+0x4840/0x4840 [ 193.908701][ T7860] ? __local_bh_enable_ip+0x100/0x270 [ 193.914056][ T7860] ? _raw_spin_unlock_bh+0x31/0x40 [ 193.919149][ T7860] ? __local_bh_enable_ip+0x15a/0x270 [ 193.924505][ T7860] ? lockdep_hardirqs_on+0x418/0x5d0 [ 193.929775][ T7860] tcp_v6_do_rcv+0x421/0x12c0 [ 193.934443][ T7860] __release_sock+0x12e/0x3a0 [ 193.939107][ T7860] release_sock+0x59/0x1c0 [ 193.943509][ T7860] tcp_sendpage+0x4a/0x60 [ 193.947839][ T7860] ? tcp_sendpage_locked+0xd0/0xd0 [ 193.952950][ T7860] inet_sendpage+0x16b/0x630 [ 193.957550][ T7860] kernel_sendpage+0x95/0xf0 [ 193.962123][ T7860] ? inet_sendmsg+0x5e0/0x5e0 [ 193.967261][ T7860] sock_sendpage+0x8b/0xc0 [ 193.971670][ T7860] pipe_to_sendpage+0x299/0x370 [ 193.976511][ T7860] ? kernel_sendpage+0xf0/0xf0 [ 193.981259][ T7860] ? direct_splice_actor+0x1a0/0x1a0 [ 193.986529][ T7860] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 193.992752][ T7860] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 193.998813][ T7860] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 194.005056][ T7860] __splice_from_pipe+0x395/0x7d0 [ 194.010072][ T7860] ? direct_splice_actor+0x1a0/0x1a0 [ 194.015462][ T7860] ? direct_splice_actor+0x1a0/0x1a0 [ 194.020732][ T7860] splice_from_pipe+0x108/0x170 [ 194.025589][ T7860] ? splice_shrink_spd+0xd0/0xd0 [ 194.030534][ T7860] generic_splice_sendpage+0x3c/0x50 [ 194.035828][ T7860] ? splice_from_pipe+0x170/0x170 [ 194.040835][ T7860] direct_splice_actor+0x126/0x1a0 [ 194.045931][ T7860] splice_direct_to_actor+0x369/0x970 [ 194.051290][ T7860] ? generic_pipe_buf_nosteal+0x10/0x10 [ 194.056820][ T7860] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.063065][ T7860] ? do_splice_to+0x190/0x190 [ 194.067746][ T7860] ? rw_verify_area+0x118/0x360 [ 194.072580][ T7860] do_splice_direct+0x1da/0x2a0 [ 194.077419][ T7860] ? splice_direct_to_actor+0x970/0x970 [ 194.082957][ T7860] ? rw_verify_area+0x118/0x360 [ 194.087792][ T7860] do_sendfile+0x597/0xd00 [ 194.092206][ T7860] ? do_compat_pwritev64+0x1c0/0x1c0 [ 194.097477][ T7860] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 194.103709][ T7860] ? put_timespec64+0xda/0x140 [ 194.108480][ T7860] __x64_sys_sendfile64+0x1dd/0x220 [ 194.113674][ T7860] ? __ia32_sys_sendfile+0x230/0x230 [ 194.118958][ T7860] ? do_syscall_64+0x26/0x610 [ 194.123616][ T7860] ? lockdep_hardirqs_on+0x418/0x5d0 [ 194.128884][ T7860] ? trace_hardirqs_on+0x67/0x230 [ 194.133910][ T7860] do_syscall_64+0x103/0x610 [ 194.138494][ T7860] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.144375][ T7860] RIP: 0033:0x4582b9 [ 194.148264][ T7860] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 194.167864][ T7860] RSP: 002b:00007fce175e8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 194.176268][ T7860] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 194.184237][ T7860] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000006 [ 194.192186][ T7860] RBP: 000000000073c0e0 R08: 0000000000000000 R09: 0000000000000000 [ 194.200138][ T7860] R10: 00008000fffffffe R11: 0000000000000246 R12: 00007fce175e96d4 [ 194.208090][ T7860] R13: 00000000004c5227 R14: 00000000004d9368 R15: 00000000ffffffff [ 194.222123][ T7860] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/7860 [ 194.231499][ T7860] caller is ip6_finish_output+0x335/0xdc0 [ 194.237260][ T7860] CPU: 0 PID: 7860 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 194.246276][ T7860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 194.256323][ T7860] Call Trace: [ 194.259633][ T7860] dump_stack+0x172/0x1f0 [ 194.263970][ T7860] __this_cpu_preempt_check+0x246/0x270 [ 194.269522][ T7860] ip6_finish_output+0x335/0xdc0 [ 194.274468][ T7860] ip6_output+0x235/0x7f0 [ 194.278805][ T7860] ? ip6_finish_output+0xdc0/0xdc0 [ 194.283921][ T7860] ? ip6_fragment+0x3980/0x3980 [ 194.288777][ T7860] ip6_xmit+0xe41/0x20c0 [ 194.293039][ T7860] ? ip6_finish_output2+0x2550/0x2550 [ 194.298412][ T7860] ? mark_held_locks+0xf0/0xf0 [ 194.303185][ T7860] ? ip6_setup_cork+0x1870/0x1870 [ 194.308224][ T7860] inet6_csk_xmit+0x2fb/0x5d0 [ 194.312905][ T7860] ? inet6_csk_update_pmtu+0x190/0x190 [ 194.318390][ T7860] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.324646][ T7860] ? csum_ipv6_magic+0x20/0x80 [ 194.329446][ T7860] __tcp_transmit_skb+0x1a32/0x3750 [ 194.334659][ T7860] ? __tcp_select_window+0x8b0/0x8b0 [ 194.339941][ T7860] ? lockdep_hardirqs_on+0x418/0x5d0 [ 194.345227][ T7860] ? trace_hardirqs_on+0x67/0x230 [ 194.350252][ T7860] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 194.355977][ T7860] tcp_write_xmit+0xe39/0x5660 [ 194.360737][ T7860] ? tcp_established_options+0x29d/0x4d0 [ 194.366397][ T7860] __tcp_push_pending_frames+0xb4/0x350 [ 194.371949][ T7860] tcp_rcv_established+0x1974/0x1fb0 [ 194.377236][ T7860] ? tcp_data_queue+0x4840/0x4840 [ 194.382261][ T7860] ? __local_bh_enable_ip+0x15a/0x270 [ 194.387640][ T7860] ? _raw_spin_unlock_bh+0x31/0x40 [ 194.392748][ T7860] ? __local_bh_enable_ip+0x15a/0x270 [ 194.398121][ T7860] ? lockdep_hardirqs_on+0x418/0x5d0 [ 194.403412][ T7860] tcp_v6_do_rcv+0x421/0x12c0 [ 194.408109][ T7860] __release_sock+0x12e/0x3a0 [ 194.412792][ T7860] release_sock+0x59/0x1c0 [ 194.417228][ T7860] tcp_sendpage+0x4a/0x60 [ 194.421554][ T7860] ? tcp_sendpage_locked+0xd0/0xd0 [ 194.426663][ T7860] inet_sendpage+0x16b/0x630 [ 194.431258][ T7860] kernel_sendpage+0x95/0xf0 [ 194.435844][ T7860] ? inet_sendmsg+0x5e0/0x5e0 [ 194.440536][ T7860] sock_sendpage+0x8b/0xc0 [ 194.444964][ T7860] pipe_to_sendpage+0x299/0x370 [ 194.449823][ T7860] ? kernel_sendpage+0xf0/0xf0 [ 194.454597][ T7860] ? direct_splice_actor+0x1a0/0x1a0 [ 194.459882][ T7860] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.466124][ T7860] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 194.472192][ T7860] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 194.478438][ T7860] __splice_from_pipe+0x395/0x7d0 [ 194.483462][ T7860] ? direct_splice_actor+0x1a0/0x1a0 [ 194.488765][ T7860] ? direct_splice_actor+0x1a0/0x1a0 [ 194.494066][ T7860] splice_from_pipe+0x108/0x170 [ 194.498922][ T7860] ? splice_shrink_spd+0xd0/0xd0 [ 194.503875][ T7860] generic_splice_sendpage+0x3c/0x50 [ 194.509154][ T7860] ? splice_from_pipe+0x170/0x170 [ 194.514188][ T7860] direct_splice_actor+0x126/0x1a0 [ 194.519310][ T7860] splice_direct_to_actor+0x369/0x970 [ 194.524681][ T7860] ? generic_pipe_buf_nosteal+0x10/0x10 [ 194.530235][ T7860] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.536482][ T7860] ? do_splice_to+0x190/0x190 [ 194.541173][ T7860] ? rw_verify_area+0x118/0x360 [ 194.546023][ T7860] do_splice_direct+0x1da/0x2a0 [ 194.550874][ T7860] ? splice_direct_to_actor+0x970/0x970 [ 194.556434][ T7860] ? rw_verify_area+0x118/0x360 [ 194.561289][ T7860] do_sendfile+0x597/0xd00 [ 194.565728][ T7860] ? do_compat_pwritev64+0x1c0/0x1c0 [ 194.571007][ T7860] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 194.577259][ T7860] ? put_timespec64+0xda/0x140 [ 194.582052][ T7860] __x64_sys_sendfile64+0x1dd/0x220 [ 194.587263][ T7860] ? __ia32_sys_sendfile+0x230/0x230 [ 194.592554][ T7860] ? do_syscall_64+0x26/0x610 [ 194.597231][ T7860] ? lockdep_hardirqs_on+0x418/0x5d0 [ 194.602516][ T7860] ? trace_hardirqs_on+0x67/0x230 [ 194.607552][ T7860] do_syscall_64+0x103/0x610 [ 194.612154][ T7860] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.618041][ T7860] RIP: 0033:0x4582b9 [ 194.621988][ T7860] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 194.641593][ T7860] RSP: 002b:00007fce175e8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 194.650003][ T7860] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 194.657970][ T7860] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000006 [ 194.665936][ T7860] RBP: 000000000073c0e0 R08: 0000000000000000 R09: 0000000000000000 [ 194.673909][ T7860] R10: 00008000fffffffe R11: 0000000000000246 R12: 00007fce175e96d4 [ 194.681906][ T7860] R13: 00000000004c5227 R14: 00000000004d9368 R15: 00000000ffffffff [ 194.708134][ T7860] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/7860 [ 194.717742][ T7860] caller is ip6_finish_output+0x335/0xdc0 [ 194.723569][ T7860] CPU: 0 PID: 7860 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 194.732594][ T7860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 194.742658][ T7860] Call Trace: [ 194.745952][ T7860] dump_stack+0x172/0x1f0 [ 194.750289][ T7860] __this_cpu_preempt_check+0x246/0x270 [ 194.755870][ T7860] ip6_finish_output+0x335/0xdc0 [ 194.760850][ T7860] ip6_output+0x235/0x7f0 [ 194.765185][ T7860] ? ip6_finish_output+0xdc0/0xdc0 [ 194.770303][ T7860] ? ip6_fragment+0x3980/0x3980 [ 194.775164][ T7860] ip6_xmit+0xe41/0x20c0 [ 194.779435][ T7860] ? ip6_finish_output2+0x2550/0x2550 [ 194.784810][ T7860] ? mark_held_locks+0xf0/0xf0 [ 194.789575][ T7860] ? ip6_setup_cork+0x1870/0x1870 [ 194.794617][ T7860] inet6_csk_xmit+0x2fb/0x5d0 [ 194.799298][ T7860] ? inet6_csk_update_pmtu+0x190/0x190 [ 194.804758][ T7860] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.811005][ T7860] ? csum_ipv6_magic+0x20/0x80 [ 194.815780][ T7860] __tcp_transmit_skb+0x1a32/0x3750 [ 194.820987][ T7860] ? __tcp_select_window+0x8b0/0x8b0 [ 194.826268][ T7860] ? lockdep_hardirqs_on+0x418/0x5d0 [ 194.831561][ T7860] ? trace_hardirqs_on+0x67/0x230 [ 194.836591][ T7860] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 194.842332][ T7860] tcp_write_xmit+0xe39/0x5660 [ 194.847103][ T7860] ? tcp_enter_memory_pressure+0x130/0x130 [ 194.852931][ T7860] tcp_push_one+0xd7/0x110 [ 194.857351][ T7860] do_tcp_sendpages+0x115b/0x1b80 [ 194.862412][ T7860] ? sk_stream_alloc_skb+0xd10/0xd10 [ 194.867704][ T7860] ? __local_bh_enable_ip+0x15a/0x270 [ 194.873105][ T7860] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 194.878826][ T7860] tcp_sendpage_locked+0x84/0xd0 [ 194.883950][ T7860] tcp_sendpage+0x3f/0x60 [ 194.888287][ T7860] ? tcp_sendpage_locked+0xd0/0xd0 [ 194.893403][ T7860] inet_sendpage+0x16b/0x630 [ 194.898010][ T7860] kernel_sendpage+0x95/0xf0 [ 194.902599][ T7860] ? inet_sendmsg+0x5e0/0x5e0 [ 194.907279][ T7860] sock_sendpage+0x8b/0xc0 [ 194.911717][ T7860] pipe_to_sendpage+0x299/0x370 [ 194.916568][ T7860] ? kernel_sendpage+0xf0/0xf0 [ 194.921331][ T7860] ? direct_splice_actor+0x1a0/0x1a0 [ 194.926625][ T7860] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.932864][ T7860] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 194.938932][ T7860] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 194.945177][ T7860] __splice_from_pipe+0x395/0x7d0 [ 194.950200][ T7860] ? direct_splice_actor+0x1a0/0x1a0 [ 194.955489][ T7860] ? direct_splice_actor+0x1a0/0x1a0 [ 194.960773][ T7860] splice_from_pipe+0x108/0x170 [ 194.965626][ T7860] ? splice_shrink_spd+0xd0/0xd0 [ 194.970580][ T7860] generic_splice_sendpage+0x3c/0x50 [ 194.975860][ T7860] ? splice_from_pipe+0x170/0x170 [ 194.980882][ T7860] direct_splice_actor+0x126/0x1a0 [ 194.985999][ T7860] splice_direct_to_actor+0x369/0x970 [ 194.991378][ T7860] ? generic_pipe_buf_nosteal+0x10/0x10 [ 194.996926][ T7860] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 195.003165][ T7860] ? do_splice_to+0x190/0x190 [ 195.007851][ T7860] ? rw_verify_area+0x118/0x360 [ 195.012704][ T7860] do_splice_direct+0x1da/0x2a0 [ 195.017556][ T7860] ? splice_direct_to_actor+0x970/0x970 [ 195.023108][ T7860] ? rw_verify_area+0x118/0x360 [ 195.027962][ T7860] do_sendfile+0x597/0xd00 [ 195.032397][ T7860] ? do_compat_pwritev64+0x1c0/0x1c0 [ 195.037685][ T7860] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 195.043933][ T7860] ? put_timespec64+0xda/0x140 [ 195.048727][ T7860] __x64_sys_sendfile64+0x1dd/0x220 [ 195.053931][ T7860] ? __ia32_sys_sendfile+0x230/0x230 [ 195.059218][ T7860] ? do_syscall_64+0x26/0x610 [ 195.063894][ T7860] ? lockdep_hardirqs_on+0x418/0x5d0 [ 195.069177][ T7860] ? trace_hardirqs_on+0x67/0x230 [ 195.074205][ T7860] do_syscall_64+0x103/0x610 [ 195.078800][ T7860] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 195.084688][ T7860] RIP: 0033:0x4582b9 [ 195.088583][ T7860] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 195.108199][ T7860] RSP: 002b:00007fce175e8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 195.116619][ T7860] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 195.124586][ T7860] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000006 [ 195.132555][ T7860] RBP: 000000000073c0e0 R08: 0000000000000000 R09: 0000000000000000 [ 195.140526][ T7860] R10: 00008000fffffffe R11: 0000000000000246 R12: 00007fce175e96d4 [ 195.148491][ T7860] R13: 00000000004c5227 R14: 00000000004d9368 R15: 00000000ffffffff [ 195.167841][ T7860] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/7860 [ 195.177521][ T7860] caller is ip6_finish_output+0x335/0xdc0 [ 195.183314][ T7860] CPU: 0 PID: 7860 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 195.192344][ T7860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 195.202406][ T7860] Call Trace: [ 195.205689][ T7860] dump_stack+0x172/0x1f0 [ 195.210006][ T7860] __this_cpu_preempt_check+0x246/0x270 [ 195.215541][ T7860] ip6_finish_output+0x335/0xdc0 [ 195.220473][ T7860] ip6_output+0x235/0x7f0 [ 195.225065][ T7860] ? ip6_finish_output+0xdc0/0xdc0 [ 195.230161][ T7860] ? ip6_fragment+0x3980/0x3980 [ 195.235013][ T7860] ip6_xmit+0xe41/0x20c0 [ 195.239248][ T7860] ? ip6_finish_output2+0x2550/0x2550 [ 195.244610][ T7860] ? mark_held_locks+0xf0/0xf0 [ 195.249365][ T7860] ? ip6_setup_cork+0x1870/0x1870 [ 195.254395][ T7860] inet6_csk_xmit+0x2fb/0x5d0 [ 195.259056][ T7860] ? inet6_csk_update_pmtu+0x190/0x190 [ 195.264497][ T7860] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 195.270732][ T7860] ? csum_ipv6_magic+0x20/0x80 [ 195.275484][ T7860] __tcp_transmit_skb+0x1a32/0x3750 [ 195.280896][ T7860] ? __tcp_select_window+0x8b0/0x8b0 [ 195.286182][ T7860] ? lockdep_hardirqs_on+0x418/0x5d0 [ 195.291454][ T7860] ? trace_hardirqs_on+0x67/0x230 [ 195.296469][ T7860] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 195.302172][ T7860] tcp_write_xmit+0xe39/0x5660 [ 195.306915][ T7860] ? tcp_established_options+0x29d/0x4d0 [ 195.312555][ T7860] __tcp_push_pending_frames+0xb4/0x350 [ 195.318097][ T7860] tcp_rcv_established+0x989/0x1fb0 [ 195.323283][ T7860] ? tcp_data_queue+0x4840/0x4840 [ 195.328289][ T7860] ? __local_bh_enable_ip+0x100/0x270 [ 195.333641][ T7860] ? _raw_spin_unlock_bh+0x31/0x40 [ 195.338731][ T7860] ? __local_bh_enable_ip+0x15a/0x270 [ 195.344082][ T7860] ? lockdep_hardirqs_on+0x418/0x5d0 [ 195.349351][ T7860] tcp_v6_do_rcv+0x421/0x12c0 [ 195.354025][ T7860] __release_sock+0x12e/0x3a0 [ 195.358685][ T7860] release_sock+0x59/0x1c0 [ 195.363147][ T7860] tcp_sendpage+0x4a/0x60 [ 195.367453][ T7860] ? tcp_sendpage_locked+0xd0/0xd0 [ 195.372544][ T7860] inet_sendpage+0x16b/0x630 [ 195.377117][ T7860] kernel_sendpage+0x95/0xf0 [ 195.381684][ T7860] ? inet_sendmsg+0x5e0/0x5e0 [ 195.386341][ T7860] sock_sendpage+0x8b/0xc0 [ 195.390768][ T7860] pipe_to_sendpage+0x299/0x370 [ 195.395613][ T7860] ? kernel_sendpage+0xf0/0xf0 [ 195.400367][ T7860] ? direct_splice_actor+0x1a0/0x1a0 [ 195.405638][ T7860] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 195.411863][ T7860] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 195.417932][ T7860] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 195.424163][ T7860] __splice_from_pipe+0x395/0x7d0 [ 195.429179][ T7860] ? direct_splice_actor+0x1a0/0x1a0 [ 195.434545][ T7860] ? direct_splice_actor+0x1a0/0x1a0 [ 195.439909][ T7860] splice_from_pipe+0x108/0x170 [ 195.444758][ T7860] ? splice_shrink_spd+0xd0/0xd0 [ 195.449686][ T7860] generic_splice_sendpage+0x3c/0x50 [ 195.454956][ T7860] ? splice_from_pipe+0x170/0x170 [ 195.459967][ T7860] direct_splice_actor+0x126/0x1a0 [ 195.465065][ T7860] splice_direct_to_actor+0x369/0x970 [ 195.470451][ T7860] ? generic_pipe_buf_nosteal+0x10/0x10 [ 195.476002][ T7860] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 195.482225][ T7860] ? do_splice_to+0x190/0x190 [ 195.486887][ T7860] ? rw_verify_area+0x118/0x360 [ 195.491718][ T7860] do_splice_direct+0x1da/0x2a0 [ 195.496554][ T7860] ? splice_direct_to_actor+0x970/0x970 [ 195.502087][ T7860] ? rw_verify_area+0x118/0x360 [ 195.506920][ T7860] do_sendfile+0x597/0xd00 [ 195.511326][ T7860] ? do_compat_pwritev64+0x1c0/0x1c0 [ 195.516604][ T7860] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 195.522825][ T7860] ? put_timespec64+0xda/0x140 [ 195.527575][ T7860] __x64_sys_sendfile64+0x1dd/0x220 [ 195.532772][ T7860] ? __ia32_sys_sendfile+0x230/0x230 [ 195.538039][ T7860] ? do_syscall_64+0x26/0x610 [ 195.542698][ T7860] ? lockdep_hardirqs_on+0x418/0x5d0 [ 195.547963][ T7860] ? trace_hardirqs_on+0x67/0x230 [ 195.552971][ T7860] do_syscall_64+0x103/0x610 [ 195.557548][ T7860] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 195.563444][ T7860] RIP: 0033:0x4582b9 [ 195.567319][ T7860] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 195.587016][ T7860] RSP: 002b:00007fce175e8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 195.595421][ T7860] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 195.603388][ T7860] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000006 [ 195.611380][ T7860] RBP: 000000000073c0e0 R08: 0000000000000000 R09: 0000000000000000 [ 195.619339][ T7860] R10: 00008000fffffffe R11: 0000000000000246 R12: 00007fce175e96d4 [ 195.627305][ T7860] R13: 00000000004c5227 R14: 00000000004d9368 R15: 00000000ffffffff [ 195.638475][ T7860] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/7860 [ 195.649833][ T7860] caller is ip6_finish_output+0x335/0xdc0 [ 195.655700][ T7860] CPU: 1 PID: 7860 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 195.664726][ T7860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 195.674771][ T7860] Call Trace: [ 195.678069][ T7860] dump_stack+0x172/0x1f0 [ 195.682432][ T7860] __this_cpu_preempt_check+0x246/0x270 [ 195.688008][ T7860] ip6_finish_output+0x335/0xdc0 [ 195.692977][ T7860] ip6_output+0x235/0x7f0 [ 195.697322][ T7860] ? ip6_finish_output+0xdc0/0xdc0 [ 195.702440][ T7860] ? ip6_fragment+0x3980/0x3980 [ 195.707299][ T7860] ip6_xmit+0xe41/0x20c0 [ 195.711558][ T7860] ? ip6_finish_output2+0x2550/0x2550 [ 195.716958][ T7860] ? mark_held_locks+0xf0/0xf0 [ 195.721748][ T7860] ? ip6_setup_cork+0x1870/0x1870 [ 195.726790][ T7860] inet6_csk_xmit+0x2fb/0x5d0 [ 195.731472][ T7860] ? inet6_csk_update_pmtu+0x190/0x190 [ 195.736968][ T7860] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 195.743211][ T7860] ? csum_ipv6_magic+0x20/0x80 [ 195.747997][ T7860] __tcp_transmit_skb+0x1a32/0x3750 [ 195.753213][ T7860] ? __tcp_select_window+0x8b0/0x8b0 [ 195.758510][ T7860] ? lockdep_hardirqs_on+0x418/0x5d0 [ 195.763804][ T7860] ? trace_hardirqs_on+0x67/0x230 [ 195.769468][ T7860] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 195.775194][ T7860] tcp_write_xmit+0xe39/0x5660 [ 195.780044][ T7860] ? kasan_check_write+0x14/0x20 [ 195.784988][ T7860] tcp_push_one+0xd7/0x110 [ 195.789404][ T7860] do_tcp_sendpages+0x115b/0x1b80 [ 195.794431][ T7860] ? sk_stream_alloc_skb+0xd10/0xd10 [ 195.799706][ T7860] ? __local_bh_enable_ip+0x15a/0x270 [ 195.805095][ T7860] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 195.810818][ T7860] tcp_sendpage_locked+0x84/0xd0 [ 195.815781][ T7860] tcp_sendpage+0x3f/0x60 [ 195.820100][ T7860] ? tcp_sendpage_locked+0xd0/0xd0 [ 195.825196][ T7860] inet_sendpage+0x16b/0x630 [ 195.829792][ T7860] kernel_sendpage+0x95/0xf0 [ 195.834374][ T7860] ? inet_sendmsg+0x5e0/0x5e0 [ 195.839040][ T7860] sock_sendpage+0x8b/0xc0 [ 195.843457][ T7860] pipe_to_sendpage+0x299/0x370 [ 195.848345][ T7860] ? kernel_sendpage+0xf0/0xf0 [ 195.853120][ T7860] ? direct_splice_actor+0x1a0/0x1a0 [ 195.858406][ T7860] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 195.865826][ T7860] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 195.871894][ T7860] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 195.878141][ T7860] __splice_from_pipe+0x395/0x7d0 [ 195.883169][ T7860] ? direct_splice_actor+0x1a0/0x1a0 [ 195.888458][ T7860] ? direct_splice_actor+0x1a0/0x1a0 [ 195.893743][ T7860] splice_from_pipe+0x108/0x170 [ 195.898591][ T7860] ? splice_shrink_spd+0xd0/0xd0 [ 195.903543][ T7860] generic_splice_sendpage+0x3c/0x50 [ 195.908824][ T7860] ? splice_from_pipe+0x170/0x170 [ 195.913834][ T7860] direct_splice_actor+0x126/0x1a0 [ 195.918949][ T7860] splice_direct_to_actor+0x369/0x970 [ 195.924307][ T7860] ? generic_pipe_buf_nosteal+0x10/0x10 [ 195.929839][ T7860] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 195.936064][ T7860] ? do_splice_to+0x190/0x190 [ 195.940742][ T7860] ? rw_verify_area+0x118/0x360 [ 195.945599][ T7860] do_splice_direct+0x1da/0x2a0 [ 195.950538][ T7860] ? splice_direct_to_actor+0x970/0x970 [ 195.956083][ T7860] ? rw_verify_area+0x118/0x360 [ 195.960920][ T7860] do_sendfile+0x597/0xd00 [ 195.965333][ T7860] ? do_compat_pwritev64+0x1c0/0x1c0 [ 195.971429][ T7860] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 195.977673][ T7860] ? put_timespec64+0xda/0x140 [ 195.982449][ T7860] __x64_sys_sendfile64+0x1dd/0x220 [ 195.987658][ T7860] ? __ia32_sys_sendfile+0x230/0x230 [ 195.992952][ T7860] ? do_syscall_64+0x26/0x610 [ 195.997651][ T7860] ? lockdep_hardirqs_on+0x418/0x5d0 [ 196.002952][ T7860] ? trace_hardirqs_on+0x67/0x230 [ 196.007977][ T7860] do_syscall_64+0x103/0x610 [ 196.012582][ T7860] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.018472][ T7860] RIP: 0033:0x4582b9 [ 196.022371][ T7860] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 196.041985][ T7860] RSP: 002b:00007fce175e8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 196.050402][ T7860] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 196.058370][ T7860] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000006 01:53:14 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_procfs(0x0, 0x0) setsockopt$IP_VS_SO_SET_EDIT(0xffffffffffffffff, 0x0, 0x483, 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) accept(0xffffffffffffffff, 0x0, &(0x7f0000000080)) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) fcntl$setstatus(r2, 0x4, 0x2800) ioctl$sock_inet_udp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="8b", 0x1) recvmmsg(r2, &(0x7f0000006100)=[{{&(0x7f0000000100)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, 0x80, &(0x7f0000000300), 0x0, &(0x7f0000000340)=""/120, 0x6f}}], 0x400000000000653, 0x0, 0x0) finit_module(0xffffffffffffffff, 0x0, 0x0) socket$vsock_dgram(0x28, 0x2, 0x0) 01:53:14 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$alg(0x26, 0x5, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) close(r1) pipe(&(0x7f00000006c0)) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r4, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) 01:53:14 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) umount2(&(0x7f0000000000)='./file0\x00', 0x0) 01:53:14 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) 01:53:14 executing program 2: prlimit64(0x0, 0x0, 0x0, &(0x7f00000000c0)) 01:53:14 executing program 3: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000000), 0x1c) sendmmsg(r0, &(0x7f0000000240)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000003c0)="83b1f261a8f98bcb7cabe6fa7f95259642fb113e76f808eea52c30cbb2ef7838a73070dea16adb90", 0x28}], 0x1}}], 0x1, 0x0) [ 196.066346][ T7860] RBP: 000000000073c0e0 R08: 0000000000000000 R09: 0000000000000000 [ 196.074313][ T7860] R10: 00008000fffffffe R11: 0000000000000246 R12: 00007fce175e96d4 [ 196.082279][ T7860] R13: 00000000004c5227 R14: 00000000004d9368 R15: 00000000ffffffff 01:53:14 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x5) ioctl$TCFLSH(r0, 0x5437, 0x0) 01:53:14 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$admmidi(&(0x7f0000000040)='/dev/admmidi#\x00', 0x5, 0x20000) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) vmsplice(r1, &(0x7f0000001500)=[{&(0x7f00000013c0), 0xfffffd90}], 0x1, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x23}}, 0x10) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10009, 0x0) [ 196.163919][ T7906] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 01:53:14 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) getgroups(0x2, &(0x7f0000000080)=[0xee00, 0xffffffffffffffff]) syz_mount_image$hfsplus(&(0x7f0000000100)='hfsplus\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=r1]) 01:53:14 executing program 4: r0 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000240)={0x2004}) [ 196.346642][ T7917] mkiss: ax0: crc mode is auto. [ 196.466006][ T7931] hfsplus: gid requires an argument 01:53:14 executing program 1: r0 = creat(&(0x7f00000000c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptmx\x00', 0x0, 0x0) read(r1, &(0x7f0000000300)=""/11, 0xb) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x200000000000013, &(0x7f0000000040)=0x1, 0x4) connect$inet6(r2, &(0x7f0000000100), 0x1c) r3 = dup2(r2, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x1321cf) clone(0x3ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000180)=[@window={0x3, 0x0, 0x7f}, @sack_perm], 0x20000000000000d0) dup2(r1, r0) ioctl$KDDISABIO(r0, 0x4b37) [ 196.505100][ T7931] hfsplus: unable to parse mount options [ 196.634150][ T7917] mkiss: ax0: crc mode is auto. 01:53:15 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getrandom(&(0x7f00000003c0)=""/151, 0xfc44, 0x0) 01:53:15 executing program 3: r0 = socket$vsock_stream(0x28, 0x1, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x0, @host}, 0x10) bind$vsock_stream(r0, &(0x7f0000000180)={0x28, 0x0, 0x2711}, 0x10) 01:53:15 executing program 0: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) vmsplice(r1, &(0x7f0000001500)=[{&(0x7f00000013c0), 0xfffffd90}], 0x1, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x23}}, 0x10) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10009, 0x0) 01:53:15 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$admmidi(&(0x7f0000000040)='/dev/admmidi#\x00', 0x5, 0x20000) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) vmsplice(r1, &(0x7f0000001500)=[{&(0x7f00000013c0), 0xfffffd90}], 0x1, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x23}}, 0x10) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10009, 0x0) 01:53:15 executing program 4: syz_open_dev$radio(0x0, 0x1, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$apparmor_exec(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="737461636b203a20000000d372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad258a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec736202c183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84555f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0x1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$pppoe(0x18, 0x1, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000003ac0)=[{0x0, 0x0, &(0x7f0000003a80)=[{&(0x7f00000039c0)}], 0x1, 0x0, 0x0, 0x80}], 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) 01:53:15 executing program 2: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="c7da5f1a", 0x4) fcntl$setstatus(r1, 0x4, 0x2001) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='pagemap\x00') sendfile(r1, r2, 0x0, 0x10000000000443) 01:53:15 executing program 5: perf_event_open(&(0x7f00000000c0)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30840, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 01:53:15 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f3188b070") r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_udp_int(r1, 0x11, 0x65, &(0x7f0000000040)=0x8, 0x4) sendmmsg(r1, &(0x7f00000092c0), 0x366274b31432c90, 0x0) [ 197.435813][ T7984] check_preemption_disabled: 60 callbacks suppressed [ 197.435828][ T7984] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7984 [ 197.452160][ T7984] caller is ip6_finish_output+0x335/0xdc0 [ 197.457908][ T7984] CPU: 1 PID: 7984 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 197.466941][ T7984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 197.466949][ T7984] Call Trace: [ 197.466979][ T7984] dump_stack+0x172/0x1f0 [ 197.467011][ T7984] __this_cpu_preempt_check+0x246/0x270 [ 197.467043][ T7984] ip6_finish_output+0x335/0xdc0 [ 197.495184][ T7984] ip6_output+0x235/0x7f0 [ 197.499537][ T7984] ? ip6_finish_output+0xdc0/0xdc0 [ 197.504691][ T7984] ? ip6_fragment+0x3980/0x3980 [ 197.509561][ T7984] ? ip_reply_glue_bits+0xc0/0xc0 [ 197.509586][ T7984] ip6_local_out+0xc4/0x1b0 [ 197.509607][ T7984] ip6_send_skb+0xbb/0x350 [ 197.509630][ T7984] udp_v6_send_skb.isra.0+0x10c0/0x14f0 [ 197.529103][ T7984] udpv6_sendmsg+0x21e3/0x28d0 01:53:15 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup\x00', 0x200002, 0x0) fchdir(r0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x200, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, 0x0) creat(&(0x7f0000000240)='./bus\x00', 0x0) prctl$PR_CAPBSET_READ(0x17, 0x8) r2 = creat(&(0x7f0000000400)='./file0\x00', 0x0) write$P9_RREMOVE(r2, &(0x7f0000000280)={0x7}, 0xff7f) [ 197.533887][ T7984] ? ip_reply_glue_bits+0xc0/0xc0 [ 197.538983][ T7984] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 197.544993][ T7984] ? aa_profile_af_perm+0x320/0x320 [ 197.550211][ T7984] ? __might_fault+0x12b/0x1e0 [ 197.554993][ T7984] ? find_held_lock+0x35/0x130 [ 197.559777][ T7984] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 197.566033][ T7984] ? rw_copy_check_uvector+0x2a6/0x330 [ 197.571537][ T7984] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 197.577107][ T7984] inet_sendmsg+0x147/0x5e0 [ 197.581636][ T7984] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 197.587630][ T7984] ? inet_sendmsg+0x147/0x5e0 [ 197.592327][ T7984] ? ipip_gro_receive+0x100/0x100 [ 197.597396][ T7984] sock_sendmsg+0xdd/0x130 [ 197.601835][ T7984] ___sys_sendmsg+0x3e2/0x930 [ 197.606535][ T7984] ? copy_msghdr_from_user+0x430/0x430 [ 197.612017][ T7984] ? lock_downgrade+0x880/0x880 [ 197.616892][ T7984] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 197.623163][ T7984] ? kasan_check_read+0x11/0x20 [ 197.628042][ T7984] ? __fget+0x381/0x550 [ 197.632236][ T7984] ? ksys_dup3+0x3e0/0x3e0 [ 197.636684][ T7984] ? __fget_light+0x1a9/0x230 [ 197.641395][ T7984] ? __fdget+0x1b/0x20 [ 197.645513][ T7984] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 197.651774][ T7984] ? sockfd_lookup_light+0xcb/0x180 [ 197.656998][ T7984] __sys_sendmmsg+0x1bf/0x4d0 [ 197.661708][ T7984] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 197.666817][ T7984] ? _copy_to_user+0xc9/0x120 [ 197.671523][ T7984] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 197.677777][ T7984] ? put_timespec64+0xda/0x140 [ 197.682558][ T7984] ? nsecs_to_jiffies+0x30/0x30 [ 197.687435][ T7984] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 197.692916][ T7984] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 197.698407][ T7984] ? do_syscall_64+0x26/0x610 [ 197.703102][ T7984] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.709189][ T7984] ? do_syscall_64+0x26/0x610 [ 197.713876][ T7984] __x64_sys_sendmmsg+0x9d/0x100 [ 197.718830][ T7984] do_syscall_64+0x103/0x610 [ 197.723441][ T7984] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.729339][ T7984] RIP: 0033:0x4582b9 [ 197.733284][ T7984] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 197.753154][ T7984] RSP: 002b:00007f5bb5d87c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 197.761578][ T7984] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 197.769567][ T7984] RDX: 0366274b31432c90 RSI: 00000000200092c0 RDI: 0000000000000004 [ 197.777556][ T7984] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 197.785541][ T7984] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5bb5d886d4 [ 197.785559][ T7984] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 197.891953][ T7984] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7984 [ 197.901625][ T7984] caller is ip6_finish_output+0x335/0xdc0 [ 197.907390][ T7984] CPU: 0 PID: 7984 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 197.916602][ T7984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 197.926773][ T7984] Call Trace: [ 197.930078][ T7984] dump_stack+0x172/0x1f0 [ 197.934437][ T7984] __this_cpu_preempt_check+0x246/0x270 01:53:15 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) vmsplice(r1, &(0x7f0000001500)=[{&(0x7f00000013c0), 0xfffffd90}], 0x1, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x23}}, 0x10) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10009, 0x0) 01:53:15 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000ac0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes-aesni)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)='\x00'/16, 0x10) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000300)=ANY=[], 0xffffffaa) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) recvmmsg(r1, &(0x7f0000004ec0)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=""/84, 0x54}, {&(0x7f0000000200)=""/98, 0x62}, {&(0x7f0000000340)=""/249, 0xf9}], 0x3}}], 0x1, 0x0, 0x0) [ 197.939998][ T7984] ip6_finish_output+0x335/0xdc0 [ 197.944956][ T7984] ip6_output+0x235/0x7f0 [ 197.950092][ T7984] ? ip6_finish_output+0xdc0/0xdc0 [ 197.955229][ T7984] ? ip6_fragment+0x3980/0x3980 [ 197.960176][ T7984] ? ip_reply_glue_bits+0xc0/0xc0 [ 197.965210][ T7984] ip6_local_out+0xc4/0x1b0 [ 197.965232][ T7984] ip6_send_skb+0xbb/0x350 [ 197.965252][ T7984] udp_v6_send_skb.isra.0+0x10c0/0x14f0 [ 197.965275][ T7984] udpv6_sendmsg+0x21e3/0x28d0 [ 197.985192][ T7984] ? ip_reply_glue_bits+0xc0/0xc0 01:53:15 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2400000032001901000000d38d9b0c0001000800100004000b00"/36], 0x1}}, 0x0) 01:53:15 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x5) ioctl$TCFLSH(r0, 0x5412, 0x70a000) [ 197.990250][ T7984] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 197.996254][ T7984] ? aa_profile_af_perm+0x320/0x320 [ 198.001470][ T7984] ? __might_fault+0x12b/0x1e0 [ 198.006250][ T7984] ? find_held_lock+0x35/0x130 [ 198.011033][ T7984] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 198.017292][ T7984] ? rw_copy_check_uvector+0x2a6/0x330 [ 198.022793][ T7984] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 198.028370][ T7984] inet_sendmsg+0x147/0x5e0 [ 198.032894][ T7984] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 01:53:15 executing program 4: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) r2 = timerfd_create(0x0, 0x0) timerfd_settime(r2, 0x0, &(0x7f00000001c0)={{}, {0x0, 0x1c9c380}}, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x0, 0x6, 0x0, 0x0, 0x0, 0x9917, 0xffff}, 0x0) epoll_pwait(r1, &(0x7f0000000080)=[{}], 0x1, 0x2101, 0x0, 0x0) epoll_pwait(r1, &(0x7f00000000c0)=[{}], 0x1, 0x7ff, 0x0, 0x0) dup3(r1, r0, 0x0) r3 = dup3(r2, r1, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r3, &(0x7f0000000040)={0x2001}) [ 198.038877][ T7984] ? inet_sendmsg+0x147/0x5e0 [ 198.043561][ T7984] ? ipip_gro_receive+0x100/0x100 [ 198.048596][ T7984] sock_sendmsg+0xdd/0x130 [ 198.053029][ T7984] ___sys_sendmsg+0x3e2/0x930 [ 198.057723][ T7984] ? copy_msghdr_from_user+0x430/0x430 [ 198.063200][ T7984] ? __lock_acquire+0x548/0x3fb0 [ 198.068158][ T7984] ? lock_downgrade+0x880/0x880 [ 198.073026][ T7984] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 198.079291][ T7984] ? kasan_check_read+0x11/0x20 [ 198.084158][ T7984] ? __might_fault+0x12b/0x1e0 [ 198.088936][ T7984] ? find_held_lock+0x35/0x130 [ 198.093721][ T7984] ? __might_fault+0x12b/0x1e0 [ 198.098507][ T7984] ? lock_downgrade+0x880/0x880 [ 198.103400][ T7984] ? ___might_sleep+0x163/0x280 [ 198.108279][ T7984] __sys_sendmmsg+0x1bf/0x4d0 [ 198.112975][ T7984] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 198.118027][ T7984] ? _copy_to_user+0xc9/0x120 [ 198.122722][ T7984] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 198.128981][ T7984] ? put_timespec64+0xda/0x140 [ 198.133763][ T7984] ? nsecs_to_jiffies+0x30/0x30 01:53:16 executing program 5: r0 = accept$inet6(0xffffffffffffffff, &(0x7f0000000280), &(0x7f00000002c0)=0x1c) setsockopt$inet6_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f0000000c80)={0x3}, 0x4) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000440)={0x0, 0x0, 0x101}, 0x0) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, 0x0, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000100)={0x0, @in6={{0xa, 0x4e21, 0x3, @mcast1, 0xf1c}}, [0x0, 0x8, 0x0, 0x4, 0x0, 0x7, 0x0, 0x8, 0x0, 0x7, 0x2, 0x4, 0x0, 0x0, 0x4]}, 0x0) lstat(&(0x7f0000000300)='./file0/file0\x00', &(0x7f0000000340)) r3 = socket$vsock_stream(0x28, 0x1, 0x0) r4 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r4, &(0x7f0000000000), 0xa) r5 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r5, &(0x7f0000000040)={0x28, 0x0, 0x2616, @host}, 0x10) bind$vsock_stream(r3, &(0x7f0000000180)={0x28, 0x0, 0x2711}, 0x10) timer_create(0x4, &(0x7f0000000580)={0x0, 0x18, 0x4, @tid=0xffffffffffffffff}, &(0x7f0000000600)=0x0) timer_settime(r6, 0x1, &(0x7f0000000640), &(0x7f0000000680)) listen(r1, 0x0) setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f00000005c0)={r2, 0x4, 0x7fffffff, 0xf7a}, 0x10) [ 198.138646][ T7984] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 198.144125][ T7984] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 198.149599][ T7984] ? do_syscall_64+0x26/0x610 [ 198.154286][ T7984] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 198.160369][ T7984] ? do_syscall_64+0x26/0x610 [ 198.165059][ T7984] __x64_sys_sendmmsg+0x9d/0x100 [ 198.170007][ T7984] do_syscall_64+0x103/0x610 [ 198.174620][ T7984] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 198.180523][ T7984] RIP: 0033:0x4582b9 [ 198.184420][ T7984] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 198.204041][ T7984] RSP: 002b:00007f5bb5d87c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 198.204057][ T7984] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 198.204064][ T7984] RDX: 0366274b31432c90 RSI: 00000000200092c0 RDI: 0000000000000004 [ 198.204071][ T7984] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 01:53:16 executing program 2: dup(0xffffffffffffffff) openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) pread64(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) fchmodat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0) r1 = openat$cgroup_procs(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendfile(r0, r1, 0x0, 0x0) [ 198.204078][ T7984] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5bb5d886d4 [ 198.204086][ T7984] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 198.204791][ T8014] sched: DL replenish lagged too much 01:53:16 executing program 4: r0 = accept$inet6(0xffffffffffffffff, &(0x7f0000000280), &(0x7f00000002c0)=0x1c) setsockopt$inet6_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f0000000c80)={0x3}, 0x4) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000440)={0x0, 0x7, 0x101}, &(0x7f0000000480)=0x8) ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, 0xfffffffffffffffe) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f00000004c0)={0x0, @in6={{0xa, 0x4e20, 0xbb9, @loopback, 0x891a}}}, 0x0) socket$inet6(0xa, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000100)={0x0, @in6={{0xa, 0x4e21, 0x3, @mcast1, 0xf1c}}, [0x0, 0x8, 0x0, 0x4, 0x0, 0x7, 0x0, 0x8, 0x0, 0x7, 0x2, 0x4, 0x0, 0x0, 0x4]}, 0x0) lstat(&(0x7f0000000300)='./file0/file0\x00', &(0x7f0000000340)) r1 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x2616, @host}, 0x10) bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0x2711}, 0x10) [ 198.292051][ T8022] mkiss: ax0: crc mode is auto. 01:53:16 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext={0x2000000000000000}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x4, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$admmidi(&(0x7f0000000040)='/dev/admmidi#\x00', 0x0, 0x20000) ioctl$GIO_SCRNMAP(r0, 0x4b40, 0x0) r1 = semget$private(0x0, 0x4, 0xffffffffffffffff) openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0) semctl$SEM_STAT(r1, 0x0, 0x12, 0x0) ioctl$VT_WAITACTIVE(r0, 0x5607) semctl$IPC_RMID(0x0, 0x0, 0x0) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(0xffffffffffffffff, 0x12, 0x2, 0x0, &(0x7f00000001c0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) vmsplice(r3, &(0x7f0000001500)=[{&(0x7f00000013c0), 0xfffffd90}], 0x1, 0x0) bind$inet(r4, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x23}}, 0x10) connect$inet(r4, &(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10) splice(r2, 0x0, r4, 0x0, 0x10009, 0x0) [ 198.461666][ T7984] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7984 [ 198.471232][ T7984] caller is ip6_finish_output+0x335/0xdc0 [ 198.476967][ T7984] CPU: 1 PID: 7984 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 198.476976][ T7984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 198.476983][ T7984] Call Trace: [ 198.477005][ T7984] dump_stack+0x172/0x1f0 [ 198.477030][ T7984] __this_cpu_preempt_check+0x246/0x270 [ 198.499395][ T7984] ip6_finish_output+0x335/0xdc0 [ 198.499419][ T7984] ip6_output+0x235/0x7f0 [ 198.499447][ T7984] ? ip6_finish_output+0xdc0/0xdc0 [ 198.523672][ T7984] ? ip6_fragment+0x3980/0x3980 [ 198.528574][ T7984] ? ip_reply_glue_bits+0xc0/0xc0 [ 198.533623][ T7984] ip6_local_out+0xc4/0x1b0 [ 198.538150][ T7984] ip6_send_skb+0xbb/0x350 [ 198.542583][ T7984] udp_v6_send_skb.isra.0+0x10c0/0x14f0 [ 198.548148][ T7984] udpv6_sendmsg+0x21e3/0x28d0 [ 198.552923][ T7984] ? ip_reply_glue_bits+0xc0/0xc0 [ 198.557977][ T7984] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 198.563984][ T7984] ? aa_profile_af_perm+0x320/0x320 [ 198.569200][ T7984] ? __might_fault+0x12b/0x1e0 [ 198.573985][ T7984] ? find_held_lock+0x35/0x130 [ 198.578763][ T7984] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 198.585014][ T7984] ? rw_copy_check_uvector+0x2a6/0x330 [ 198.590517][ T7984] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 198.596081][ T7984] inet_sendmsg+0x147/0x5e0 [ 198.600621][ T7984] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 198.606707][ T7984] ? inet_sendmsg+0x147/0x5e0 [ 198.611402][ T7984] ? ipip_gro_receive+0x100/0x100 [ 198.616439][ T7984] sock_sendmsg+0xdd/0x130 [ 198.620869][ T7984] ___sys_sendmsg+0x3e2/0x930 [ 198.625572][ T7984] ? copy_msghdr_from_user+0x430/0x430 [ 198.631048][ T7984] ? __lock_acquire+0x548/0x3fb0 [ 198.636085][ T7984] ? lock_downgrade+0x880/0x880 [ 198.640953][ T7984] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 198.647210][ T7984] ? kasan_check_read+0x11/0x20 [ 198.652077][ T7984] ? __might_fault+0x12b/0x1e0 [ 198.656859][ T7984] ? find_held_lock+0x35/0x130 [ 198.661631][ T7984] ? __might_fault+0x12b/0x1e0 [ 198.666417][ T7984] ? lock_downgrade+0x880/0x880 [ 198.671285][ T7984] ? ___might_sleep+0x163/0x280 [ 198.676171][ T7984] __sys_sendmmsg+0x1bf/0x4d0 [ 198.680866][ T7984] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 198.685912][ T7984] ? _copy_to_user+0xc9/0x120 [ 198.690625][ T7984] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 198.696872][ T7984] ? put_timespec64+0xda/0x140 [ 198.701649][ T7984] ? nsecs_to_jiffies+0x30/0x30 [ 198.706522][ T7984] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 198.711999][ T7984] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 198.717473][ T7984] ? do_syscall_64+0x26/0x610 [ 198.722161][ T7984] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 198.728242][ T7984] ? do_syscall_64+0x26/0x610 [ 198.732945][ T7984] __x64_sys_sendmmsg+0x9d/0x100 [ 198.737902][ T7984] do_syscall_64+0x103/0x610 [ 198.742517][ T7984] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 198.748497][ T7984] RIP: 0033:0x4582b9 [ 198.752398][ T7984] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 198.772006][ T7984] RSP: 002b:00007f5bb5d87c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 198.780422][ T7984] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 198.788408][ T7984] RDX: 0366274b31432c90 RSI: 00000000200092c0 RDI: 0000000000000004 [ 198.796392][ T7984] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 198.804377][ T7984] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5bb5d886d4 01:53:16 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3) write$binfmt_elf64(r0, &(0x7f0000001380)=ANY=[@ANYBLOB="7f454c4600000000000000000000000000003e00000000000000000000000000400000000000000000000000000000000000000000003800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000034e40d010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002f839a95000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f95c9d0ec9fb42d92d471cbe500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000068cf59650ca795caea7d00"/1133], 0x46d) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) sendto$inet(r0, &(0x7f0000000f40)="03f4a2c970de1d9c3776a9481255ced5dbc57fe63cd931916a02bae17f7850aea473b1c2395dcc0f572febcadeb7fa0f2ee9dc78ccc69169ccfc0bf46dbaba25f3f5a75b77654c0cb9989ea026da080991348232bc2541328a29ec7e06942980144d2ae1b8811ef7af232c4bcb7d89d1aafda6e27d68ed8047debe4f6acdb39851142538045af7a37276d45101a908acd7e6586aaa477a1ed765207d078f68d3f09646ebb175b64f", 0xa8, 0x0, 0x0, 0x0) [ 198.812349][ T7984] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 198.940833][ T7984] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7984 [ 198.950456][ T7984] caller is ip6_finish_output+0x335/0xdc0 [ 198.956263][ T7984] CPU: 1 PID: 7984 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 198.965296][ T7984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 198.965303][ T7984] Call Trace: [ 198.965329][ T7984] dump_stack+0x172/0x1f0 [ 198.965354][ T7984] __this_cpu_preempt_check+0x246/0x270 [ 198.965389][ T7984] ip6_finish_output+0x335/0xdc0 [ 198.965420][ T7984] ip6_output+0x235/0x7f0 [ 198.965437][ T7984] ? ip6_finish_output+0xdc0/0xdc0 [ 198.965453][ T7984] ? ip6_fragment+0x3980/0x3980 [ 198.965467][ T7984] ? ip_reply_glue_bits+0xc0/0xc0 [ 198.965483][ T7984] ip6_local_out+0xc4/0x1b0 [ 198.965500][ T7984] ip6_send_skb+0xbb/0x350 [ 199.003211][ T7984] udp_v6_send_skb.isra.0+0x10c0/0x14f0 [ 199.021979][ T7984] udpv6_sendmsg+0x21e3/0x28d0 [ 199.021999][ T7984] ? ip_reply_glue_bits+0xc0/0xc0 [ 199.022021][ T7984] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 199.022045][ T7984] ? aa_profile_af_perm+0x320/0x320 [ 199.022061][ T7984] ? __might_fault+0x12b/0x1e0 [ 199.022076][ T7984] ? find_held_lock+0x35/0x130 [ 199.022092][ T7984] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.022108][ T7984] ? rw_copy_check_uvector+0x2a6/0x330 [ 199.022150][ T7984] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 199.037458][ T7984] inet_sendmsg+0x147/0x5e0 [ 199.058130][ T7984] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 199.058145][ T7984] ? inet_sendmsg+0x147/0x5e0 [ 199.058160][ T7984] ? ipip_gro_receive+0x100/0x100 [ 199.058183][ T7984] sock_sendmsg+0xdd/0x130 [ 199.079936][ T7984] ___sys_sendmsg+0x3e2/0x930 [ 199.079968][ T7984] ? copy_msghdr_from_user+0x430/0x430 [ 199.100037][ T7984] ? __lock_acquire+0x548/0x3fb0 [ 199.115079][ T7984] ? lock_downgrade+0x880/0x880 [ 199.119944][ T7984] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.119970][ T7984] ? kasan_check_read+0x11/0x20 [ 199.119991][ T7984] ? __might_fault+0x12b/0x1e0 [ 199.135828][ T7984] ? find_held_lock+0x35/0x130 [ 199.140607][ T7984] ? __might_fault+0x12b/0x1e0 [ 199.145397][ T7984] ? lock_downgrade+0x880/0x880 [ 199.145424][ T7984] ? ___might_sleep+0x163/0x280 [ 199.145451][ T7984] __sys_sendmmsg+0x1bf/0x4d0 [ 199.159818][ T7984] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 199.164864][ T7984] ? _copy_to_user+0xc9/0x120 [ 199.164887][ T7984] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.164909][ T7984] ? put_timespec64+0xda/0x140 [ 199.175810][ T7984] ? nsecs_to_jiffies+0x30/0x30 [ 199.175837][ T7984] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.175852][ T7984] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.175866][ T7984] ? do_syscall_64+0x26/0x610 [ 199.175882][ T7984] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.175895][ T7984] ? do_syscall_64+0x26/0x610 [ 199.175913][ T7984] __x64_sys_sendmmsg+0x9d/0x100 [ 199.175938][ T7984] do_syscall_64+0x103/0x610 [ 199.175958][ T7984] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.175970][ T7984] RIP: 0033:0x4582b9 [ 199.175986][ T7984] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 199.176001][ T7984] RSP: 002b:00007f5bb5d87c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 199.196482][ T7984] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 199.196493][ T7984] RDX: 0366274b31432c90 RSI: 00000000200092c0 RDI: 0000000000000004 [ 199.196501][ T7984] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 199.196510][ T7984] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5bb5d886d4 [ 199.196520][ T7984] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 199.209441][ T7984] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7984 [ 199.221752][ T7984] caller is ip6_finish_output+0x335/0xdc0 [ 199.221771][ T7984] CPU: 1 PID: 7984 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 199.221780][ T7984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.221786][ T7984] Call Trace: [ 199.221807][ T7984] dump_stack+0x172/0x1f0 [ 199.221831][ T7984] __this_cpu_preempt_check+0x246/0x270 [ 199.221849][ T7984] ip6_finish_output+0x335/0xdc0 [ 199.221870][ T7984] ip6_output+0x235/0x7f0 [ 199.221890][ T7984] ? ip6_finish_output+0xdc0/0xdc0 [ 199.221910][ T7984] ? ip6_fragment+0x3980/0x3980 [ 199.221936][ T7984] ? ip_reply_glue_bits+0xc0/0xc0 [ 199.221959][ T7984] ip6_local_out+0xc4/0x1b0 [ 199.221979][ T7984] ip6_send_skb+0xbb/0x350 [ 199.222001][ T7984] udp_v6_send_skb.isra.0+0x10c0/0x14f0 [ 199.222026][ T7984] udpv6_sendmsg+0x21e3/0x28d0 [ 199.222043][ T7984] ? ip_reply_glue_bits+0xc0/0xc0 [ 199.222066][ T7984] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 199.222089][ T7984] ? aa_profile_af_perm+0x320/0x320 [ 199.222106][ T7984] ? __might_fault+0x12b/0x1e0 [ 199.222122][ T7984] ? find_held_lock+0x35/0x130 [ 199.222141][ T7984] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.222159][ T7984] ? rw_copy_check_uvector+0x2a6/0x330 [ 199.222207][ T7984] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 199.222226][ T7984] inet_sendmsg+0x147/0x5e0 [ 199.222241][ T7984] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 199.222253][ T7984] ? inet_sendmsg+0x147/0x5e0 [ 199.222268][ T7984] ? ipip_gro_receive+0x100/0x100 [ 199.222288][ T7984] sock_sendmsg+0xdd/0x130 [ 199.222306][ T7984] ___sys_sendmsg+0x3e2/0x930 [ 199.222326][ T7984] ? copy_msghdr_from_user+0x430/0x430 [ 199.222344][ T7984] ? __lock_acquire+0x548/0x3fb0 [ 199.222369][ T7984] ? lock_downgrade+0x880/0x880 [ 199.222384][ T7984] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.222405][ T7984] ? kasan_check_read+0x11/0x20 [ 199.222425][ T7984] ? __might_fault+0x12b/0x1e0 [ 199.222439][ T7984] ? find_held_lock+0x35/0x130 [ 199.222454][ T7984] ? __might_fault+0x12b/0x1e0 [ 199.222475][ T7984] ? lock_downgrade+0x880/0x880 [ 199.222499][ T7984] ? ___might_sleep+0x163/0x280 [ 199.222516][ T7984] __sys_sendmmsg+0x1bf/0x4d0 [ 199.222535][ T7984] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 199.222562][ T7984] ? _copy_to_user+0xc9/0x120 [ 199.222580][ T7984] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.222595][ T7984] ? put_timespec64+0xda/0x140 [ 199.222610][ T7984] ? nsecs_to_jiffies+0x30/0x30 [ 199.222638][ T7984] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.222653][ T7984] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.222669][ T7984] ? do_syscall_64+0x26/0x610 [ 199.222684][ T7984] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.222699][ T7984] ? do_syscall_64+0x26/0x610 [ 199.222717][ T7984] __x64_sys_sendmmsg+0x9d/0x100 [ 199.222736][ T7984] do_syscall_64+0x103/0x610 [ 199.222755][ T7984] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.222768][ T7984] RIP: 0033:0x4582b9 [ 199.222783][ T7984] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 199.222792][ T7984] RSP: 002b:00007f5bb5d87c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 199.222807][ T7984] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 199.222817][ T7984] RDX: 0366274b31432c90 RSI: 00000000200092c0 RDI: 0000000000000004 [ 199.222826][ T7984] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 199.222835][ T7984] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5bb5d886d4 [ 199.222845][ T7984] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 199.225262][ T7984] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7984 [ 199.232889][ T7984] caller is ip6_finish_output+0x335/0xdc0 [ 199.277065][ T7984] CPU: 1 PID: 7984 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 199.277074][ T7984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.277080][ T7984] Call Trace: [ 199.277106][ T7984] dump_stack+0x172/0x1f0 [ 199.277132][ T7984] __this_cpu_preempt_check+0x246/0x270 [ 199.277154][ T7984] ip6_finish_output+0x335/0xdc0 [ 199.277175][ T7984] ip6_output+0x235/0x7f0 [ 199.316095][ T7984] ? ip6_finish_output+0xdc0/0xdc0 [ 199.316118][ T7984] ? ip6_fragment+0x3980/0x3980 [ 199.316141][ T7984] ? ip_reply_glue_bits+0xc0/0xc0 [ 199.335222][ T7984] ip6_local_out+0xc4/0x1b0 [ 199.335245][ T7984] ip6_send_skb+0xbb/0x350 [ 199.335266][ T7984] udp_v6_send_skb.isra.0+0x10c0/0x14f0 [ 199.335289][ T7984] udpv6_sendmsg+0x21e3/0x28d0 [ 199.335306][ T7984] ? ip_reply_glue_bits+0xc0/0xc0 [ 199.335327][ T7984] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 199.335350][ T7984] ? aa_profile_af_perm+0x320/0x320 [ 199.335379][ T7984] ? __might_fault+0x12b/0x1e0 [ 199.335395][ T7984] ? find_held_lock+0x35/0x130 [ 199.335413][ T7984] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.335445][ T7984] ? rw_copy_check_uvector+0x2a6/0x330 [ 199.348620][ T7984] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 199.348642][ T7984] inet_sendmsg+0x147/0x5e0 [ 199.796484][ T7984] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 199.802484][ T7984] ? inet_sendmsg+0x147/0x5e0 [ 199.807161][ T7984] ? ipip_gro_receive+0x100/0x100 [ 199.812183][ T7984] sock_sendmsg+0xdd/0x130 [ 199.816610][ T7984] ___sys_sendmsg+0x3e2/0x930 [ 199.821300][ T7984] ? copy_msghdr_from_user+0x430/0x430 [ 199.826785][ T7984] ? __lock_acquire+0x548/0x3fb0 [ 199.831728][ T7984] ? lock_downgrade+0x880/0x880 [ 199.836610][ T7984] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.842856][ T7984] ? kasan_check_read+0x11/0x20 [ 199.847725][ T7984] ? __might_fault+0x12b/0x1e0 [ 199.852515][ T7984] ? find_held_lock+0x35/0x130 [ 199.857279][ T7984] ? __might_fault+0x12b/0x1e0 [ 199.863250][ T7984] ? lock_downgrade+0x880/0x880 [ 199.868103][ T7984] ? ___might_sleep+0x163/0x280 [ 199.872961][ T7984] __sys_sendmmsg+0x1bf/0x4d0 [ 199.877658][ T7984] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 199.882712][ T7984] ? _copy_to_user+0xc9/0x120 [ 199.887401][ T7984] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.893648][ T7984] ? put_timespec64+0xda/0x140 [ 199.898442][ T7984] ? nsecs_to_jiffies+0x30/0x30 [ 199.903310][ T7984] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.908764][ T7984] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.914216][ T7984] ? do_syscall_64+0x26/0x610 [ 199.918892][ T7984] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.924958][ T7984] ? do_syscall_64+0x26/0x610 [ 199.929633][ T7984] __x64_sys_sendmmsg+0x9d/0x100 [ 199.934574][ T7984] do_syscall_64+0x103/0x610 [ 199.939177][ T7984] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.945063][ T7984] RIP: 0033:0x4582b9 [ 199.948957][ T7984] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 199.968568][ T7984] RSP: 002b:00007f5bb5d87c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 199.976973][ T7984] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 199.984948][ T7984] RDX: 0366274b31432c90 RSI: 00000000200092c0 RDI: 0000000000000004 [ 199.992924][ T7984] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 200.000906][ T7984] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5bb5d886d4 [ 200.008868][ T7984] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 200.018641][ T7984] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7984 [ 200.028094][ T7984] caller is ip6_finish_output+0x335/0xdc0 [ 200.033906][ T7984] CPU: 0 PID: 7984 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 200.042956][ T7984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 200.053009][ T7984] Call Trace: [ 200.056311][ T7984] dump_stack+0x172/0x1f0 [ 200.060651][ T7984] __this_cpu_preempt_check+0x246/0x270 [ 200.066209][ T7984] ip6_finish_output+0x335/0xdc0 [ 200.071160][ T7984] ip6_output+0x235/0x7f0 [ 200.075496][ T7984] ? ip6_finish_output+0xdc0/0xdc0 [ 200.080613][ T7984] ? ip6_fragment+0x3980/0x3980 [ 200.085470][ T7984] ? ip_reply_glue_bits+0xc0/0xc0 [ 200.090512][ T7984] ip6_local_out+0xc4/0x1b0 [ 200.095023][ T7984] ip6_send_skb+0xbb/0x350 [ 200.099454][ T7984] udp_v6_send_skb.isra.0+0x10c0/0x14f0 [ 200.105009][ T7984] udpv6_sendmsg+0x21e3/0x28d0 [ 200.109775][ T7984] ? ip_reply_glue_bits+0xc0/0xc0 [ 200.114807][ T7984] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 200.120790][ T7984] ? aa_profile_af_perm+0x320/0x320 [ 200.125988][ T7984] ? __might_fault+0x12b/0x1e0 [ 200.130751][ T7984] ? find_held_lock+0x35/0x130 [ 200.135520][ T7984] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 200.141806][ T7984] ? rw_copy_check_uvector+0x2a6/0x330 [ 200.147309][ T7984] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 200.152862][ T7984] inet_sendmsg+0x147/0x5e0 [ 200.157372][ T7984] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 200.163349][ T7984] ? inet_sendmsg+0x147/0x5e0 [ 200.168033][ T7984] ? ipip_gro_receive+0x100/0x100 [ 200.173059][ T7984] sock_sendmsg+0xdd/0x130 [ 200.177480][ T7984] ___sys_sendmsg+0x3e2/0x930 [ 200.182160][ T7984] ? copy_msghdr_from_user+0x430/0x430 [ 200.187631][ T7984] ? __lock_acquire+0x548/0x3fb0 [ 200.192571][ T7984] ? lock_downgrade+0x880/0x880 [ 200.197421][ T7984] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 200.203675][ T7984] ? kasan_check_read+0x11/0x20 [ 200.208530][ T7984] ? __might_fault+0x12b/0x1e0 [ 200.213292][ T7984] ? find_held_lock+0x35/0x130 [ 200.218058][ T7984] ? __might_fault+0x12b/0x1e0 [ 200.222830][ T7984] ? lock_downgrade+0x880/0x880 [ 200.227686][ T7984] ? ___might_sleep+0x163/0x280 [ 200.232538][ T7984] __sys_sendmmsg+0x1bf/0x4d0 [ 200.237216][ T7984] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 200.242250][ T7984] ? _copy_to_user+0xc9/0x120 [ 200.246928][ T7984] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 200.253172][ T7984] ? put_timespec64+0xda/0x140 [ 200.257932][ T7984] ? nsecs_to_jiffies+0x30/0x30 [ 200.262792][ T7984] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 200.268247][ T7984] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 200.273712][ T7984] ? do_syscall_64+0x26/0x610 [ 200.278391][ T7984] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.284461][ T7984] ? do_syscall_64+0x26/0x610 [ 200.289141][ T7984] __x64_sys_sendmmsg+0x9d/0x100 [ 200.294083][ T7984] do_syscall_64+0x103/0x610 [ 200.298678][ T7984] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.304566][ T7984] RIP: 0033:0x4582b9 [ 200.308465][ T7984] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 200.328062][ T7984] RSP: 002b:00007f5bb5d87c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 200.336471][ T7984] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 200.344441][ T7984] RDX: 0366274b31432c90 RSI: 00000000200092c0 RDI: 0000000000000004 [ 200.352441][ T7984] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 200.360410][ T7984] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5bb5d886d4 [ 200.368394][ T7984] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 200.387480][ T8022] mkiss: ax0: crc mode is auto. [ 200.407897][ T7984] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7984 [ 200.417321][ T7984] caller is ip6_finish_output+0x335/0xdc0 [ 200.423206][ T7984] CPU: 1 PID: 7984 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 200.432233][ T7984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 200.442292][ T7984] Call Trace: [ 200.445601][ T7984] dump_stack+0x172/0x1f0 [ 200.449960][ T7984] __this_cpu_preempt_check+0x246/0x270 [ 200.455524][ T7984] ip6_finish_output+0x335/0xdc0 [ 200.460484][ T7984] ip6_output+0x235/0x7f0 [ 200.464832][ T7984] ? ip6_finish_output+0xdc0/0xdc0 [ 200.469968][ T7984] ? ip6_fragment+0x3980/0x3980 [ 200.474834][ T7984] ? ip_reply_glue_bits+0xc0/0xc0 [ 200.479878][ T7984] ip6_local_out+0xc4/0x1b0 [ 200.484406][ T7984] ip6_send_skb+0xbb/0x350 [ 200.488841][ T7984] udp_v6_send_skb.isra.0+0x10c0/0x14f0 [ 200.494418][ T7984] udpv6_sendmsg+0x21e3/0x28d0 [ 200.499191][ T7984] ? ip_reply_glue_bits+0xc0/0xc0 [ 200.504230][ T7984] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 200.510222][ T7984] ? aa_profile_af_perm+0x320/0x320 [ 200.515427][ T7984] ? __might_fault+0x12b/0x1e0 [ 200.520203][ T7984] ? find_held_lock+0x35/0x130 [ 200.524982][ T7984] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 200.531241][ T7984] ? rw_copy_check_uvector+0x2a6/0x330 [ 200.536741][ T7984] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 200.542301][ T7984] inet_sendmsg+0x147/0x5e0 [ 200.546815][ T7984] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 200.552895][ T7984] ? inet_sendmsg+0x147/0x5e0 [ 200.557588][ T7984] ? ipip_gro_receive+0x100/0x100 [ 200.562630][ T7984] sock_sendmsg+0xdd/0x130 [ 200.567061][ T7984] ___sys_sendmsg+0x3e2/0x930 [ 200.571754][ T7984] ? copy_msghdr_from_user+0x430/0x430 [ 200.577240][ T7984] ? __lock_acquire+0x548/0x3fb0 [ 200.582215][ T7984] ? lock_downgrade+0x880/0x880 [ 200.587079][ T7984] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 200.593333][ T7984] ? kasan_check_read+0x11/0x20 [ 200.598209][ T7984] ? __might_fault+0x12b/0x1e0 [ 200.602988][ T7984] ? find_held_lock+0x35/0x130 [ 200.607765][ T7984] ? __might_fault+0x12b/0x1e0 [ 200.612551][ T7984] ? lock_downgrade+0x880/0x880 [ 200.617433][ T7984] ? ___might_sleep+0x163/0x280 [ 200.622299][ T7984] __sys_sendmmsg+0x1bf/0x4d0 [ 200.627016][ T7984] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 200.632102][ T7984] ? _copy_to_user+0xc9/0x120 [ 200.636812][ T7984] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 200.643055][ T7984] ? put_timespec64+0xda/0x140 [ 200.647831][ T7984] ? nsecs_to_jiffies+0x30/0x30 [ 200.652710][ T7984] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 200.658175][ T7984] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 200.663640][ T7984] ? do_syscall_64+0x26/0x610 [ 200.668424][ T7984] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.674500][ T7984] ? do_syscall_64+0x26/0x610 [ 200.679189][ T7984] __x64_sys_sendmmsg+0x9d/0x100 [ 200.684142][ T7984] do_syscall_64+0x103/0x610 [ 200.688780][ T7984] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.694662][ T7984] RIP: 0033:0x4582b9 [ 200.698573][ T7984] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 200.718169][ T7984] RSP: 002b:00007f5bb5d87c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 200.726562][ T7984] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 200.734556][ T7984] RDX: 0366274b31432c90 RSI: 00000000200092c0 RDI: 0000000000000004 [ 200.742538][ T7984] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 200.750494][ T7984] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5bb5d886d4 [ 200.758450][ T7984] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 200.767597][ T7984] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7984 [ 200.776978][ T7984] caller is ip6_finish_output+0x335/0xdc0 [ 200.783045][ T7984] CPU: 1 PID: 7984 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 200.792071][ T7984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 200.802119][ T7984] Call Trace: [ 200.805403][ T7984] dump_stack+0x172/0x1f0 [ 200.809724][ T7984] __this_cpu_preempt_check+0x246/0x270 [ 200.815273][ T7984] ip6_finish_output+0x335/0xdc0 [ 200.820224][ T7984] ip6_output+0x235/0x7f0 [ 200.824556][ T7984] ? ip6_finish_output+0xdc0/0xdc0 [ 200.829653][ T7984] ? ip6_fragment+0x3980/0x3980 [ 200.834504][ T7984] ? ip_reply_glue_bits+0xc0/0xc0 [ 200.839543][ T7984] ip6_local_out+0xc4/0x1b0 [ 200.844052][ T7984] ip6_send_skb+0xbb/0x350 [ 200.848481][ T7984] udp_v6_send_skb.isra.0+0x10c0/0x14f0 [ 200.854047][ T7984] udpv6_sendmsg+0x21e3/0x28d0 [ 200.858831][ T7984] ? ip_reply_glue_bits+0xc0/0xc0 [ 200.863856][ T7984] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 200.869851][ T7984] ? aa_profile_af_perm+0x320/0x320 [ 200.875066][ T7984] ? __might_fault+0x12b/0x1e0 [ 200.879846][ T7984] ? find_held_lock+0x35/0x130 [ 200.884620][ T7984] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 200.890863][ T7984] ? rw_copy_check_uvector+0x2a6/0x330 [ 200.896350][ T7984] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 200.902014][ T7984] inet_sendmsg+0x147/0x5e0 [ 200.906501][ T7984] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 200.912732][ T7984] ? inet_sendmsg+0x147/0x5e0 [ 200.917403][ T7984] ? ipip_gro_receive+0x100/0x100 [ 200.922415][ T7984] sock_sendmsg+0xdd/0x130 [ 200.926849][ T7984] ___sys_sendmsg+0x3e2/0x930 [ 200.931529][ T7984] ? copy_msghdr_from_user+0x430/0x430 [ 200.936998][ T7984] ? __lock_acquire+0x548/0x3fb0 [ 200.941933][ T7984] ? lock_downgrade+0x880/0x880 [ 200.946769][ T7984] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 200.953012][ T7984] ? kasan_check_read+0x11/0x20 [ 200.957859][ T7984] ? __might_fault+0x12b/0x1e0 [ 200.962604][ T7984] ? find_held_lock+0x35/0x130 [ 200.967365][ T7984] ? __might_fault+0x12b/0x1e0 [ 200.972133][ T7984] ? lock_downgrade+0x880/0x880 [ 200.976995][ T7984] ? ___might_sleep+0x163/0x280 [ 200.981829][ T7984] __sys_sendmmsg+0x1bf/0x4d0 [ 200.986494][ T7984] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 200.991523][ T7984] ? _copy_to_user+0xc9/0x120 [ 200.996216][ T7984] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 201.002459][ T7984] ? put_timespec64+0xda/0x140 [ 201.007240][ T7984] ? nsecs_to_jiffies+0x30/0x30 [ 201.012101][ T7984] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 201.017566][ T7984] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 201.023016][ T7984] ? do_syscall_64+0x26/0x610 [ 201.027686][ T7984] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 201.033791][ T7984] ? do_syscall_64+0x26/0x610 [ 201.038470][ T7984] __x64_sys_sendmmsg+0x9d/0x100 [ 201.043398][ T7984] do_syscall_64+0x103/0x610 [ 201.047991][ T7984] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 201.053871][ T7984] RIP: 0033:0x4582b9 [ 201.057760][ T7984] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 201.077353][ T7984] RSP: 002b:00007f5bb5d87c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 201.085757][ T7984] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 201.093726][ T7984] RDX: 0366274b31432c90 RSI: 00000000200092c0 RDI: 0000000000000004 [ 201.101701][ T7984] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 201.109655][ T7984] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5bb5d886d4 [ 201.117616][ T7984] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 201.127427][ T7984] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7984 [ 201.136795][ T7984] caller is ip6_finish_output+0x335/0xdc0 [ 201.142824][ T7984] CPU: 1 PID: 7984 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 201.151849][ T7984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 201.161917][ T7984] Call Trace: [ 201.165213][ T7984] dump_stack+0x172/0x1f0 [ 201.169537][ T7984] __this_cpu_preempt_check+0x246/0x270 [ 201.175081][ T7984] ip6_finish_output+0x335/0xdc0 [ 201.180017][ T7984] ip6_output+0x235/0x7f0 [ 201.184336][ T7984] ? ip6_finish_output+0xdc0/0xdc0 [ 201.189444][ T7984] ? ip6_fragment+0x3980/0x3980 [ 201.194294][ T7984] ? ip_reply_glue_bits+0xc0/0xc0 [ 201.199317][ T7984] ip6_local_out+0xc4/0x1b0 [ 201.203817][ T7984] ip6_send_skb+0xbb/0x350 [ 201.208229][ T7984] udp_v6_send_skb.isra.0+0x10c0/0x14f0 [ 201.213789][ T7984] udpv6_sendmsg+0x21e3/0x28d0 [ 201.218554][ T7984] ? ip_reply_glue_bits+0xc0/0xc0 [ 201.223567][ T7984] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 201.229535][ T7984] ? aa_profile_af_perm+0x320/0x320 [ 201.234726][ T7984] ? __might_fault+0x12b/0x1e0 [ 201.239490][ T7984] ? find_held_lock+0x35/0x130 [ 201.244259][ T7984] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 201.250500][ T7984] ? rw_copy_check_uvector+0x2a6/0x330 [ 201.255994][ T7984] ? aa_sock_msg_perm.isra.0+0xba/0x170