[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   71.186335][   T27] audit: type=1800 audit(1583834660.314:25): pid=9502 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   71.215835][   T27] audit: type=1800 audit(1583834660.314:26): pid=9502 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   71.254394][   T27] audit: type=1800 audit(1583834660.324:27): pid=9502 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.13' (ECDSA) to the list of known hosts.
2020/03/10 10:04:30 fuzzer started
syzkaller login: [   81.780810][ T9655] check_preemption_disabled: 3 callbacks suppressed
[   81.780830][ T9655] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-fuzzer/9655
[   81.796817][ T9655] caller is __mod_memcg_state+0x27/0x1a0
[   81.802456][ T9655] CPU: 1 PID: 9655 Comm: syz-fuzzer Not tainted 5.6.0-rc5-next-20200310-syzkaller #0
[   81.811915][ T9655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   81.821976][ T9655] Call Trace:
[   81.825276][ T9655]  dump_stack+0x188/0x20d
[   81.829621][ T9655]  __this_cpu_preempt_check.cold+0x84/0x90
[   81.835429][ T9655]  __mod_memcg_state+0x27/0x1a0
[   81.840291][ T9655]  split_huge_page_to_list+0x124b/0x3380
[   81.845953][ T9655]  ? madvise_free_huge_pmd+0x869/0xb90
[   81.851420][ T9655]  ? can_split_huge_page+0x480/0x480
[   81.856793][ T9655]  ? pmd_val+0x7c/0xf0
[   81.860870][ T9655]  ? enabled_store+0x190/0x190
[   81.865666][ T9655]  madvise_free_huge_pmd+0x873/0xb90
[   81.870981][ T9655]  madvise_free_pte_range+0x6ff/0x2650
[   81.876467][ T9655]  ? mark_lock+0xbc/0x1220
[   81.880899][ T9655]  ? mark_held_locks+0x9f/0xe0
[   81.885667][ T9655]  ? madvise_cold_or_pageout_pte_range+0x3400/0x3400
[   81.892346][ T9655]  __walk_page_range+0xcfb/0x2070
[   81.897414][ T9655]  ? walk_page_test+0x78/0x180
[   81.902638][ T9655]  walk_page_range+0x1bd/0x3a0
[   81.907407][ T9655]  ? __walk_page_range+0x2070/0x2070
[   81.912721][ T9655]  ? madvise_free_single_vma+0x2c1/0x550
[   81.918385][ T9655]  madvise_free_single_vma+0x384/0x550
[   81.923982][ T9655]  ? madvise_pageout+0x3b0/0x3b0
[   81.928928][ T9655]  ? migrate_swap_stop+0x9d0/0x9d0
[   81.934057][ T9655]  ? lock_acquire+0x197/0x420
[   81.938738][ T9655]  ? userfaultfd_remove+0xf0/0x2b0
[   81.943864][ T9655]  ? vmacache_find+0x62/0x300
[   81.948569][ T9655]  ? find_vma+0x2b/0x170
[   81.952822][ T9655]  do_madvise+0x5ba/0x1b80
[   81.957239][ T9655]  ? lock_downgrade+0x7f0/0x7f0
[   81.962123][ T9655]  ? madvise_free_pte_range+0x2650/0x2650
[   81.967841][ T9655]  ? ktime_get+0x1f8/0x2f0
[   81.972268][ T9655]  ? __x64_sys_futex+0x376/0x4f0
[   81.977219][ T9655]  ? switch_fpu_return+0x1db/0x4b0
[   81.982339][ T9655]  ? fpregs_mark_activate+0x320/0x320
[   81.987723][ T9655]  ? __x64_sys_madvise+0xae/0x120
[   81.992751][ T9655]  __x64_sys_madvise+0xae/0x120
[   81.997606][ T9655]  ? lockdep_hardirqs_on+0x417/0x5d0
[   82.002906][ T9655]  do_syscall_64+0xf6/0x7d0
[   82.007417][ T9655]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   82.013306][ T9655] RIP: 0033:0x460bf7
[   82.017201][ T9655] Code: 8b 24 24 48 8b 6c 24 10 48 83 c4 18 c3 cc cc cc cc cc cc 48 8b 7c 24 08 48 8b 74 24 10 8b 54 24 18 48 c7 c0 1c 00 00 00 0f 05 <89> 44 24 20 c3 cc cc cc cc 48 8b 7c 24 08 8b 74 24 10 8b 54 24 14
[   82.036798][ T9655] RSP: 002b:000000c00004de70 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[   82.045205][ T9655] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000000460bf7
[   82.053189][ T9655] RDX: 0000000000000008 RSI: 0000000000012000 RDI: 000000c000250000
[   82.061165][ T9655] RBP: 000000c00004deb0 R08: 000000c000200000 R09: 000000c000262000
[   82.069216][ T9655] R10: 00007fffffffffff R11: 0000000000000246 R12: 000000000135ebc0
[   82.077207][ T9655] R13: 0000000000e8da20 R14: 0000000000000000 R15: 0000000000000000
[   82.085439][ T9655] BUG: using __this_cpu_add() in preemptible [00000000] code: syz-fuzzer/9655
[   82.094370][ T9655] caller is __mod_memcg_state+0xca/0x1a0
[   82.100104][ T9655] CPU: 1 PID: 9655 Comm: syz-fuzzer Not tainted 5.6.0-rc5-next-20200310-syzkaller #0
[   82.109570][ T9655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   82.119755][ T9655] Call Trace:
[   82.123067][ T9655]  dump_stack+0x188/0x20d
[   82.127411][ T9655]  __this_cpu_preempt_check.cold+0x84/0x90
[   82.133222][ T9655]  __mod_memcg_state+0xca/0x1a0
[   82.138090][ T9655]  split_huge_page_to_list+0x124b/0x3380
[   82.143766][ T9655]  ? madvise_free_huge_pmd+0x869/0xb90
[   82.149230][ T9655]  ? can_split_huge_page+0x480/0x480
[   82.154516][ T9655]  ? pmd_val+0x7c/0xf0
[   82.158612][ T9655]  ? enabled_store+0x190/0x190
[   82.163391][ T9655]  madvise_free_huge_pmd+0x873/0xb90
[   82.168693][ T9655]  madvise_free_pte_range+0x6ff/0x2650
[   82.174245][ T9655]  ? mark_lock+0xbc/0x1220
[   82.178679][ T9655]  ? mark_held_locks+0x9f/0xe0
[   82.183791][ T9655]  ? madvise_cold_or_pageout_pte_range+0x3400/0x3400
[   82.190558][ T9655]  __walk_page_range+0xcfb/0x2070
[   82.195645][ T9655]  ? walk_page_test+0x78/0x180
[   82.200415][ T9655]  walk_page_range+0x1bd/0x3a0
[   82.205183][ T9655]  ? __walk_page_range+0x2070/0x2070
[   82.210485][ T9655]  ? madvise_free_single_vma+0x2c1/0x550
[   82.216131][ T9655]  madvise_free_single_vma+0x384/0x550
[   82.221593][ T9655]  ? madvise_pageout+0x3b0/0x3b0
[   82.226964][ T9655]  ? migrate_swap_stop+0x9d0/0x9d0
[   82.232097][ T9655]  ? lock_acquire+0x197/0x420
[   82.236777][ T9655]  ? userfaultfd_remove+0xf0/0x2b0
[   82.241903][ T9655]  ? vmacache_find+0x62/0x300
[   82.246589][ T9655]  ? find_vma+0x2b/0x170
[   82.250848][ T9655]  do_madvise+0x5ba/0x1b80
[   82.255351][ T9655]  ? lock_downgrade+0x7f0/0x7f0
[   82.260228][ T9655]  ? madvise_free_pte_range+0x2650/0x2650
[   82.265959][ T9655]  ? ktime_get+0x1f8/0x2f0
[   82.270518][ T9655]  ? __x64_sys_futex+0x376/0x4f0
[   82.275506][ T9655]  ? switch_fpu_return+0x1db/0x4b0
[   82.280634][ T9655]  ? fpregs_mark_activate+0x320/0x320
[   82.286026][ T9655]  ? __x64_sys_madvise+0xae/0x120
[   82.291073][ T9655]  __x64_sys_madvise+0xae/0x120
[   82.295957][ T9655]  ? lockdep_hardirqs_on+0x417/0x5d0
[   82.301268][ T9655]  do_syscall_64+0xf6/0x7d0
[   82.305798][ T9655]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   82.311692][ T9655] RIP: 0033:0x460bf7
[   82.315586][ T9655] Code: 8b 24 24 48 8b 6c 24 10 48 83 c4 18 c3 cc cc cc cc cc cc 48 8b 7c 24 08 48 8b 74 24 10 8b 54 24 18 48 c7 c0 1c 00 00 00 0f 05 <89> 44 24 20 c3 cc cc cc cc 48 8b 7c 24 08 8b 74 24 10 8b 54 24 14
[   82.335190][ T9655] RSP: 002b:000000c00004de70 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[   82.343616][ T9655] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000000460bf7
[   82.351584][ T9655] RDX: 0000000000000008 RSI: 0000000000012000 RDI: 000000c000250000
[   82.359562][ T9655] RBP: 000000c00004deb0 R08: 000000c000200000 R09: 000000c000262000
[   82.367546][ T9655] R10: 00007fffffffffff R11: 0000000000000246 R12: 000000000135ebc0
[   82.375531][ T9655] R13: 0000000000e8da20 R14: 0000000000000000 R15: 0000000000000000
[   82.383649][ T9655] BUG: using __this_cpu_write() in preemptible [00000000] code: syz-fuzzer/9655
[   82.392737][ T9655] caller is __mod_memcg_state+0x87/0x1a0
[   82.398430][ T9655] CPU: 1 PID: 9655 Comm: syz-fuzzer Not tainted 5.6.0-rc5-next-20200310-syzkaller #0
[   82.407881][ T9655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   82.417933][ T9655] Call Trace:
[   82.421228][ T9655]  dump_stack+0x188/0x20d
[   82.425571][ T9655]  __this_cpu_preempt_check.cold+0x84/0x90
[   82.431381][ T9655]  __mod_memcg_state+0x87/0x1a0
[   82.436246][ T9655]  split_huge_page_to_list+0x124b/0x3380
[   82.441908][ T9655]  ? madvise_free_huge_pmd+0x869/0xb90
[   82.447373][ T9655]  ? can_split_huge_page+0x480/0x480
[   82.452661][ T9655]  ? pmd_val+0x7c/0xf0
[   82.456753][ T9655]  ? enabled_store+0x190/0x190
[   82.461548][ T9655]  madvise_free_huge_pmd+0x873/0xb90
[   82.466867][ T9655]  madvise_free_pte_range+0x6ff/0x2650
[   82.472336][ T9655]  ? mark_lock+0xbc/0x1220
[   82.476766][ T9655]  ? mark_held_locks+0x9f/0xe0
[   82.481688][ T9655]  ? madvise_cold_or_pageout_pte_range+0x3400/0x3400
[   82.488379][ T9655]  __walk_page_range+0xcfb/0x2070
[   82.493461][ T9655]  ? walk_page_test+0x78/0x180
[   82.498234][ T9655]  walk_page_range+0x1bd/0x3a0
[   82.503029][ T9655]  ? __walk_page_range+0x2070/0x2070
[   82.508327][ T9655]  ? madvise_free_single_vma+0x2c1/0x550
[   82.513978][ T9655]  madvise_free_single_vma+0x384/0x550
[   82.519448][ T9655]  ? madvise_pageout+0x3b0/0x3b0
[   82.524382][ T9655]  ? migrate_swap_stop+0x9d0/0x9d0
[   82.529502][ T9655]  ? lock_acquire+0x197/0x420
[   82.534187][ T9655]  ? userfaultfd_remove+0xf0/0x2b0
[   82.539315][ T9655]  ? vmacache_find+0x62/0x300
[   82.544089][ T9655]  ? find_vma+0x2b/0x170
[   82.548345][ T9655]  do_madvise+0x5ba/0x1b80
[   82.552769][ T9655]  ? lock_downgrade+0x7f0/0x7f0
[   82.557653][ T9655]  ? madvise_free_pte_range+0x2650/0x2650
[   82.563371][ T9655]  ? ktime_get+0x1f8/0x2f0
[   82.567807][ T9655]  ? __x64_sys_futex+0x376/0x4f0
[   82.572757][ T9655]  ? switch_fpu_return+0x1db/0x4b0
[   82.577868][ T9655]  ? fpregs_mark_activate+0x320/0x320
[   82.583249][ T9655]  ? __x64_sys_madvise+0xae/0x120
[   82.588283][ T9655]  __x64_sys_madvise+0xae/0x120
[   82.593144][ T9655]  ? lockdep_hardirqs_on+0x417/0x5d0
[   82.598435][ T9655]  do_syscall_64+0xf6/0x7d0
[   82.602945][ T9655]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   82.608844][ T9655] RIP: 0033:0x460bf7
[   82.612738][ T9655] Code: 8b 24 24 48 8b 6c 24 10 48 83 c4 18 c3 cc cc cc cc cc cc 48 8b 7c 24 08 48 8b 74 24 10 8b 54 24 18 48 c7 c0 1c 00 00 00 0f 05 <89> 44 24 20 c3 cc cc cc cc 48 8b 7c 24 08 8b 74 24 10 8b 54 24 14
[   82.632343][ T9655] RSP: 002b:000000c00004de70 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[   82.640751][ T9655] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000000460bf7
[   82.648835][ T9655] RDX: 0000000000000008 RSI: 0000000000012000 RDI: 000000c000250000
[   82.656805][ T9655] RBP: 000000c00004deb0 R08: 000000c000200000 R09: 000000c000262000
[   82.664773][ T9655] R10: 00007fffffffffff R11: 0000000000000246 R12: 000000000135ebc0
[   82.672752][ T9655] R13: 0000000000e8da20 R14: 0000000000000000 R15: 0000000000000000
2020/03/10 10:04:33 connecting to host at 10.128.0.26:42545
2020/03/10 10:04:33 checking machine...
2020/03/10 10:04:33 checking revisions...
2020/03/10 10:04:33 testing simple program...
[   84.399934][ T9670] IPVS: ftp: loaded support on port[0] = 21
2020/03/10 10:04:33 building call list...
[   84.596045][ T9675] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-fuzzer/9675
[   84.596653][   T21] 
[   84.605024][ T9675] caller is __mod_memcg_state+0x27/0x1a0
[   84.605057][ T9675] CPU: 0 PID: 9675 Comm: syz-fuzzer Not tainted 5.6.0-rc5-next-20200310-syzkaller #0
[   84.616009][   T21] =============================
[   84.622512][ T9675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   84.622524][ T9675] Call Trace:
[   84.640765][ T9675]  dump_stack+0x188/0x20d
[   84.645109][ T9675]  __this_cpu_preempt_check.cold+0x84/0x90
[   84.650932][ T9675]  __mod_memcg_state+0x27/0x1a0
[   84.655797][ T9675]  split_huge_page_to_list+0x124b/0x3380
[   84.661464][ T9675]  ? madvise_free_huge_pmd+0x869/0xb90
[   84.666930][ T9675]  ? can_split_huge_page+0x480/0x480
[   84.672215][ T9675]  ? pmd_val+0x7c/0xf0
[   84.675779][   T21] WARNING: suspicious RCU usage
[   84.676288][ T9675]  ? enabled_store+0x190/0x190
[   84.681142][   T21] 5.6.0-rc5-next-20200310-syzkaller #0 Not tainted
[   84.685912][ T9675]  madvise_free_huge_pmd+0x873/0xb90
[   84.685944][ T9675]  madvise_free_pte_range+0x6ff/0x2650
[   84.685959][ T9675]  ? mark_lock+0xbc/0x1220
[   84.685981][ T9675]  ? mark_held_locks+0x9f/0xe0
[   84.685995][ T9675]  ? madvise_cold_or_pageout_pte_range+0x3400/0x3400
[   84.686012][ T9675]  __walk_page_range+0xcfb/0x2070
[   84.686055][ T9675]  ? walk_page_test+0x78/0x180
[   84.725831][   T21] -----------------------------
[   84.728832][ T9675]  walk_page_range+0x1bd/0x3a0
[   84.733660][   T21] net/openvswitch/conntrack.c:1898 RCU-list traversed in non-reader section!!
[   84.738409][ T9675]  ? __walk_page_range+0x2070/0x2070
[   84.738435][ T9675]  ? madvise_free_single_vma+0x2c1/0x550
[   84.738461][ T9675]  madvise_free_single_vma+0x384/0x550
[   84.738478][ T9675]  ? madvise_pageout+0x3b0/0x3b0
[   84.738500][ T9675]  ? lock_acquire+0x197/0x420
[   84.773652][ T9675]  ? userfaultfd_remove+0xf0/0x2b0
[   84.778797][ T9675]  ? vmacache_find+0x62/0x300
[   84.783491][ T9675]  ? vmacache_update+0xce/0x140
[   84.788364][ T9675]  ? find_vma+0x2b/0x170
[   84.792623][ T9675]  do_madvise+0x5ba/0x1b80
[   84.795842][   T21] 
[   84.795842][   T21] other info that might help us debug this:
[   84.795842][   T21] 
[   84.797128][ T9675]  ? unuse_pde+0x2c/0x80
[   84.815054][ T9675]  ? madvise_free_pte_range+0x2650/0x2650
[   84.820805][ T9675]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   84.825877][   T21] 
[   84.825877][   T21] rcu_scheduler_active = 2, debug_locks = 1
[   84.827699][ T9675]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   84.841909][ T9675]  ? fput_many+0x2f/0x1a0
[   84.846419][ T9675]  ? switch_fpu_return+0x1db/0x4b0
[   84.851530][ T9675]  ? fpregs_mark_activate+0x320/0x320
[   84.855800][   T21] 3 locks held by kworker/u4:1/21:
[   84.856929][ T9675]  ? __x64_sys_madvise+0xae/0x120
[   84.862019][   T21]  #0: ffff8880a9771d28 ((wq_completion)netns){+.+.}, at: process_one_work+0x82a/0x1690
[   84.867050][ T9675]  __x64_sys_madvise+0xae/0x120
[   84.867066][ T9675]  ? lockdep_hardirqs_on+0x417/0x5d0
[   84.867081][ T9675]  do_syscall_64+0xf6/0x7d0
[   84.867099][ T9675]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   84.867109][ T9675] RIP: 0033:0x460bf7
[   84.867123][ T9675] Code: 8b 24 24 48 8b 6c 24 10 48 83 c4 18 c3 cc cc cc cc cc cc 48 8b 7c 24 08 48 8b 74 24 10 8b 54 24 18 48 c7 c0 1c 00 00 00 0f 05 <89> 44 24 20 c3 cc cc cc cc 48 8b 7c 24 08 8b 74 24 10 8b 54 24 14
[   84.867129][ T9675] RSP: 002b:000000c0002cfc50 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[   84.867140][ T9675] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000000460bf7
[   84.867152][ T9675] RDX: 0000000000000008 RSI: 0000000000002000 RDI: 000000c0001c6000
[   84.925819][   T21]  #1: ffffc90000dd7dd0 (net_cleanup_work){+.+.}, at: process_one_work+0x85e/0x1690
[   84.929588][ T9675] RBP: 000000c0002cfc90 R08: 000000c000000000 R09: 000000c0001c8000
[   84.929602][ T9675] R10: 000000000003fe00 R11: 0000000000000246 R12: 0000000000000002
[   84.965796][   T21]  #2: ffffffff8a547288 (pernet_ops_rwsem){++++}, at: cleanup_net+0x9b/0xa50
[   84.972320][ T9675] R13: 0000000000e8da20 R14: 000000000045ecf0 R15: 0000000000000000
[   84.972563][ T9675] BUG: using __this_cpu_add() in preemptible [00000000] code: syz-fuzzer/9675
[   84.998756][ T9675] caller is __mod_memcg_state+0xca/0x1a0
[   85.004393][ T9675] CPU: 0 PID: 9675 Comm: syz-fuzzer Not tainted 5.6.0-rc5-next-20200310-syzkaller #0
[   85.013841][ T9675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   85.015820][   T21] 
[   85.015820][   T21] stack backtrace:
[   85.023906][ T9675] Call Trace:
[   85.033273][ T9675]  dump_stack+0x188/0x20d
[   85.037619][ T9675]  __this_cpu_preempt_check.cold+0x84/0x90
[   85.043430][ T9675]  __mod_memcg_state+0xca/0x1a0
[   85.048294][ T9675]  split_huge_page_to_list+0x124b/0x3380
[   85.053949][ T9675]  ? madvise_free_huge_pmd+0x869/0xb90
[   85.059517][ T9675]  ? can_split_huge_page+0x480/0x480
[   85.064805][ T9675]  ? pmd_val+0x7c/0xf0
[   85.068874][ T9675]  ? enabled_store+0x190/0x190
[   85.073633][ T9675]  madvise_free_huge_pmd+0x873/0xb90
[   85.079193][ T9675]  madvise_free_pte_range+0x6ff/0x2650
[   85.084825][ T9675]  ? mark_lock+0xbc/0x1220
[   85.089245][ T9675]  ? mark_held_locks+0x9f/0xe0
[   85.094007][ T9675]  ? madvise_cold_or_pageout_pte_range+0x3400/0x3400
[   85.100684][ T9675]  __walk_page_range+0xcfb/0x2070
[   85.105743][ T9675]  ? walk_page_test+0x78/0x180
[   85.110500][ T9675]  walk_page_range+0x1bd/0x3a0
[   85.115248][ T9675]  ? __walk_page_range+0x2070/0x2070
[   85.120543][ T9675]  ? madvise_free_single_vma+0x2c1/0x550
[   85.126184][ T9675]  madvise_free_single_vma+0x384/0x550
[   85.131663][ T9675]  ? madvise_pageout+0x3b0/0x3b0
[   85.136704][ T9675]  ? lock_acquire+0x197/0x420
[   85.141558][ T9675]  ? userfaultfd_remove+0xf0/0x2b0
[   85.146687][ T9675]  ? vmacache_find+0x62/0x300
[   85.151621][ T9675]  ? vmacache_update+0xce/0x140
[   85.156474][ T9675]  ? find_vma+0x2b/0x170
[   85.160733][ T9675]  do_madvise+0x5ba/0x1b80
[   85.165148][ T9675]  ? unuse_pde+0x2c/0x80
[   85.169413][ T9675]  ? madvise_free_pte_range+0x2650/0x2650
[   85.175134][ T9675]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   85.180696][ T9675]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   85.186930][ T9675]  ? fput_many+0x2f/0x1a0
[   85.191244][ T9675]  ? switch_fpu_return+0x1db/0x4b0
[   85.196345][ T9675]  ? fpregs_mark_activate+0x320/0x320
[   85.201720][ T9675]  ? __x64_sys_madvise+0xae/0x120
[   85.206742][ T9675]  __x64_sys_madvise+0xae/0x120
[   85.211593][ T9675]  ? lockdep_hardirqs_on+0x417/0x5d0
[   85.216880][ T9675]  do_syscall_64+0xf6/0x7d0
[   85.221384][ T9675]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   85.227263][ T9675] RIP: 0033:0x460bf7
[   85.231155][ T9675] Code: 8b 24 24 48 8b 6c 24 10 48 83 c4 18 c3 cc cc cc cc cc cc 48 8b 7c 24 08 48 8b 74 24 10 8b 54 24 18 48 c7 c0 1c 00 00 00 0f 05 <89> 44 24 20 c3 cc cc cc cc 48 8b 7c 24 08 8b 74 24 10 8b 54 24 14
[   85.250832][ T9675] RSP: 002b:000000c0002cfc50 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[   85.259239][ T9675] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000000460bf7
[   85.267210][ T9675] RDX: 0000000000000008 RSI: 0000000000002000 RDI: 000000c0001c6000
[   85.275177][ T9675] RBP: 000000c0002cfc90 R08: 000000c000000000 R09: 000000c0001c8000
[   85.283222][ T9675] R10: 000000000003fe00 R11: 0000000000000246 R12: 0000000000000002
[   85.291187][ T9675] R13: 0000000000e8da20 R14: 000000000045ecf0 R15: 0000000000000000
[   85.299313][ T9675] BUG: using __this_cpu_write() in preemptible [00000000] code: syz-fuzzer/9675
[   85.308363][ T9675] caller is __mod_memcg_state+0x87/0x1a0
[   85.313997][ T9675] CPU: 0 PID: 9675 Comm: syz-fuzzer Not tainted 5.6.0-rc5-next-20200310-syzkaller #0
[   85.323452][ T9675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   85.334643][ T9675] Call Trace:
[   85.337937][ T9675]  dump_stack+0x188/0x20d
[   85.342275][ T9675]  __this_cpu_preempt_check.cold+0x84/0x90
[   85.348080][ T9675]  __mod_memcg_state+0x87/0x1a0
[   85.352938][ T9675]  split_huge_page_to_list+0x124b/0x3380
[   85.360165][ T9675]  ? madvise_free_huge_pmd+0x869/0xb90
[   85.365998][ T9675]  ? can_split_huge_page+0x480/0x480
[   85.371267][ T9675]  ? pmd_val+0x7c/0xf0
[   85.375337][ T9675]  ? enabled_store+0x190/0x190
[   85.380105][ T9675]  madvise_free_huge_pmd+0x873/0xb90
[   85.385401][ T9675]  madvise_free_pte_range+0x6ff/0x2650
[   85.390856][ T9675]  ? mark_lock+0xbc/0x1220
[   85.395289][ T9675]  ? mark_held_locks+0x9f/0xe0
[   85.400069][ T9675]  ? madvise_cold_or_pageout_pte_range+0x3400/0x3400
[   85.406742][ T9675]  __walk_page_range+0xcfb/0x2070
[   85.411785][ T9675]  ? walk_page_test+0x78/0x180
[   85.416543][ T9675]  walk_page_range+0x1bd/0x3a0
[   85.421309][ T9675]  ? __walk_page_range+0x2070/0x2070
[   85.426605][ T9675]  ? madvise_free_single_vma+0x2c1/0x550
[   85.432247][ T9675]  madvise_free_single_vma+0x384/0x550
[   85.437707][ T9675]  ? madvise_pageout+0x3b0/0x3b0
[   85.442651][ T9675]  ? lock_acquire+0x197/0x420
[   85.447318][ T9675]  ? userfaultfd_remove+0xf0/0x2b0
[   85.452791][ T9675]  ? vmacache_find+0x62/0x300
[   85.457459][ T9675]  ? vmacache_update+0xce/0x140
[   85.462306][ T9675]  ? find_vma+0x2b/0x170
[   85.466554][ T9675]  do_madvise+0x5ba/0x1b80
[   85.470964][ T9675]  ? unuse_pde+0x2c/0x80
[   85.475240][ T9675]  ? madvise_free_pte_range+0x2650/0x2650
[   85.480964][ T9675]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   85.486502][ T9675]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   85.492471][ T9675]  ? fput_many+0x2f/0x1a0
[   85.496798][ T9675]  ? switch_fpu_return+0x1db/0x4b0
[   85.501907][ T9675]  ? fpregs_mark_activate+0x320/0x320
[   85.507281][ T9675]  ? __x64_sys_madvise+0xae/0x120
[   85.512304][ T9675]  __x64_sys_madvise+0xae/0x120
[   85.517174][ T9675]  ? lockdep_hardirqs_on+0x417/0x5d0
[   85.522458][ T9675]  do_syscall_64+0xf6/0x7d0
[   85.526959][ T9675]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   85.532995][ T9675] RIP: 0033:0x460bf7
[   85.537337][ T9675] Code: 8b 24 24 48 8b 6c 24 10 48 83 c4 18 c3 cc cc cc cc cc cc 48 8b 7c 24 08 48 8b 74 24 10 8b 54 24 18 48 c7 c0 1c 00 00 00 0f 05 <89> 44 24 20 c3 cc cc cc cc 48 8b 7c 24 08 8b 74 24 10 8b 54 24 14
[   85.557053][ T9675] RSP: 002b:000000c0002cfc50 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[   85.565465][ T9675] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000000460bf7
[   85.573426][ T9675] RDX: 0000000000000008 RSI: 0000000000002000 RDI: 000000c0001c6000
[   85.581382][ T9675] RBP: 000000c0002cfc90 R08: 000000c000000000 R09: 000000c0001c8000
[   85.589345][ T9675] R10: 000000000003fe00 R11: 0000000000000246 R12: 0000000000000002
[   85.597312][ T9675] R13: 0000000000e8da20 R14: 000000000045ecf0 R15: 0000000000000000
[   85.606662][   T21] CPU: 0 PID: 21 Comm: kworker/u4:1 Not tainted 5.6.0-rc5-next-20200310-syzkaller #0
[   85.616298][   T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   85.626750][   T21] Workqueue: netns cleanup_net
[   85.631511][   T21] Call Trace:
[   85.634802][   T21]  dump_stack+0x188/0x20d
[   85.639257][   T21]  ovs_ct_exit+0x3db/0x558
[   85.643714][   T21]  ovs_exit_net+0x1df/0xba0
[   85.648228][   T21]  ? ovs_dp_cmd_del+0x270/0x270
[   85.653101][   T21]  ? __mutex_unlock_slowpath+0xe2/0x660
[   85.658661][   T21]  ? ovs_dp_cmd_del+0x270/0x270
[   85.663524][   T21]  ops_exit_list.isra.0+0xa8/0x150
[   85.668649][   T21]  cleanup_net+0x511/0xa50
[   85.673091][   T21]  ? unregister_pernet_device+0x70/0x70
[   85.678644][   T21]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   85.684640][   T21]  process_one_work+0x94b/0x1690
[   85.689613][   T21]  ? pwq_dec_nr_in_flight+0x310/0x310
[   85.695006][   T21]  ? do_raw_spin_lock+0x129/0x2e0
[   85.700088][   T21]  worker_thread+0x96/0xe20
[   85.704625][   T21]  ? process_one_work+0x1690/0x1690
[   85.709840][   T21]  kthread+0x357/0x430
[   85.713927][   T21]  ? kthread_mod_delayed_work+0x1a0/0x1a0
[   85.719662][   T21]  ret_from_fork+0x24/0x30
[   85.781796][ T9666] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-fuzzer/9666
[   85.790831][ T9666] caller is __mod_memcg_state+0x27/0x1a0
[   85.796563][ T9666] CPU: 0 PID: 9666 Comm: syz-fuzzer Not tainted 5.6.0-rc5-next-20200310-syzkaller #0
[   85.806750][ T9666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   85.816803][ T9666] Call Trace:
[   85.820089][ T9666]  dump_stack+0x188/0x20d
[   85.824409][ T9666]  __this_cpu_preempt_check.cold+0x84/0x90
[   85.830197][ T9666]  __mod_memcg_state+0x27/0x1a0
[   85.835031][ T9666]  split_huge_page_to_list+0x124b/0x3380
[   85.840704][ T9666]  ? madvise_free_huge_pmd+0x869/0xb90
[   85.846378][ T9666]  ? can_split_huge_page+0x480/0x480
[   85.851656][ T9666]  ? pmd_val+0x7c/0xf0
[   85.855711][ T9666]  ? enabled_store+0x190/0x190
[   85.860472][ T9666]  madvise_free_huge_pmd+0x873/0xb90
[   85.865767][ T9666]  madvise_free_pte_range+0x6ff/0x2650
[   85.871228][ T9666]  ? madvise_cold_or_pageout_pte_range+0x3400/0x3400
[   85.878156][ T9666]  __walk_page_range+0xcfb/0x2070
[   85.883181][ T9666]  ? walk_page_test+0x78/0x180
[   85.887942][ T9666]  walk_page_range+0x1bd/0x3a0
[   85.892699][ T9666]  ? __walk_page_range+0x2070/0x2070
[   85.897981][ T9666]  ? madvise_free_single_vma+0x2c1/0x550
[   85.903796][ T9666]  madvise_free_single_vma+0x384/0x550
[   85.909273][ T9666]  ? madvise_pageout+0x3b0/0x3b0
[   85.914222][ T9666]  ? lock_acquire+0x197/0x420
[   85.920055][ T9666]  ? userfaultfd_remove+0xf0/0x2b0
[   85.925219][ T9666]  ? vmacache_find+0x62/0x300
[   85.929890][ T9666]  ? find_vma+0x2b/0x170
[   85.934136][ T9666]  do_madvise+0x5ba/0x1b80
[   85.938588][ T9666]  ? unuse_pde+0x2c/0x80
[   85.942834][ T9666]  ? madvise_free_pte_range+0x2650/0x2650
[   85.948800][ T9666]  ? __x64_sys_futex+0x376/0x4f0
[   85.953722][ T9666]  ? fput_many+0x2f/0x1a0
[   85.958031][ T9666]  ? do_futex+0x1b10/0x1b10
[   85.962523][ T9666]  ? ksys_read+0x19f/0x250
[   85.966918][ T9666]  ? kernel_write+0x120/0x120
[   85.971577][ T9666]  ? __x64_sys_madvise+0xae/0x120
[   85.976591][ T9666]  __x64_sys_madvise+0xae/0x120
[   85.981576][ T9666]  ? lockdep_hardirqs_on+0x417/0x5d0
[   85.987912][ T9666]  do_syscall_64+0xf6/0x7d0
[   85.992529][ T9666]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   85.998414][ T9666] RIP: 0033:0x460bf7
[   86.002312][ T9666] Code: 8b 24 24 48 8b 6c 24 10 48 83 c4 18 c3 cc cc cc cc cc cc 48 8b 7c 24 08 48 8b 74 24 10 8b 54 24 18 48 c7 c0 1c 00 00 00 0f 05 <89> 44 24 20 c3 cc cc cc cc 48 8b 7c 24 08 8b 74 24 10 8b 54 24 14
[   86.022042][ T9666] RSP: 002b:000000c00010fc50 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[   86.030706][ T9666] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000000460bf7
[   86.038680][ T9666] RDX: 0000000000000008 RSI: 0000000000038000 RDI: 000000c0003ca000
[   86.046642][ T9666] RBP: 000000c00010fc90 R08: 000000c000200000 R09: 000000c000402000
[   86.054723][ T9666] R10: 00000000000ffe00 R11: 0000000000000246 R12: 000000000000000f
[   86.062950][ T9666] R13: 000000c00006aeb0 R14: 0000000000000000 R15: 0000000000000010
[   86.071562][ T9666] BUG: using __this_cpu_add() in preemptible [00000000] code: syz-fuzzer/9666
[   86.080470][ T9666] caller is __mod_memcg_state+0xca/0x1a0
[   86.086275][ T9666] CPU: 0 PID: 9666 Comm: syz-fuzzer Not tainted 5.6.0-rc5-next-20200310-syzkaller #0
[   86.095737][ T9666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   86.106110][ T9666] Call Trace:
[   86.109402][ T9666]  dump_stack+0x188/0x20d
[   86.113750][ T9666]  __this_cpu_preempt_check.cold+0x84/0x90
[   86.119550][ T9666]  __mod_memcg_state+0xca/0x1a0
[   86.124528][ T9666]  split_huge_page_to_list+0x124b/0x3380
[   86.130194][ T9666]  ? madvise_free_huge_pmd+0x869/0xb90
[   86.135640][ T9666]  ? can_split_huge_page+0x480/0x480
[   86.140906][ T9666]  ? pmd_val+0x7c/0xf0
[   86.144960][ T9666]  ? enabled_store+0x190/0x190
[   86.149712][ T9666]  madvise_free_huge_pmd+0x873/0xb90
[   86.155007][ T9666]  madvise_free_pte_range+0x6ff/0x2650
[   86.160474][ T9666]  ? madvise_cold_or_pageout_pte_range+0x3400/0x3400
[   86.167135][ T9666]  __walk_page_range+0xcfb/0x2070
[   86.172157][ T9666]  ? walk_page_test+0x78/0x180
[   86.176922][ T9666]  walk_page_range+0x1bd/0x3a0
[   86.181693][ T9666]  ? __walk_page_range+0x2070/0x2070
[   86.186976][ T9666]  ? madvise_free_single_vma+0x2c1/0x550
[   86.192719][ T9666]  madvise_free_single_vma+0x384/0x550
[   86.198173][ T9666]  ? madvise_pageout+0x3b0/0x3b0
[   86.203121][ T9666]  ? lock_acquire+0x197/0x420
[   86.207798][ T9666]  ? userfaultfd_remove+0xf0/0x2b0
[   86.212915][ T9666]  ? vmacache_find+0x62/0x300
[   86.217588][ T9666]  ? find_vma+0x2b/0x170
[   86.221866][ T9666]  do_madvise+0x5ba/0x1b80
[   86.226476][ T9666]  ? unuse_pde+0x2c/0x80
[   86.230735][ T9666]  ? madvise_free_pte_range+0x2650/0x2650
[   86.236466][ T9666]  ? __x64_sys_futex+0x376/0x4f0
[   86.241403][ T9666]  ? fput_many+0x2f/0x1a0
[   86.245722][ T9666]  ? do_futex+0x1b10/0x1b10
[   86.250213][ T9666]  ? ksys_read+0x19f/0x250
[   86.254650][ T9666]  ? kernel_write+0x120/0x120
[   86.259313][ T9666]  ? __x64_sys_madvise+0xae/0x120
[   86.264318][ T9666]  __x64_sys_madvise+0xae/0x120
[   86.269245][ T9666]  ? lockdep_hardirqs_on+0x417/0x5d0
[   86.274532][ T9666]  do_syscall_64+0xf6/0x7d0
[   86.279036][ T9666]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   86.284943][ T9666] RIP: 0033:0x460bf7
[   86.288835][ T9666] Code: 8b 24 24 48 8b 6c 24 10 48 83 c4 18 c3 cc cc cc cc cc cc 48 8b 7c 24 08 48 8b 74 24 10 8b 54 24 18 48 c7 c0 1c 00 00 00 0f 05 <89> 44 24 20 c3 cc cc cc cc 48 8b 7c 24 08 8b 74 24 10 8b 54 24 14
[   86.308435][ T9666] RSP: 002b:000000c00010fc50 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[   86.316827][ T9666] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000000460bf7
[   86.324778][ T9666] RDX: 0000000000000008 RSI: 0000000000038000 RDI: 000000c0003ca000
[   86.332742][ T9666] RBP: 000000c00010fc90 R08: 000000c000200000 R09: 000000c000402000
[   86.340692][ T9666] R10: 00000000000ffe00 R11: 0000000000000246 R12: 000000000000000f
[   86.348644][ T9666] R13: 000000c00006aeb0 R14: 0000000000000000 R15: 0000000000000010
[   86.356789][ T9666] BUG: using __this_cpu_write() in preemptible [00000000] code: syz-fuzzer/9666
[   86.365847][ T9666] caller is __mod_memcg_state+0x87/0x1a0
[   86.371476][ T9666] CPU: 0 PID: 9666 Comm: syz-fuzzer Not tainted 5.6.0-rc5-next-20200310-syzkaller #0
[   86.381055][ T9666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   86.391239][ T9666] Call Trace:
[   86.394536][ T9666]  dump_stack+0x188/0x20d
[   86.399063][ T9666]  __this_cpu_preempt_check.cold+0x84/0x90
[   86.405089][ T9666]  __mod_memcg_state+0x87/0x1a0
[   86.414062][ T9666]  split_huge_page_to_list+0x124b/0x3380
[   86.419709][ T9666]  ? madvise_free_huge_pmd+0x869/0xb90
[   86.425155][ T9666]  ? can_split_huge_page+0x480/0x480
[   86.430424][ T9666]  ? pmd_val+0x7c/0xf0
[   86.434497][ T9666]  ? enabled_store+0x190/0x190
[   86.439254][ T9666]  madvise_free_huge_pmd+0x873/0xb90
[   86.444616][ T9666]  madvise_free_pte_range+0x6ff/0x2650
[   86.450083][ T9666]  ? madvise_cold_or_pageout_pte_range+0x3400/0x3400
[   86.456743][ T9666]  __walk_page_range+0xcfb/0x2070
[   86.461767][ T9666]  ? walk_page_test+0x78/0x180
[   86.466516][ T9666]  walk_page_range+0x1bd/0x3a0
[   86.471276][ T9666]  ? __walk_page_range+0x2070/0x2070
[   86.476554][ T9666]  ? madvise_free_single_vma+0x2c1/0x550
[   86.482173][ T9666]  madvise_free_single_vma+0x384/0x550
[   86.487628][ T9666]  ? madvise_pageout+0x3b0/0x3b0
[   86.492550][ T9666]  ? lock_acquire+0x197/0x420
[   86.497215][ T9666]  ? userfaultfd_remove+0xf0/0x2b0
[   86.502323][ T9666]  ? vmacache_find+0x62/0x300
[   86.506995][ T9666]  ? find_vma+0x2b/0x170
[   86.511331][ T9666]  do_madvise+0x5ba/0x1b80
[   86.515843][ T9666]  ? unuse_pde+0x2c/0x80
[   86.520103][ T9666]  ? madvise_free_pte_range+0x2650/0x2650
[   86.525922][ T9666]  ? __x64_sys_futex+0x376/0x4f0
[   86.530859][ T9666]  ? fput_many+0x2f/0x1a0
[   86.535181][ T9666]  ? do_futex+0x1b10/0x1b10
[   86.539666][ T9666]  ? ksys_read+0x19f/0x250
[   86.544064][ T9666]  ? kernel_write+0x120/0x120
[   86.548751][ T9666]  ? __x64_sys_madvise+0xae/0x120
[   86.553858][ T9666]  __x64_sys_madvise+0xae/0x120
[   86.558691][ T9666]  ? lockdep_hardirqs_on+0x417/0x5d0
[   86.563978][ T9666]  do_syscall_64+0xf6/0x7d0
[   86.568572][ T9666]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   86.574444][ T9666] RIP: 0033:0x460bf7
[   86.578350][ T9666] Code: 8b 24 24 48 8b 6c 24 10 48 83 c4 18 c3 cc cc cc cc cc cc 48 8b 7c 24 08 48 8b 74 24 10 8b 54 24 18 48 c7 c0 1c 00 00 00 0f 05 <89> 44 24 20 c3 cc cc cc cc 48 8b 7c 24 08 8b 74 24 10 8b 54 24 14
[   86.599171][ T9666] RSP: 002b:000000c00010fc50 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[   86.607567][ T9666] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000000460bf7
[   86.617956][ T9666] RDX: 0000000000000008 RSI: 0000000000038000 RDI: 000000c0003ca000
[   86.625919][ T9666] RBP: 000000c00010fc90 R08: 000000c000200000 R09: 000000c000402000
[   86.634073][ T9666] R10: 00000000000ffe00 R11: 0000000000000246 R12: 000000000000000f
[   86.642063][ T9666] R13: 000000c00006aeb0 R14: 0000000000000000 R15: 0000000000000010
[   86.755905][   T21] tipc: TX() has been purged, node left!
[   86.817897][   T21] 
[   86.820357][   T21] =============================
[   86.825196][   T21] WARNING: suspicious RCU usage
[   86.830211][   T21] 5.6.0-rc5-next-20200310-syzkaller #0 Not tainted
[   86.836873][   T21] -----------------------------
[   86.841784][   T21] net/ipv4/ipmr.c:1757 RCU-list traversed in non-reader section!!
[   86.849748][   T21] 
[   86.849748][   T21] other info that might help us debug this:
[   86.849748][   T21] 
[   86.860369][   T21] 
[   86.860369][   T21] rcu_scheduler_active = 2, debug_locks = 1
[   86.868539][   T21] 4 locks held by kworker/u4:1/21:
[   86.873804][   T21]  #0: ffff8880a9771d28 ((wq_completion)netns){+.+.}, at: process_one_work+0x82a/0x1690
[   86.883664][   T21]  #1: ffffc90000dd7dd0 (net_cleanup_work){+.+.}, at: process_one_work+0x85e/0x1690
[   86.893286][   T21]  #2: ffffffff8a547288 (pernet_ops_rwsem){++++}, at: cleanup_net+0x9b/0xa50
[   86.902189][   T21]  #3: ffffffff8a553000 (rtnl_mutex){+.+.}, at: ip6gre_exit_batch_net+0x88/0x700
[   86.911555][   T21] 
[   86.911555][   T21] stack backtrace:
[   86.917584][   T21] CPU: 0 PID: 21 Comm: kworker/u4:1 Not tainted 5.6.0-rc5-next-20200310-syzkaller #0
[   86.927097][   T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   86.937188][   T21] Workqueue: netns cleanup_net
[   86.942142][   T21] Call Trace:
[   86.945438][   T21]  dump_stack+0x188/0x20d
[   86.949776][   T21]  ipmr_device_event+0x240/0x2b0
[   86.954727][   T21]  ? __sanitizer_cov_trace_switch+0x45/0x70
[   86.960639][   T21]  notifier_call_chain+0xc0/0x230
[   86.965703][   T21]  call_netdevice_notifiers_info+0xb5/0x130
[   86.971617][   T21]  rollback_registered_many+0x75c/0xe70
[   86.977174][   T21]  ? netif_set_real_num_tx_queues+0x700/0x700
[   86.983370][   T21]  ? lock_downgrade+0x7f0/0x7f0
[   86.988242][   T21]  unregister_netdevice_many.part.0+0x16/0x1e0
[   86.994402][   T21]  unregister_netdevice_many+0x36/0x50
[   87.000006][   T21]  ip6gre_exit_batch_net+0x4e8/0x700
[   87.005328][   T21]  ? ip6gre_tunnel_link+0xf0/0xf0
[   87.010367][   T21]  ? rcu_read_lock_held_common+0x130/0x130
[   87.016275][   T21]  ? ip6gre_tunnel_link+0xf0/0xf0
[   87.021357][   T21]  ops_exit_list.isra.0+0x103/0x150
[   87.026571][   T21]  cleanup_net+0x511/0xa50
[   87.031021][   T21]  ? unregister_pernet_device+0x70/0x70
[   87.036572][   T21]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   87.042559][   T21]  process_one_work+0x94b/0x1690
[   87.047784][   T21]  ? pwq_dec_nr_in_flight+0x310/0x310
[   87.053177][   T21]  ? do_raw_spin_lock+0x129/0x2e0
[   87.058248][   T21]  worker_thread+0x96/0xe20
[   87.062794][   T21]  ? process_one_work+0x1690/0x1690
[   87.068123][   T21]  kthread+0x357/0x430
[   87.072201][   T21]  ? kthread_mod_delayed_work+0x1a0/0x1a0
[   87.078027][   T21]  ret_from_fork+0x24/0x30
executing program
[   87.408507][ T9666] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-fuzzer/9666
[   87.417576][ T9666] caller is __mod_memcg_state+0x27/0x1a0
[   87.423196][ T9666] CPU: 0 PID: 9666 Comm: syz-fuzzer Not tainted 5.6.0-rc5-next-20200310-syzkaller #0
[   87.432639][ T9666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   87.442693][ T9666] Call Trace:
[   87.445985][ T9666]  dump_stack+0x188/0x20d
[   87.450314][ T9666]  __this_cpu_preempt_check.cold+0x84/0x90
[   87.456120][ T9666]  __mod_memcg_state+0x27/0x1a0
[   87.461035][ T9666]  split_huge_page_to_list+0x124b/0x3380
[   87.466832][ T9666]  ? madvise_free_huge_pmd+0x869/0xb90
[   87.472297][ T9666]  ? can_split_huge_page+0x480/0x480
[   87.477570][ T9666]  ? pmd_val+0x7c/0xf0
[   87.481633][ T9666]  ? enabled_store+0x190/0x190
[   87.486409][ T9666]  madvise_free_huge_pmd+0x873/0xb90
[   87.491687][ T9666]  madvise_free_pte_range+0x6ff/0x2650
[   87.497158][ T9666]  ? madvise_cold_or_pageout_pte_range+0x3400/0x3400
[   87.503828][ T9666]  __walk_page_range+0xcfb/0x2070
[   87.508851][ T9666]  ? walk_page_test+0x78/0x180
[   87.513597][ T9666]  walk_page_range+0x1bd/0x3a0
[   87.518433][ T9666]  ? __walk_page_range+0x2070/0x2070
[   87.523713][ T9666]  ? madvise_free_single_vma+0x2c1/0x550
[   87.529333][ T9666]  madvise_free_single_vma+0x384/0x550
[   87.534784][ T9666]  ? madvise_pageout+0x3b0/0x3b0
[   87.539708][ T9666]  ? lock_acquire+0x197/0x420
[   87.544386][ T9666]  ? userfaultfd_remove+0xf0/0x2b0
[   87.549484][ T9666]  ? vmacache_find+0x62/0x300
[   87.554139][ T9666]  ? vmacache_update+0xce/0x140
[   87.559184][ T9666]  ? find_vma+0x2b/0x170
[   87.563529][ T9666]  do_madvise+0x5ba/0x1b80
[   87.567948][ T9666]  ? unuse_pde+0x2c/0x80
[   87.572203][ T9666]  ? madvise_free_pte_range+0x2650/0x2650
[   87.578000][ T9666]  ? __x64_sys_futex+0x376/0x4f0
[   87.582959][ T9666]  ? fput_many+0x2f/0x1a0
[   87.587273][ T9666]  ? do_futex+0x1b10/0x1b10
[   87.591762][ T9666]  ? ksys_read+0x19f/0x250
[   87.596190][ T9666]  ? kernel_write+0x120/0x120
[   87.600865][ T9666]  ? __x64_sys_madvise+0xae/0x120
[   87.605881][ T9666]  __x64_sys_madvise+0xae/0x120
[   87.610730][ T9666]  ? lockdep_hardirqs_on+0x417/0x5d0
[   87.616270][ T9666]  do_syscall_64+0xf6/0x7d0
[   87.620837][ T9666]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   87.626774][ T9666] RIP: 0033:0x460bf7
[   87.630652][ T9666] Code: 8b 24 24 48 8b 6c 24 10 48 83 c4 18 c3 cc cc cc cc cc cc 48 8b 7c 24 08 48 8b 74 24 10 8b 54 24 18 48 c7 c0 1c 00 00 00 0f 05 <89> 44 24 20 c3 cc cc cc cc 48 8b 7c 24 08 8b 74 24 10 8b 54 24 14
[   87.650243][ T9666] RSP: 002b:000000c00010fc50 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[   87.658683][ T9666] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000000460bf7
[   87.666684][ T9666] RDX: 0000000000000008 RSI: 0000000000200000 RDI: 000000c000582000
[   87.674645][ T9666] RBP: 000000c00010fc90 R08: 000000c000400000 R09: 000000c000782000
[   87.682622][ T9666] R10: 00000000007ffe00 R11: 0000000000000246 R12: 000000000149fb60
[   87.690584][ T9666] R13: 0000000000e8da20 R14: 0000000000000000 R15: 0000000000000000
[   87.698687][ T9666] BUG: using __this_cpu_add() in preemptible [00000000] code: syz-fuzzer/9666
[   87.707668][ T9666] caller is __mod_memcg_state+0xca/0x1a0
[   87.713362][ T9666] CPU: 0 PID: 9666 Comm: syz-fuzzer Not tainted 5.6.0-rc5-next-20200310-syzkaller #0
[   87.722828][ T9666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   87.732957][ T9666] Call Trace:
[   87.736247][ T9666]  dump_stack+0x188/0x20d
[   87.740589][ T9666]  __this_cpu_preempt_check.cold+0x84/0x90
[   87.746380][ T9666]  __mod_memcg_state+0xca/0x1a0
[   87.751243][ T9666]  split_huge_page_to_list+0x124b/0x3380
[   87.756950][ T9666]  ? madvise_free_huge_pmd+0x869/0xb90
[   87.762417][ T9666]  ? can_split_huge_page+0x480/0x480
[   87.767705][ T9666]  ? pmd_val+0x7c/0xf0
[   87.771784][ T9666]  ? enabled_store+0x190/0x190
[   87.776548][ T9666]  madvise_free_huge_pmd+0x873/0xb90
[   87.781828][ T9666]  madvise_free_pte_range+0x6ff/0x2650
[   87.787291][ T9666]  ? madvise_cold_or_pageout_pte_range+0x3400/0x3400
[   87.793948][ T9666]  __walk_page_range+0xcfb/0x2070
[   87.798975][ T9666]  ? walk_page_test+0x78/0x180
[   87.803722][ T9666]  walk_page_range+0x1bd/0x3a0
[   87.808471][ T9666]  ? __walk_page_range+0x2070/0x2070
[   87.813758][ T9666]  ? madvise_free_single_vma+0x2c1/0x550
[   87.819387][ T9666]  madvise_free_single_vma+0x384/0x550
[   87.825473][ T9666]  ? madvise_pageout+0x3b0/0x3b0
[   87.830430][ T9666]  ? lock_acquire+0x197/0x420
[   87.835111][ T9666]  ? userfaultfd_remove+0xf0/0x2b0
[   87.840225][ T9666]  ? vmacache_find+0x62/0x300
[   87.844995][ T9666]  ? vmacache_update+0xce/0x140
[   87.849849][ T9666]  ? find_vma+0x2b/0x170
[   87.854305][ T9666]  do_madvise+0x5ba/0x1b80
[   87.858823][ T9666]  ? unuse_pde+0x2c/0x80
[   87.863142][ T9666]  ? madvise_free_pte_range+0x2650/0x2650
[   87.868867][ T9666]  ? __x64_sys_futex+0x376/0x4f0
[   87.873838][ T9666]  ? fput_many+0x2f/0x1a0
[   87.878155][ T9666]  ? do_futex+0x1b10/0x1b10
[   87.882676][ T9666]  ? ksys_read+0x19f/0x250
[   87.887204][ T9666]  ? kernel_write+0x120/0x120
[   87.891888][ T9666]  ? __x64_sys_madvise+0xae/0x120
[   87.896912][ T9666]  __x64_sys_madvise+0xae/0x120
[   87.901766][ T9666]  ? lockdep_hardirqs_on+0x417/0x5d0
[   87.907052][ T9666]  do_syscall_64+0xf6/0x7d0
[   87.911549][ T9666]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   87.917435][ T9666] RIP: 0033:0x460bf7
[   87.921312][ T9666] Code: 8b 24 24 48 8b 6c 24 10 48 83 c4 18 c3 cc cc cc cc cc cc 48 8b 7c 24 08 48 8b 74 24 10 8b 54 24 18 48 c7 c0 1c 00 00 00 0f 05 <89> 44 24 20 c3 cc cc cc cc 48 8b 7c 24 08 8b 74 24 10 8b 54 24 14
[   87.940897][ T9666] RSP: 002b:000000c00010fc50 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[   87.949290][ T9666] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000000460bf7
[   87.957257][ T9666] RDX: 0000000000000008 RSI: 0000000000200000 RDI: 000000c000582000
[   87.965233][ T9666] RBP: 000000c00010fc90 R08: 000000c000400000 R09: 000000c000782000
[   87.973185][ T9666] R10: 00000000007ffe00 R11: 0000000000000246 R12: 000000000149fb60
[   87.981159][ T9666] R13: 0000000000e8da20 R14: 0000000000000000 R15: 0000000000000000
[   87.989336][ T9666] BUG: using __this_cpu_write() in preemptible [00000000] code: syz-fuzzer/9666
[   87.998527][ T9666] caller is __mod_memcg_state+0x87/0x1a0
[   88.004148][ T9666] CPU: 0 PID: 9666 Comm: syz-fuzzer Not tainted 5.6.0-rc5-next-20200310-syzkaller #0
[   88.013580][ T9666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   88.023630][ T9666] Call Trace:
[   88.027401][ T9666]  dump_stack+0x188/0x20d
[   88.031741][ T9666]  __this_cpu_preempt_check.cold+0x84/0x90
[   88.037531][ T9666]  __mod_memcg_state+0x87/0x1a0
[   88.042388][ T9666]  split_huge_page_to_list+0x124b/0x3380
[   88.048030][ T9666]  ? madvise_free_huge_pmd+0x869/0xb90
[   88.053511][ T9666]  ? can_split_huge_page+0x480/0x480
[   88.058822][ T9666]  ? pmd_val+0x7c/0xf0
[   88.062944][ T9666]  ? enabled_store+0x190/0x190
[   88.067723][ T9666]  madvise_free_huge_pmd+0x873/0xb90
[   88.073115][ T9666]  madvise_free_pte_range+0x6ff/0x2650
[   88.078625][ T9666]  ? madvise_cold_or_pageout_pte_range+0x3400/0x3400
[   88.085335][ T9666]  __walk_page_range+0xcfb/0x2070
[   88.090362][ T9666]  ? walk_page_test+0x78/0x180
[   88.095112][ T9666]  walk_page_range+0x1bd/0x3a0
[   88.099856][ T9666]  ? __walk_page_range+0x2070/0x2070
[   88.105131][ T9666]  ? madvise_free_single_vma+0x2c1/0x550
[   88.110784][ T9666]  madvise_free_single_vma+0x384/0x550
[   88.116239][ T9666]  ? madvise_pageout+0x3b0/0x3b0
[   88.121162][ T9666]  ? lock_acquire+0x197/0x420
[   88.125835][ T9666]  ? userfaultfd_remove+0xf0/0x2b0
[   88.130948][ T9666]  ? vmacache_find+0x62/0x300
[   88.135626][ T9666]  ? vmacache_update+0xce/0x140
[   88.140484][ T9666]  ? find_vma+0x2b/0x170
[   88.144733][ T9666]  do_madvise+0x5ba/0x1b80
[   88.149223][ T9666]  ? unuse_pde+0x2c/0x80
[   88.153486][ T9666]  ? madvise_free_pte_range+0x2650/0x2650
[   88.159256][ T9666]  ? __x64_sys_futex+0x376/0x4f0
[   88.164190][ T9666]  ? fput_many+0x2f/0x1a0
[   88.168533][ T9666]  ? do_futex+0x1b10/0x1b10
[   88.173118][ T9666]  ? ksys_read+0x19f/0x250
[   88.177521][ T9666]  ? kernel_write+0x120/0x120
[   88.182209][ T9666]  ? __x64_sys_madvise+0xae/0x120
[   88.187215][ T9666]  __x64_sys_madvise+0xae/0x120
[   88.192046][ T9666]  ? lockdep_hardirqs_on+0x417/0x5d0
[   88.197348][ T9666]  do_syscall_64+0xf6/0x7d0
[   88.201908][ T9666]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   88.207809][ T9666] RIP: 0033:0x460bf7
[   88.211776][ T9666] Code: 8b 24 24 48 8b 6c 24 10 48 83 c4 18 c3 cc cc cc cc cc cc 48 8b 7c 24 08 48 8b 74 24 10 8b 54 24 18 48 c7 c0 1c 00 00 00 0f 05 <89> 44 24 20 c3 cc cc cc cc 48 8b 7c 24 08 8b 74 24 10 8b 54 24 14
[   88.231378][ T9666] RSP: 002b:000000c00010fc50 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[   88.240064][ T9666] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000000460bf7
[   88.248166][ T9666] RDX: 0000000000000008 RSI: 0000000000200000 RDI: 000000c000582000
[   88.256169][ T9666] RBP: 000000c00010fc90 R08: 000000c000400000 R09: 000000c000782000
[   88.264123][ T9666] R10: 00000000007ffe00 R11: 0000000000000246 R12: 000000000149fb60
[   88.272076][ T9666] R13: 0000000000e8da20 R14: 0000000000000000 R15: 0000000000000000
[   88.637592][ T9675] ------------[ cut here ]------------
[   88.643321][ T9675] WARNING: CPU: 1 PID: 9675 at sound/core/oss/pcm_plugin.c:126 snd_pcm_plug_alloc+0x29a/0x330
[   88.653534][ T9675] Kernel panic - not syncing: panic_on_warn set ...
[   88.660104][ T9675] CPU: 1 PID: 9675 Comm: syz-fuzzer Not tainted 5.6.0-rc5-next-20200310-syzkaller #0
[   88.669533][ T9675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   88.679709][ T9675] Call Trace:
[   88.682998][ T9675]  dump_stack+0x188/0x20d
[   88.687328][ T9675]  ? snd_pcm_plug_alloc+0x230/0x330
[   88.692517][ T9675]  panic+0x2e3/0x75c
[   88.696398][ T9675]  ? add_taint.cold+0x16/0x16
[   88.701082][ T9675]  ? printk+0xba/0xed
[   88.705071][ T9675]  ? kmsg_dump_rewind_nolock+0xd9/0xd9
[   88.710522][ T9675]  ? __warn.cold+0x14/0x35
[   88.714961][ T9675]  ? __warn+0xd5/0x1c8
[   88.719023][ T9675]  ? snd_pcm_plug_alloc+0x29a/0x330
[   88.724203][ T9675]  __warn.cold+0x2f/0x35
[   88.728442][ T9675]  ? snd_pcm_plug_alloc+0x29a/0x330
[   88.733625][ T9675]  report_bug+0x27b/0x2f0
[   88.737945][ T9675]  do_error_trap+0x12b/0x220
[   88.742521][ T9675]  ? snd_pcm_plug_alloc+0x29a/0x330
[   88.747795][ T9675]  do_invalid_op+0x32/0x40
[   88.752190][ T9675]  ? snd_pcm_plug_alloc+0x29a/0x330
[   88.757367][ T9675]  invalid_op+0x23/0x30
[   88.761504][ T9675] RIP: 0010:snd_pcm_plug_alloc+0x29a/0x330
[   88.768438][ T9675] Code: ff ff 45 31 e4 e8 16 10 80 fb 44 89 e0 5b 5d 41 5c 41 5d 41 5e c3 e8 05 10 80 fb 0f 0b 41 bc fa ff ff ff eb e0 e8 f6 0f 80 fb <0f> 0b 41 bc fa ff ff ff eb d1 e8 e7 0f 80 fb 0f 0b 41 bc fa ff ff
[   88.788115][ T9675] RSP: 0018:ffffc900027d7b88 EFLAGS: 00010293
[   88.794295][ T9675] RAX: ffff88808e5bc4c0 RBX: ffff8880a6390d00 RCX: ffffffff85f2b4e6
[   88.802250][ T9675] RDX: 0000000000000000 RSI: ffffffff85f2b66a RDI: 0000000000000007
[   88.810205][ T9675] RBP: 0000000000000000 R08: ffff88808e5bc4c0 R09: fffffbfff1854720
[   88.818269][ T9675] R10: ffffffff8c2a38ff R11: fffffbfff185471f R12: ffff8880a6390d58
[   88.826245][ T9675] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff888215aeb000
[   88.834289][ T9675]  ? snd_pcm_plug_alloc+0x116/0x330
[   88.839484][ T9675]  ? snd_pcm_plug_alloc+0x29a/0x330
[   88.844693][ T9675]  ? snd_pcm_plug_alloc+0x29a/0x330
[   88.849897][ T9675]  snd_pcm_oss_change_params_locked+0x1c05/0x34b0
[   88.856412][ T9675]  ? _snd_pcm_hw_param_set.constprop.0+0x510/0x510
[   88.862895][ T9675]  ? mark_lock+0xbc/0x1220
[   88.867320][ T9675]  ? snd_pcm_oss_sync.isra.0+0x7d0/0x7d0
[   88.872946][ T9675]  snd_pcm_oss_change_params+0x76/0xd0
[   88.878452][ T9675]  snd_pcm_oss_make_ready+0xb7/0x170
[   88.883747][ T9675]  snd_pcm_oss_sync.isra.0+0x1be/0x7d0
[   88.889195][ T9675]  ? snd_pcm_oss_sync.isra.0+0x7d0/0x7d0
[   88.894835][ T9675]  snd_pcm_oss_release+0x210/0x280
[   88.899954][ T9675]  __fput+0x2da/0x850
[   88.903925][ T9675]  task_work_run+0xf4/0x1b0
[   88.908424][ T9675]  exit_to_usermode_loop+0x2fa/0x360
[   88.913757][ T9675]  do_syscall_64+0x6b1/0x7d0
[   88.918354][ T9675]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   88.924252][ T9675] RIP: 0033:0x4afb40
[   88.929657][ T9675] Code: 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 49 c7 c2 00 00 00 00 49 c7 c0 00 00 00 00 49 c7 c1 00 00 00 00 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30
[   88.951856][ T9675] RSP: 002b:000000c00007b588 EFLAGS: 00000212 ORIG_RAX: 0000000000000003
[   88.960381][ T9675] RAX: 0000000000000000 RBX: 000000c00002e500 RCX: 00000000004afb40
[   88.968338][ T9675] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[   88.976305][ T9675] RBP: 000000c00007b5c8 R08: 0000000000000000 R09: 0000000000000000
[   88.984318][ T9675] R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000006
[   88.992284][ T9675] R13: 0000000000000005 R14: 0000000000000200 R15: 0000000000000000
[   89.001732][ T9675] Kernel Offset: disabled
[   89.006125][ T9675] Rebooting in 86400 seconds..