[ 37.973124][ T26] audit: type=1800 audit(1554694536.228:27): pid=7570 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 38.002945][ T26] audit: type=1800 audit(1554694536.228:28): pid=7570 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 38.846668][ T26] audit: type=1800 audit(1554694537.158:29): pid=7570 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 38.867633][ T26] audit: type=1800 audit(1554694537.158:30): pid=7570 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.62' (ECDSA) to the list of known hosts. 2019/04/08 03:35:48 fuzzer started 2019/04/08 03:35:51 dialing manager at 10.128.0.26:34543 2019/04/08 03:35:51 syscalls: 2408 2019/04/08 03:35:51 code coverage: enabled 2019/04/08 03:35:51 comparison tracing: enabled 2019/04/08 03:35:51 extra coverage: extra coverage is not supported by the kernel 2019/04/08 03:35:51 setuid sandbox: enabled 2019/04/08 03:35:51 namespace sandbox: enabled 2019/04/08 03:35:51 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/08 03:35:51 fault injection: enabled 2019/04/08 03:35:51 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/08 03:35:51 net packet injection: enabled 2019/04/08 03:35:51 net device setup: enabled 03:38:05 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/igmp6\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[]}, 0x0) preadv(r0, &(0x7f00000017c0), 0x1fe, 0x400000000000) syzkaller login: [ 187.670998][ T7738] IPVS: ftp: loaded support on port[0] = 21 03:38:06 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000180)=@nat={'nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00', 0x19, 0x2, 0x2e0, [0x20000740, 0x0, 0x0, 0x20000770, 0x200009f0], 0x0, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff020000000900000040000000803574756e6c3000000000000000000000006c6170623000000000000000000000007465616d30000000000000000000000000000000000000000000000000000000ffffffffffffffffffff00ffffffeeffffffffff00ffffff0000d0000000d00000000801000061727000000000000000000000000000000000000000000000000000000000003800000000000000033f0600000a000000000004000000ffac14141a000000ff0180c200000e0000ffffffffaaaaaaaaaaaaff00ffffff00a001000000000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff000000000500000061000000000069706464703000000000000000000000687372300000000000000000000000006c6f000000000000000000000000000076657468305f746f5f6272696467650000000000000000ff00ffffffffffffffffffffe7ffff00000000a00000001001000048010000706b747479706500000000000000000000000000000000000000000000000000080000000000000007010000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff000000006172707265706c79ded522f742294e7f000000000000000000000000000000001000000000000000aaaaaaaaaabb0000fcffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000fdffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff00000000"]}, 0x358) [ 187.789729][ T7738] chnl_net:caif_netlink_parms(): no params data found [ 187.892600][ T7738] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.914253][ T7738] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.922541][ T7738] device bridge_slave_0 entered promiscuous mode [ 187.939030][ T7741] IPVS: ftp: loaded support on port[0] = 21 [ 187.947845][ T7738] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.958938][ T7738] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.969345][ T7738] device bridge_slave_1 entered promiscuous mode 03:38:06 executing program 2: socketpair$unix(0x1, 0x200000002, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000001600)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x10, 0x4000000002, 0x10) sendmsg$kcm(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="2e0000002b008163e45ae08700000000060f0000000000bc4cc91b4dd65b2f0580cb7023072a556d1c958c000000", 0x2e}], 0x1}, 0x0) [ 188.014975][ T7738] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 188.037631][ T7738] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 188.088604][ T7738] team0: Port device team_slave_0 added [ 188.105759][ T7738] team0: Port device team_slave_1 added 03:38:06 executing program 3: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000004fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$inet6_int(r1, 0x29, 0x1a, 0x0, &(0x7f0000013000)) mmap(&(0x7f0000000000/0xfe3000)=nil, 0xfe3000, 0x3, 0x32, 0xffffffffffffffff, 0x0) close(r0) [ 188.252787][ T7738] device hsr_slave_0 entered promiscuous mode [ 188.315620][ T7738] device hsr_slave_1 entered promiscuous mode [ 188.370314][ T7744] IPVS: ftp: loaded support on port[0] = 21 [ 188.401191][ T7746] IPVS: ftp: loaded support on port[0] = 21 [ 188.412664][ T7738] bridge0: port 2(bridge_slave_1) entered blocking state 03:38:06 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="204a42a333174b94790ea18fbd59feea", 0x10) [ 188.419968][ T7738] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.427983][ T7738] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.435101][ T7738] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.488025][ T7741] chnl_net:caif_netlink_parms(): no params data found [ 188.642504][ T7749] IPVS: ftp: loaded support on port[0] = 21 [ 188.643930][ T7738] 8021q: adding VLAN 0 to HW filter on device bond0 03:38:07 executing program 5: r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x71, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$smack_task_current(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000066000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) r2 = socket$inet6(0xa, 0x400000000001, 0x0) r3 = openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BLKSECDISCARD(0xffffffffffffffff, 0x127d, 0x0) r4 = dup(r2) timerfd_gettime(r4, &(0x7f0000000440)) write(r0, &(0x7f0000000140)="0cc9b5f98eadc69d43e660d51a91471fb8031bdc113d38930a47a25c5451bef0fda5fbb4e1bed19b69fe5098c58c06ac2f4dd2cae0b693b3f79a4842b6e64792e409b9366d9c5520bec8f66829b019c4e5d3fb9e2445b48c126d436f96666e007adbffa0c3abb22add73235a6415a50cf815112ab070ff3d27d2fe82f699b377d54bd07e8b52ff5fc8259cee71af5fc80e6f44bedb23d0727806dd68b6c82bc06f016e1f49105c1f2c7519d2998fb7371b1f2a24ed4852", 0xb7) setsockopt$inet6_tcp_int(r2, 0x6, 0x400000000000000a, &(0x7f0000000000)=0x81, 0x4) prctl$PR_GET_TSC(0x19, 0x0) bind$inet6(r2, &(0x7f0000000300)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x19, &(0x7f00000000c0)=0x6, 0x4) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) setsockopt$inet6_int(r3, 0x29, 0x0, 0x0, 0x0) write$FUSE_LK(0xffffffffffffffff, 0x0, 0x0) r5 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) getresuid(&(0x7f00000003c0), &(0x7f0000000380), &(0x7f0000001380)) perf_event_open(&(0x7f00000012c0)={0x5, 0x70, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pread64(r5, &(0x7f0000000240)=""/1, 0x1, 0x0) times(&(0x7f0000000080)) ftruncate(r5, 0x7fff) sendfile(r4, r5, 0x0, 0x8000fffffffe) tkill(r1, 0x1000000000016) [ 188.773093][ T2995] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 188.783895][ T2995] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.802404][ T2995] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.826854][ T2995] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 188.837329][ T7741] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.846105][ T7741] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.855209][ T7741] device bridge_slave_0 entered promiscuous mode [ 188.884623][ T7746] chnl_net:caif_netlink_parms(): no params data found [ 188.904248][ T7741] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.911340][ T7741] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.919705][ T7741] device bridge_slave_1 entered promiscuous mode [ 188.931446][ T7738] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.970303][ T7741] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 188.995893][ T7744] chnl_net:caif_netlink_parms(): no params data found [ 189.004487][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 189.013458][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 189.022307][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.029412][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 189.041909][ T7741] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 189.077596][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 189.086787][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 189.095631][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.102828][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 189.120328][ T7738] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 189.131106][ T7738] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 189.147999][ T7755] IPVS: ftp: loaded support on port[0] = 21 [ 189.160740][ T7746] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.169089][ T7746] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.177622][ T7746] device bridge_slave_0 entered promiscuous mode [ 189.186035][ T7741] team0: Port device team_slave_0 added [ 189.191830][ T7746] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.199036][ T7746] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.206750][ T7746] device bridge_slave_1 entered promiscuous mode [ 189.218653][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 189.227735][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 189.236901][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 189.246928][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 189.255190][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 189.263477][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 189.272314][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 189.280736][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 189.289272][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 189.297894][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 189.306258][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 189.314815][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 189.341987][ T7741] team0: Port device team_slave_1 added [ 189.399097][ T7746] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 189.417354][ T7744] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.424585][ T7744] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.432133][ T7744] device bridge_slave_0 entered promiscuous mode [ 189.448763][ T7746] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 189.481790][ T7744] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.488966][ T7744] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.498712][ T7744] device bridge_slave_1 entered promiscuous mode [ 189.556947][ T7741] device hsr_slave_0 entered promiscuous mode [ 189.604573][ T7741] device hsr_slave_1 entered promiscuous mode [ 189.659362][ T7738] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 189.677949][ T7746] team0: Port device team_slave_0 added [ 189.683725][ T7749] chnl_net:caif_netlink_parms(): no params data found [ 189.718286][ T7746] team0: Port device team_slave_1 added [ 189.733161][ T7744] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 189.743214][ T7744] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 189.788653][ T7749] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.797400][ T7749] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.808111][ T7749] device bridge_slave_0 entered promiscuous mode [ 189.819335][ T7749] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.828283][ T7749] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.837365][ T7749] device bridge_slave_1 entered promiscuous mode [ 189.861948][ T7744] team0: Port device team_slave_0 added 03:38:08 executing program 0: [ 189.947063][ T7746] device hsr_slave_0 entered promiscuous mode [ 189.974522][ T7746] device hsr_slave_1 entered promiscuous mode 03:38:08 executing program 0: [ 190.030658][ T7744] team0: Port device team_slave_1 added 03:38:08 executing program 0: 03:38:08 executing program 0: [ 190.110581][ T7749] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 190.165259][ T7749] bond0: Enslaving bond_slave_1 as an active interface with an up link 03:38:08 executing program 0: 03:38:08 executing program 0: [ 190.211996][ T7755] chnl_net:caif_netlink_parms(): no params data found 03:38:08 executing program 0: [ 190.269912][ T7744] device hsr_slave_0 entered promiscuous mode [ 190.335039][ T7744] device hsr_slave_1 entered promiscuous mode [ 190.408342][ T7749] team0: Port device team_slave_0 added [ 190.428304][ T7749] team0: Port device team_slave_1 added [ 190.471216][ T7746] 8021q: adding VLAN 0 to HW filter on device bond0 [ 190.547120][ T7749] device hsr_slave_0 entered promiscuous mode [ 190.594737][ T7749] device hsr_slave_1 entered promiscuous mode [ 190.665731][ T7746] 8021q: adding VLAN 0 to HW filter on device team0 [ 190.692665][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 190.700831][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 190.708657][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 190.717361][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 190.725739][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.732879][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.740714][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 190.758402][ T7755] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.766522][ T7755] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.774955][ T7755] device bridge_slave_0 entered promiscuous mode [ 190.782765][ T7755] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.790081][ T7755] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.798301][ T7755] device bridge_slave_1 entered promiscuous mode [ 190.824925][ T7755] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 190.840189][ T7741] 8021q: adding VLAN 0 to HW filter on device bond0 [ 190.856138][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.864869][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.873234][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.880337][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.888058][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 190.897021][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 190.907816][ T7755] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 190.953661][ T7746] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 190.966008][ T7746] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 190.999575][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 191.008454][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 191.017645][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 191.026395][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 191.034926][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 191.043103][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 191.051521][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 191.059742][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 191.068315][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 191.076148][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 191.083856][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 191.091826][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 191.102061][ T7755] team0: Port device team_slave_0 added [ 191.114996][ T7755] team0: Port device team_slave_1 added [ 191.126140][ T7744] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.141647][ T7741] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.208873][ T7755] device hsr_slave_0 entered promiscuous mode [ 191.264810][ T7755] device hsr_slave_1 entered promiscuous mode [ 191.325576][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 191.333299][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 191.344500][ T7744] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.358271][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 191.366929][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 191.375715][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.382763][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.391950][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 191.412109][ T7749] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.433062][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 191.441820][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 191.450859][ T7748] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.457992][ T7748] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.466199][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 191.475413][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 191.483677][ T7748] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.490782][ T7748] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.498427][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 191.507757][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 191.516274][ T7748] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.523391][ T7748] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.531058][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 191.539761][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 191.556790][ T7746] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 191.575778][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 191.588141][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 191.597142][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 191.605790][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 191.614532][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 191.622923][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 191.631951][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 191.640726][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 191.652176][ T7749] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.672873][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 191.681292][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 191.693218][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 191.712556][ T7748] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.719715][ T7748] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.728458][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 191.737121][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 191.745749][ T7748] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.752957][ T7748] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.761234][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 191.800359][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 191.808762][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 191.822700][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 191.832381][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 191.841835][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 191.851181][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 191.859586][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 191.868068][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 191.876415][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 191.885290][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 191.893492][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 191.902226][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 191.919282][ T7744] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 191.930574][ T7744] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 191.953051][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 191.961382][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 191.970103][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 191.978526][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 191.986735][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 191.995424][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 192.004995][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 192.012621][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 192.032280][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 192.041040][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 192.049609][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 192.057974][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 192.066373][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 192.074834][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 192.087148][ T7749] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 192.110000][ T7744] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 192.132913][ T7755] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.145424][ T7741] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 192.174063][ T7749] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 192.227426][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 192.246764][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 192.261291][ T7755] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.296763][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 192.319504][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 192.333875][ T7790] x_tables: eb_tables: snat target: used from hooks OUTPUT, but only usable from POSTROUTING [ 192.345094][ T7752] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.352206][ T7752] bridge0: port 1(bridge_slave_0) entered forwarding state 03:38:10 executing program 1: 03:38:10 executing program 2: 03:38:10 executing program 0: [ 192.390734][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 192.402766][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 03:38:10 executing program 4: [ 192.469568][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 192.517007][ T7752] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.524117][ T7752] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.565013][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 192.575776][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 192.603362][ T7755] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 192.614042][ T7755] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 192.627283][ T2995] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 192.638604][ T2995] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 192.647426][ T2995] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 192.656840][ T2995] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 192.668490][ T2995] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 192.676997][ T2995] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 192.685731][ T2995] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 192.693883][ T2995] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 192.702697][ T2995] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 192.710535][ T2995] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 192.730811][ T7755] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 192.798308][ T7815] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 192.817482][ T7815] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7815 [ 192.827570][ T7815] caller is ip6_finish_output+0x335/0xdc0 [ 192.833296][ T7815] CPU: 0 PID: 7815 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 192.842294][ T7815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 192.852346][ T7815] Call Trace: [ 192.855648][ T7815] dump_stack+0x172/0x1f0 [ 192.859988][ T7815] __this_cpu_preempt_check+0x246/0x270 [ 192.865542][ T7815] ip6_finish_output+0x335/0xdc0 [ 192.870572][ T7815] ip6_output+0x235/0x7f0 [ 192.874907][ T7815] ? ip6_finish_output+0xdc0/0xdc0 [ 192.880024][ T7815] ? ip6_fragment+0x3980/0x3980 [ 192.884908][ T7815] ip6_xmit+0xe41/0x20c0 [ 192.889173][ T7815] ? ip6_finish_output2+0x2550/0x2550 [ 192.894550][ T7815] ? mark_held_locks+0xf0/0xf0 [ 192.899316][ T7815] ? ip6_setup_cork+0x1870/0x1870 [ 192.904360][ T7815] inet6_csk_xmit+0x2fb/0x5d0 [ 192.909037][ T7815] ? inet6_csk_update_pmtu+0x190/0x190 [ 192.914494][ T7815] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.920767][ T7815] ? csum_ipv6_magic+0x20/0x80 [ 192.925538][ T7815] __tcp_transmit_skb+0x1a32/0x3750 [ 192.930745][ T7815] ? __tcp_select_window+0x8b0/0x8b0 [ 192.936053][ T7815] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.942293][ T7815] ? tcp_fastopen_no_cookie+0xe0/0x190 [ 192.947797][ T7815] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 192.954045][ T7815] tcp_connect+0x1e47/0x4280 [ 192.958650][ T7815] ? tcp_push_one+0x110/0x110 [ 192.963329][ T7815] ? secure_tcpv6_ts_off+0x24f/0x360 [ 192.968615][ T7815] ? secure_dccpv6_sequence_number+0x280/0x280 [ 192.974767][ T7815] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.981001][ T7815] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.987241][ T7815] ? prandom_u32_state+0x13/0x180 [ 192.992266][ T7815] tcp_v6_connect+0x150b/0x20a0 [ 192.997116][ T7815] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 193.002491][ T7815] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 193.007774][ T7815] ? __switch_to_asm+0x34/0x70 [ 193.012529][ T7815] ? __switch_to_asm+0x40/0x70 [ 193.017302][ T7815] ? find_held_lock+0x35/0x130 [ 193.022066][ T7815] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 193.027722][ T7815] __inet_stream_connect+0x83f/0xea0 [ 193.033006][ T7815] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 193.038290][ T7815] ? __inet_stream_connect+0x83f/0xea0 [ 193.043751][ T7815] ? inet_dgram_connect+0x2e0/0x2e0 [ 193.048948][ T7815] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 193.054316][ T7815] ? rcu_read_lock_sched_held+0x110/0x130 [ 193.060036][ T7815] ? kmem_cache_alloc_trace+0x354/0x760 [ 193.065581][ T7815] ? __lock_acquire+0x548/0x3fb0 [ 193.070527][ T7815] tcp_sendmsg_locked+0x231f/0x37f0 [ 193.075723][ T7815] ? mark_held_locks+0xf0/0xf0 [ 193.080490][ T7815] ? mark_held_locks+0xa4/0xf0 [ 193.085257][ T7815] ? tcp_sendpage+0x60/0x60 [ 193.089759][ T7815] ? lock_sock_nested+0x9a/0x120 [ 193.094694][ T7815] ? trace_hardirqs_on+0x67/0x230 [ 193.099715][ T7815] ? lock_sock_nested+0x9a/0x120 [ 193.104651][ T7815] ? __local_bh_enable_ip+0x15a/0x270 [ 193.110024][ T7815] tcp_sendmsg+0x30/0x50 [ 193.114265][ T7815] inet_sendmsg+0x147/0x5e0 [ 193.118765][ T7815] ? ipip_gro_receive+0x100/0x100 [ 193.123787][ T7815] sock_sendmsg+0xdd/0x130 [ 193.128207][ T7815] __sys_sendto+0x262/0x380 [ 193.132717][ T7815] ? __ia32_sys_getpeername+0xb0/0xb0 [ 193.138106][ T7815] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 193.144359][ T7815] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 193.149813][ T7815] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 193.155272][ T7815] ? do_syscall_64+0x26/0x610 [ 193.159946][ T7815] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 193.166023][ T7815] __x64_sys_sendto+0xe1/0x1a0 [ 193.170791][ T7815] do_syscall_64+0x103/0x610 [ 193.175385][ T7815] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 193.181272][ T7815] RIP: 0033:0x4582b9 [ 193.185171][ T7815] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 193.204808][ T7815] RSP: 002b:00007f8507734c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 193.213215][ T7815] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 193.221189][ T7815] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 193.229155][ T7815] RBP: 000000000073bf00 R08: 00000000208d4fe4 R09: 000000000000001c [ 193.237139][ T7815] R10: 0000000020000008 R11: 0000000000000246 R12: 00007f85077356d4 [ 193.245113][ T7815] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 193.266444][ T7815] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7815 [ 193.275864][ T7815] caller is ip6_finish_output+0x335/0xdc0 [ 193.281629][ T7815] CPU: 0 PID: 7815 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 193.290645][ T7815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 193.300691][ T7815] Call Trace: [ 193.303974][ T7815] dump_stack+0x172/0x1f0 [ 193.308306][ T7815] __this_cpu_preempt_check+0x246/0x270 [ 193.314539][ T7815] ip6_finish_output+0x335/0xdc0 [ 193.319494][ T7815] ip6_output+0x235/0x7f0 [ 193.323841][ T7815] ? ip6_finish_output+0xdc0/0xdc0 [ 193.328937][ T7815] ? ip6_fragment+0x3980/0x3980 [ 193.333775][ T7815] ip6_xmit+0xe41/0x20c0 [ 193.338018][ T7815] ? ip6_finish_output2+0x2550/0x2550 [ 193.343483][ T7815] ? mark_held_locks+0xf0/0xf0 [ 193.348231][ T7815] ? ip6_setup_cork+0x1870/0x1870 [ 193.353262][ T7815] inet6_csk_xmit+0x2fb/0x5d0 [ 193.357927][ T7815] ? inet6_csk_update_pmtu+0x190/0x190 [ 193.363386][ T7815] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 193.369614][ T7815] ? csum_ipv6_magic+0x20/0x80 [ 193.374382][ T7815] __tcp_transmit_skb+0x1a32/0x3750 [ 193.379574][ T7815] ? memcpy+0x46/0x50 [ 193.383542][ T7815] ? __tcp_select_window+0x8b0/0x8b0 [ 193.388831][ T7815] ? tcp_rbtree_insert+0x188/0x200 [ 193.393951][ T7815] tcp_send_synack+0x4b0/0x15b0 [ 193.398810][ T7815] ? tcp_send_active_reset+0x8e0/0x8e0 [ 193.404278][ T7815] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 193.410510][ T7815] ? tcp_sync_mss+0x2ee/0xa30 [ 193.415203][ T7815] tcp_rcv_state_process+0x225d/0x4d93 [ 193.420748][ T7815] ? __kprobes_text_end+0x8ff4/0x69030 [ 193.426219][ T7815] ? tcp_finish_connect+0x510/0x510 [ 193.431502][ T7815] ? __release_sock+0xca/0x3a0 [ 193.436250][ T7815] ? find_held_lock+0x35/0x130 [ 193.441020][ T7815] ? mark_held_locks+0xa4/0xf0 [ 193.445778][ T7815] ? __local_bh_enable_ip+0x15a/0x270 [ 193.451144][ T7815] ? _raw_spin_unlock_bh+0x31/0x40 [ 193.456244][ T7815] ? __local_bh_enable_ip+0x15a/0x270 [ 193.461611][ T7815] tcp_v6_do_rcv+0x7da/0x12c0 [ 193.466376][ T7815] ? tcp_v6_do_rcv+0x7da/0x12c0 [ 193.471226][ T7815] __release_sock+0x12e/0x3a0 [ 193.475908][ T7815] release_sock+0x59/0x1c0 [ 193.480321][ T7815] __inet_stream_connect+0x59f/0xea0 [ 193.485618][ T7815] ? inet_dgram_connect+0x2e0/0x2e0 [ 193.490812][ T7815] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 193.496192][ T7815] ? do_wait_intr_irq+0x2b0/0x2b0 [ 193.501221][ T7815] ? __lock_acquire+0x548/0x3fb0 [ 193.506200][ T7815] tcp_sendmsg_locked+0x231f/0x37f0 [ 193.511397][ T7815] ? mark_held_locks+0xf0/0xf0 [ 193.516197][ T7815] ? mark_held_locks+0xa4/0xf0 [ 193.520951][ T7815] ? tcp_sendpage+0x60/0x60 [ 193.525449][ T7815] ? lock_sock_nested+0x9a/0x120 [ 193.530380][ T7815] ? trace_hardirqs_on+0x67/0x230 [ 193.535395][ T7815] ? lock_sock_nested+0x9a/0x120 [ 193.540335][ T7815] ? __local_bh_enable_ip+0x15a/0x270 [ 193.545709][ T7815] tcp_sendmsg+0x30/0x50 [ 193.549961][ T7815] inet_sendmsg+0x147/0x5e0 [ 193.554467][ T7815] ? ipip_gro_receive+0x100/0x100 [ 193.559485][ T7815] sock_sendmsg+0xdd/0x130 [ 193.563884][ T7815] __sys_sendto+0x262/0x380 [ 193.568388][ T7815] ? __ia32_sys_getpeername+0xb0/0xb0 [ 193.573769][ T7815] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 193.576082][ T7819] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7819 [ 193.580038][ T7815] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 193.580063][ T7815] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 193.589788][ T7819] caller is ip6_finish_output+0x335/0xdc0 [ 193.594880][ T7815] ? do_syscall_64+0x26/0x610 [ 193.594897][ T7815] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 193.594918][ T7815] __x64_sys_sendto+0xe1/0x1a0 [ 193.594937][ T7815] do_syscall_64+0x103/0x610 [ 193.594957][ T7815] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 193.631994][ T7815] RIP: 0033:0x4582b9 [ 193.635979][ T7815] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 193.655582][ T7815] RSP: 002b:00007f8507734c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 193.663999][ T7815] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 193.671981][ T7815] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 193.679953][ T7815] RBP: 000000000073bf00 R08: 00000000208d4fe4 R09: 000000000000001c [ 193.687923][ T7815] R10: 0000000020000008 R11: 0000000000000246 R12: 00007f85077356d4 [ 193.695891][ T7815] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 193.703883][ T7819] CPU: 1 PID: 7819 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 193.712908][ T7819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 193.723174][ T7819] Call Trace: [ 193.726475][ T7819] dump_stack+0x172/0x1f0 [ 193.730826][ T7819] __this_cpu_preempt_check+0x246/0x270 [ 193.736363][ T7819] ip6_finish_output+0x335/0xdc0 [ 193.741291][ T7819] ip6_output+0x235/0x7f0 [ 193.745696][ T7819] ? ip6_finish_output+0xdc0/0xdc0 [ 193.750790][ T7819] ? ip6_fragment+0x3980/0x3980 [ 193.755622][ T7819] ip6_xmit+0xe41/0x20c0 [ 193.759844][ T7819] ? ip6_finish_output2+0x2550/0x2550 [ 193.764439][ T7815] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7815 [ 193.765216][ T7819] ? mark_held_locks+0xf0/0xf0 [ 193.774538][ T7815] caller is ip6_finish_output+0x335/0xdc0 [ 193.779238][ T7819] ? ip6_setup_cork+0x1870/0x1870 [ 193.789977][ T7819] inet6_csk_xmit+0x2fb/0x5d0 [ 193.794661][ T7819] ? inet6_csk_update_pmtu+0x190/0x190 [ 193.800124][ T7819] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 193.806373][ T7819] ? csum_ipv6_magic+0x20/0x80 [ 193.811151][ T7819] __tcp_transmit_skb+0x1a32/0x3750 [ 193.816375][ T7819] ? __tcp_select_window+0x8b0/0x8b0 [ 193.821666][ T7819] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 193.827910][ T7819] ? tcp_fastopen_no_cookie+0xe0/0x190 [ 193.833376][ T7819] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 193.839617][ T7819] tcp_connect+0x1e47/0x4280 [ 193.844221][ T7819] ? tcp_push_one+0x110/0x110 [ 193.848900][ T7819] ? secure_tcpv6_ts_off+0x24f/0x360 [ 193.854193][ T7819] ? secure_dccpv6_sequence_number+0x280/0x280 [ 193.860348][ T7819] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 193.866591][ T7819] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 193.872843][ T7819] ? prandom_u32_state+0x13/0x180 [ 193.877881][ T7819] tcp_v6_connect+0x150b/0x20a0 [ 193.882736][ T7819] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 193.888116][ T7819] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 193.893415][ T7819] ? find_held_lock+0x35/0x130 [ 193.898193][ T7819] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 193.903836][ T7819] __inet_stream_connect+0x83f/0xea0 [ 193.909149][ T7819] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 193.914442][ T7819] ? __inet_stream_connect+0x83f/0xea0 [ 193.919909][ T7819] ? inet_dgram_connect+0x2e0/0x2e0 [ 193.925113][ T7819] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 193.930499][ T7819] ? rcu_read_lock_sched_held+0x110/0x130 [ 193.936226][ T7819] ? kmem_cache_alloc_trace+0x354/0x760 [ 193.941873][ T7819] ? __lock_acquire+0x548/0x3fb0 [ 193.946835][ T7819] tcp_sendmsg_locked+0x231f/0x37f0 [ 193.952051][ T7819] ? mark_held_locks+0xf0/0xf0 [ 193.956829][ T7819] ? mark_held_locks+0xa4/0xf0 [ 193.961605][ T7819] ? tcp_sendpage+0x60/0x60 [ 193.966113][ T7819] ? lock_sock_nested+0x9a/0x120 [ 193.971050][ T7819] ? trace_hardirqs_on+0x67/0x230 [ 193.976072][ T7819] ? lock_sock_nested+0x9a/0x120 [ 193.981013][ T7819] ? __local_bh_enable_ip+0x15a/0x270 [ 193.986390][ T7819] tcp_sendmsg+0x30/0x50 [ 193.990632][ T7819] inet_sendmsg+0x147/0x5e0 [ 193.995143][ T7819] ? ipip_gro_receive+0x100/0x100 [ 194.000185][ T7819] sock_sendmsg+0xdd/0x130 [ 194.004604][ T7819] __sys_sendto+0x262/0x380 [ 194.009112][ T7819] ? __ia32_sys_getpeername+0xb0/0xb0 [ 194.014529][ T7819] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 194.020795][ T7819] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 194.026255][ T7819] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 194.031712][ T7819] ? do_syscall_64+0x26/0x610 [ 194.036389][ T7819] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.042458][ T7819] __x64_sys_sendto+0xe1/0x1a0 [ 194.047247][ T7819] do_syscall_64+0x103/0x610 [ 194.051843][ T7819] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.057730][ T7819] RIP: 0033:0x4582b9 [ 194.061623][ T7819] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 194.081235][ T7819] RSP: 002b:00007f85076b0c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 194.089661][ T7819] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 194.097640][ T7819] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 194.105609][ T7819] RBP: 000000000073c180 R08: 00000000208d4fe4 R09: 000000000000001c [ 194.113605][ T7819] R10: 0000000020000008 R11: 0000000000000246 R12: 00007f85076b16d4 [ 194.121599][ T7819] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 194.129596][ T7815] CPU: 0 PID: 7815 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 194.138628][ T7815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 194.148683][ T7815] Call Trace: [ 194.151989][ T7815] dump_stack+0x172/0x1f0 [ 194.156332][ T7815] __this_cpu_preempt_check+0x246/0x270 [ 194.161888][ T7815] ip6_finish_output+0x335/0xdc0 [ 194.166837][ T7815] ip6_output+0x235/0x7f0 [ 194.171194][ T7815] ? ip6_finish_output+0xdc0/0xdc0 [ 194.176345][ T7815] ? ip6_fragment+0x3980/0x3980 [ 194.181220][ T7815] ip6_xmit+0xe41/0x20c0 [ 194.185468][ T7815] ? find_held_lock+0x35/0x130 [ 194.190249][ T7815] ? ip6_finish_output2+0x2550/0x2550 [ 194.195631][ T7815] ? mark_held_locks+0xf0/0xf0 [ 194.200404][ T7815] ? ip6_setup_cork+0x1870/0x1870 [ 194.205457][ T7815] inet6_csk_xmit+0x2fb/0x5d0 [ 194.210229][ T7815] ? inet6_csk_update_pmtu+0x190/0x190 [ 194.215697][ T7815] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.221952][ T7815] ? csum_ipv6_magic+0x20/0x80 [ 194.226734][ T7815] __tcp_transmit_skb+0x1a32/0x3750 [ 194.231960][ T7815] ? __tcp_select_window+0x8b0/0x8b0 [ 194.237271][ T7815] ? tcp_mstamp_refresh+0x16/0xa0 [ 194.242302][ T7815] __tcp_send_ack.part.0+0x3c6/0x5b0 [ 194.247592][ T7815] tcp_send_ack+0x88/0xa0 [ 194.251920][ T7815] tcp_send_challenge_ack.isra.0+0x250/0x300 [ 194.257945][ T7815] tcp_validate_incoming+0x55e/0x1660 [ 194.263326][ T7815] tcp_rcv_state_process+0xb6b/0x4d93 [ 194.268707][ T7815] ? __kprobes_text_end+0x8ff4/0x69030 [ 194.274176][ T7815] ? tcp_finish_connect+0x510/0x510 [ 194.279388][ T7815] ? __release_sock+0xca/0x3a0 [ 194.284150][ T7815] ? find_held_lock+0x35/0x130 [ 194.289021][ T7815] ? mark_held_locks+0xa4/0xf0 [ 194.293790][ T7815] ? __local_bh_enable_ip+0x15a/0x270 [ 194.299172][ T7815] ? _raw_spin_unlock_bh+0x31/0x40 [ 194.304288][ T7815] ? __local_bh_enable_ip+0x15a/0x270 [ 194.309671][ T7815] tcp_v6_do_rcv+0x7da/0x12c0 [ 194.314826][ T7815] ? tcp_v6_do_rcv+0x7da/0x12c0 [ 194.319704][ T7815] __release_sock+0x12e/0x3a0 [ 194.324401][ T7815] release_sock+0x59/0x1c0 [ 194.328833][ T7815] __inet_stream_connect+0x59f/0xea0 [ 194.334141][ T7815] ? inet_dgram_connect+0x2e0/0x2e0 [ 194.339371][ T7815] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 194.344742][ T7815] ? do_wait_intr_irq+0x2b0/0x2b0 [ 194.349767][ T7815] ? __lock_acquire+0x548/0x3fb0 [ 194.354716][ T7815] tcp_sendmsg_locked+0x231f/0x37f0 [ 194.359926][ T7815] ? mark_held_locks+0xf0/0xf0 [ 194.364694][ T7815] ? mark_held_locks+0xa4/0xf0 [ 194.369463][ T7815] ? tcp_sendpage+0x60/0x60 [ 194.373965][ T7815] ? lock_sock_nested+0x9a/0x120 [ 194.378906][ T7815] ? trace_hardirqs_on+0x67/0x230 [ 194.383935][ T7815] ? lock_sock_nested+0x9a/0x120 [ 194.388876][ T7815] ? __local_bh_enable_ip+0x15a/0x270 [ 194.394289][ T7815] tcp_sendmsg+0x30/0x50 [ 194.398543][ T7815] inet_sendmsg+0x147/0x5e0 [ 194.403041][ T7815] ? ipip_gro_receive+0x100/0x100 [ 194.408066][ T7815] sock_sendmsg+0xdd/0x130 [ 194.412484][ T7815] __sys_sendto+0x262/0x380 [ 194.416992][ T7815] ? __ia32_sys_getpeername+0xb0/0xb0 [ 194.422380][ T7815] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 194.428632][ T7815] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 194.434087][ T7815] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 194.439547][ T7815] ? do_syscall_64+0x26/0x610 [ 194.444604][ T7815] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.450855][ T7815] __x64_sys_sendto+0xe1/0x1a0 [ 194.455626][ T7815] do_syscall_64+0x103/0x610 [ 194.460227][ T7815] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.466116][ T7815] RIP: 0033:0x4582b9 [ 194.470030][ T7815] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 194.489643][ T7815] RSP: 002b:00007f8507734c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 194.498082][ T7815] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 194.506062][ T7815] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 194.514284][ T7815] RBP: 000000000073bf00 R08: 00000000208d4fe4 R09: 000000000000001c [ 194.522269][ T7815] R10: 0000000020000008 R11: 0000000000000246 R12: 00007f85077356d4 [ 194.530273][ T7815] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 194.565176][ T7817] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7817 [ 194.574961][ T7817] caller is ip6_finish_output+0x335/0xdc0 [ 194.580687][ T7817] CPU: 0 PID: 7817 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 194.589706][ T7817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 194.599766][ T7817] Call Trace: [ 194.603055][ T7817] dump_stack+0x172/0x1f0 [ 194.607400][ T7817] __this_cpu_preempt_check+0x246/0x270 [ 194.612951][ T7817] ip6_finish_output+0x335/0xdc0 [ 194.617880][ T7817] ip6_output+0x235/0x7f0 [ 194.622208][ T7817] ? ip6_finish_output+0xdc0/0xdc0 [ 194.627325][ T7817] ? ip6_fragment+0x3980/0x3980 [ 194.632198][ T7817] ip6_xmit+0xe41/0x20c0 [ 194.636427][ T7817] ? find_held_lock+0x35/0x130 [ 194.641207][ T7817] ? ip6_finish_output2+0x2550/0x2550 [ 194.646583][ T7817] ? mark_held_locks+0xf0/0xf0 [ 194.651345][ T7817] ? ip6_setup_cork+0x1870/0x1870 [ 194.656369][ T7817] inet6_csk_xmit+0x2fb/0x5d0 [ 194.661028][ T7817] ? inet6_csk_update_pmtu+0x190/0x190 [ 194.666480][ T7817] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.672731][ T7817] ? csum_ipv6_magic+0x20/0x80 [ 194.677487][ T7817] __tcp_transmit_skb+0x1a32/0x3750 [ 194.682691][ T7817] ? __tcp_select_window+0x8b0/0x8b0 [ 194.687973][ T7817] ? lockdep_hardirqs_on+0x418/0x5d0 [ 194.693252][ T7817] ? trace_hardirqs_on+0x67/0x230 [ 194.698278][ T7817] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 194.704001][ T7817] tcp_write_xmit+0xe39/0x5660 [ 194.708765][ T7817] ? tcp_current_mss+0x239/0x390 [ 194.713732][ T7817] tcp_push_one+0xd7/0x110 [ 194.718139][ T7817] do_tcp_sendpages+0x115b/0x1b80 [ 194.723168][ T7817] ? sk_stream_alloc_skb+0xd10/0xd10 [ 194.728452][ T7817] ? __local_bh_enable_ip+0x15a/0x270 [ 194.733824][ T7817] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 194.739534][ T7817] tcp_sendpage_locked+0x84/0xd0 [ 194.744465][ T7817] tcp_sendpage+0x3f/0x60 [ 194.748801][ T7817] ? tcp_sendpage_locked+0xd0/0xd0 [ 194.753926][ T7817] inet_sendpage+0x16b/0x630 [ 194.758508][ T7817] kernel_sendpage+0x95/0xf0 [ 194.763079][ T7817] ? inet_sendmsg+0x5e0/0x5e0 [ 194.767754][ T7817] sock_sendpage+0x8b/0xc0 [ 194.772178][ T7817] pipe_to_sendpage+0x299/0x370 [ 194.777025][ T7817] ? kernel_sendpage+0xf0/0xf0 [ 194.781795][ T7817] ? direct_splice_actor+0x1a0/0x1a0 [ 194.787110][ T7817] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.793353][ T7817] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 194.799418][ T7817] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 194.805671][ T7817] __splice_from_pipe+0x395/0x7d0 [ 194.810697][ T7817] ? direct_splice_actor+0x1a0/0x1a0 [ 194.815971][ T7817] ? direct_splice_actor+0x1a0/0x1a0 [ 194.821261][ T7817] splice_from_pipe+0x108/0x170 [ 194.826109][ T7817] ? splice_shrink_spd+0xd0/0xd0 [ 194.831046][ T7817] generic_splice_sendpage+0x3c/0x50 [ 194.836310][ T7817] ? splice_from_pipe+0x170/0x170 [ 194.841316][ T7817] direct_splice_actor+0x126/0x1a0 [ 194.846423][ T7817] splice_direct_to_actor+0x369/0x970 [ 194.851791][ T7817] ? generic_pipe_buf_nosteal+0x10/0x10 [ 194.857328][ T7817] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.863550][ T7817] ? do_splice_to+0x190/0x190 [ 194.868236][ T7817] ? rw_verify_area+0x118/0x360 [ 194.873081][ T7817] do_splice_direct+0x1da/0x2a0 [ 194.877917][ T7817] ? splice_direct_to_actor+0x970/0x970 [ 194.883451][ T7817] ? rw_verify_area+0x118/0x360 [ 194.888300][ T7817] do_sendfile+0x597/0xd00 [ 194.892737][ T7817] ? do_compat_pwritev64+0x1c0/0x1c0 [ 194.898034][ T7817] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 194.904284][ T7817] ? put_timespec64+0xda/0x140 [ 194.909069][ T7817] __x64_sys_sendfile64+0x1dd/0x220 [ 194.914290][ T7817] ? __ia32_sys_sendfile+0x230/0x230 [ 194.919576][ T7817] ? do_syscall_64+0x26/0x610 [ 194.924251][ T7817] ? lockdep_hardirqs_on+0x418/0x5d0 [ 194.929543][ T7817] ? trace_hardirqs_on+0x67/0x230 [ 194.934563][ T7817] do_syscall_64+0x103/0x610 [ 194.939174][ T7817] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.945069][ T7817] RIP: 0033:0x4582b9 [ 194.948971][ T7817] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 194.968582][ T7817] RSP: 002b:00007f85076f2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 194.977014][ T7817] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 194.984984][ T7817] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005 [ 194.992958][ T7817] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 195.000920][ T7817] R10: 00008000fffffffe R11: 0000000000000246 R12: 00007f85076f36d4 [ 195.008891][ T7817] R13: 00000000004c5227 R14: 00000000004d9368 R15: 00000000ffffffff [ 195.023789][ T7817] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7817 [ 195.033179][ T7817] caller is ip6_finish_output+0x335/0xdc0 [ 195.039150][ T7817] CPU: 0 PID: 7817 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 195.048203][ T7817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 195.058254][ T7817] Call Trace: [ 195.061537][ T7817] dump_stack+0x172/0x1f0 [ 195.065869][ T7817] __this_cpu_preempt_check+0x246/0x270 [ 195.071501][ T7817] ip6_finish_output+0x335/0xdc0 [ 195.076425][ T7817] ip6_output+0x235/0x7f0 [ 195.080749][ T7817] ? ip6_finish_output+0xdc0/0xdc0 [ 195.085862][ T7817] ? ip6_fragment+0x3980/0x3980 [ 195.090711][ T7817] ip6_xmit+0xe41/0x20c0 [ 195.094941][ T7817] ? ip6_finish_output2+0x2550/0x2550 [ 195.100300][ T7817] ? mark_held_locks+0xf0/0xf0 [ 195.105056][ T7817] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 195.111316][ T7817] ? ip6_setup_cork+0x1870/0x1870 [ 195.116498][ T7817] ? inet6_csk_route_socket+0x715/0xf40 [ 195.122062][ T7817] inet6_csk_xmit+0x2fb/0x5d0 [ 195.126738][ T7817] ? inet6_csk_update_pmtu+0x190/0x190 [ 195.132209][ T7817] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 195.138623][ T7817] ? csum_ipv6_magic+0x20/0x80 [ 195.143376][ T7817] __tcp_transmit_skb+0x1a32/0x3750 [ 195.148673][ T7817] ? __tcp_select_window+0x8b0/0x8b0 [ 195.153953][ T7817] ? lockdep_hardirqs_on+0x418/0x5d0 [ 195.159227][ T7817] ? trace_hardirqs_on+0x67/0x230 [ 195.164251][ T7817] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 195.169973][ T7817] tcp_write_xmit+0xe39/0x5660 [ 195.174734][ T7817] __tcp_push_pending_frames+0xb4/0x350 [ 195.180277][ T7817] do_tcp_sendpages+0x167b/0x1b80 [ 195.185313][ T7817] ? sk_stream_alloc_skb+0xd10/0xd10 [ 195.190592][ T7817] ? __local_bh_enable_ip+0x15a/0x270 [ 195.195981][ T7817] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 195.201712][ T7817] tcp_sendpage_locked+0x84/0xd0 [ 195.206668][ T7817] tcp_sendpage+0x3f/0x60 [ 195.210990][ T7817] ? tcp_sendpage_locked+0xd0/0xd0 [ 195.216083][ T7817] inet_sendpage+0x16b/0x630 [ 195.220693][ T7817] kernel_sendpage+0x95/0xf0 [ 195.225278][ T7817] ? inet_sendmsg+0x5e0/0x5e0 [ 195.229964][ T7817] sock_sendpage+0x8b/0xc0 [ 195.234396][ T7817] pipe_to_sendpage+0x299/0x370 [ 195.239243][ T7817] ? kernel_sendpage+0xf0/0xf0 [ 195.243999][ T7817] ? direct_splice_actor+0x1a0/0x1a0 [ 195.249279][ T7817] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 195.255542][ T7817] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 195.261594][ T7817] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 195.268464][ T7817] __splice_from_pipe+0x395/0x7d0 [ 195.275541][ T7817] ? direct_splice_actor+0x1a0/0x1a0 [ 195.280820][ T7817] ? direct_splice_actor+0x1a0/0x1a0 [ 195.286100][ T7817] splice_from_pipe+0x108/0x170 [ 195.290947][ T7817] ? splice_shrink_spd+0xd0/0xd0 [ 195.295876][ T7817] generic_splice_sendpage+0x3c/0x50 [ 195.301140][ T7817] ? splice_from_pipe+0x170/0x170 [ 195.306177][ T7817] direct_splice_actor+0x126/0x1a0 [ 195.311290][ T7817] splice_direct_to_actor+0x369/0x970 [ 195.316654][ T7817] ? generic_pipe_buf_nosteal+0x10/0x10 [ 195.322197][ T7817] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 195.328427][ T7817] ? do_splice_to+0x190/0x190 [ 195.333101][ T7817] ? rw_verify_area+0x118/0x360 [ 195.337957][ T7817] do_splice_direct+0x1da/0x2a0 [ 195.342798][ T7817] ? splice_direct_to_actor+0x970/0x970 [ 195.348348][ T7817] ? rw_verify_area+0x118/0x360 [ 195.353204][ T7817] do_sendfile+0x597/0xd00 [ 195.357613][ T7817] ? do_compat_pwritev64+0x1c0/0x1c0 [ 195.362902][ T7817] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 195.369137][ T7817] ? put_timespec64+0xda/0x140 [ 195.373927][ T7817] __x64_sys_sendfile64+0x1dd/0x220 [ 195.379110][ T7817] ? __ia32_sys_sendfile+0x230/0x230 [ 195.384386][ T7817] ? do_syscall_64+0x26/0x610 [ 195.389072][ T7817] ? lockdep_hardirqs_on+0x418/0x5d0 [ 195.394367][ T7817] ? trace_hardirqs_on+0x67/0x230 [ 195.399391][ T7817] do_syscall_64+0x103/0x610 [ 195.403987][ T7817] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 195.409869][ T7817] RIP: 0033:0x4582b9 [ 195.413762][ T7817] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 195.433351][ T7817] RSP: 002b:00007f85076f2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 195.441772][ T7817] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 195.449739][ T7817] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005 [ 195.457774][ T7817] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 195.465830][ T7817] R10: 00008000fffffffe R11: 0000000000000246 R12: 00007f85076f36d4 [ 195.473822][ T7817] R13: 00000000004c5227 R14: 00000000004d9368 R15: 00000000ffffffff [ 195.484694][ T7817] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7817 [ 195.494033][ T7817] caller is ip6_finish_output+0x335/0xdc0 [ 195.500232][ T7817] CPU: 1 PID: 7817 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 195.509240][ T7817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 195.519278][ T7817] Call Trace: [ 195.522559][ T7817] dump_stack+0x172/0x1f0 [ 195.526876][ T7817] __this_cpu_preempt_check+0x246/0x270 [ 195.532408][ T7817] ip6_finish_output+0x335/0xdc0 [ 195.537343][ T7817] ip6_output+0x235/0x7f0 [ 195.541679][ T7817] ? ip6_finish_output+0xdc0/0xdc0 [ 195.546799][ T7817] ? ip6_fragment+0x3980/0x3980 [ 195.551738][ T7817] ip6_xmit+0xe41/0x20c0 [ 195.555983][ T7817] ? ip6_finish_output2+0x2550/0x2550 [ 195.561339][ T7817] ? mark_held_locks+0xf0/0xf0 [ 195.566085][ T7817] ? ip6_setup_cork+0x1870/0x1870 [ 195.571100][ T7817] inet6_csk_xmit+0x2fb/0x5d0 [ 195.575777][ T7817] ? inet6_csk_update_pmtu+0x190/0x190 [ 195.581222][ T7817] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 195.587929][ T7817] ? csum_ipv6_magic+0x20/0x80 [ 195.592726][ T7817] __tcp_transmit_skb+0x1a32/0x3750 [ 195.598022][ T7817] ? __tcp_select_window+0x8b0/0x8b0 [ 195.603294][ T7817] ? mark_lock+0x1340/0x1380 [ 195.607955][ T7817] ? ktime_get+0x105/0x300 [ 195.612370][ T7817] ? tcp_mstamp_refresh+0x16/0xa0 [ 195.617376][ T7817] ? ktime_get+0x105/0x300 [ 195.621792][ T7817] __tcp_send_ack.part.0+0x3c6/0x5b0 [ 195.627154][ T7817] tcp_send_ack+0x88/0xa0 [ 195.631478][ T7817] __tcp_ack_snd_check+0x165/0x8d0 [ 195.636588][ T7817] tcp_rcv_established+0x175d/0x1fb0 [ 195.641859][ T7817] ? tcp_data_queue+0x4840/0x4840 [ 195.646867][ T7817] ? __local_bh_enable_ip+0x100/0x270 [ 195.652229][ T7817] ? _raw_spin_unlock_bh+0x31/0x40 [ 195.657331][ T7817] ? __local_bh_enable_ip+0x15a/0x270 [ 195.662701][ T7817] ? lockdep_hardirqs_on+0x418/0x5d0 [ 195.667971][ T7817] tcp_v6_do_rcv+0x421/0x12c0 [ 195.672637][ T7817] __release_sock+0x12e/0x3a0 [ 195.677311][ T7817] release_sock+0x59/0x1c0 [ 195.681734][ T7817] sk_stream_wait_memory+0x5cb/0xe70 [ 195.687129][ T7817] ? sk_stream_error+0x110/0x110 [ 195.692097][ T7817] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 195.698321][ T7817] ? do_wait_intr_irq+0x2b0/0x2b0 [ 195.703327][ T7817] ? tcp_push+0x4d2/0x6c0 [ 195.707729][ T7817] do_tcp_sendpages+0x84f/0x1b80 [ 195.712657][ T7817] ? sk_stream_alloc_skb+0xd10/0xd10 [ 195.717926][ T7817] ? __local_bh_enable_ip+0x15a/0x270 [ 195.723282][ T7817] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 195.728986][ T7817] tcp_sendpage_locked+0x84/0xd0 [ 195.733907][ T7817] tcp_sendpage+0x3f/0x60 [ 195.738228][ T7817] ? tcp_sendpage_locked+0xd0/0xd0 [ 195.743321][ T7817] inet_sendpage+0x16b/0x630 [ 195.747897][ T7817] kernel_sendpage+0x95/0xf0 [ 195.752464][ T7817] ? inet_sendmsg+0x5e0/0x5e0 [ 195.757136][ T7817] sock_sendpage+0x8b/0xc0 [ 195.761545][ T7817] pipe_to_sendpage+0x299/0x370 [ 195.766375][ T7817] ? kernel_sendpage+0xf0/0xf0 [ 195.771121][ T7817] ? direct_splice_actor+0x1a0/0x1a0 [ 195.776410][ T7817] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 195.782636][ T7817] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 195.788708][ T7817] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 195.794934][ T7817] __splice_from_pipe+0x395/0x7d0 [ 195.799941][ T7817] ? direct_splice_actor+0x1a0/0x1a0 [ 195.805231][ T7817] ? direct_splice_actor+0x1a0/0x1a0 [ 195.810500][ T7817] splice_from_pipe+0x108/0x170 [ 195.815336][ T7817] ? splice_shrink_spd+0xd0/0xd0 [ 195.820263][ T7817] generic_splice_sendpage+0x3c/0x50 [ 195.825527][ T7817] ? splice_from_pipe+0x170/0x170 [ 195.830546][ T7817] direct_splice_actor+0x126/0x1a0 [ 195.835653][ T7817] splice_direct_to_actor+0x369/0x970 [ 195.841028][ T7817] ? generic_pipe_buf_nosteal+0x10/0x10 [ 195.846578][ T7817] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 195.852799][ T7817] ? do_splice_to+0x190/0x190 [ 195.857462][ T7817] ? rw_verify_area+0x118/0x360 [ 195.862303][ T7817] do_splice_direct+0x1da/0x2a0 [ 195.867139][ T7817] ? splice_direct_to_actor+0x970/0x970 [ 195.872697][ T7817] ? rw_verify_area+0x118/0x360 [ 195.877549][ T7817] do_sendfile+0x597/0xd00 [ 195.881955][ T7817] ? do_compat_pwritev64+0x1c0/0x1c0 [ 195.887223][ T7817] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 195.893457][ T7817] ? put_timespec64+0xda/0x140 [ 195.898208][ T7817] __x64_sys_sendfile64+0x1dd/0x220 [ 195.903414][ T7817] ? __ia32_sys_sendfile+0x230/0x230 [ 195.908690][ T7817] ? do_syscall_64+0x26/0x610 [ 195.913378][ T7817] ? lockdep_hardirqs_on+0x418/0x5d0 [ 195.918663][ T7817] ? trace_hardirqs_on+0x67/0x230 [ 195.923679][ T7817] do_syscall_64+0x103/0x610 [ 195.928285][ T7817] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 195.934170][ T7817] RIP: 0033:0x4582b9 [ 195.938050][ T7817] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 195.957731][ T7817] RSP: 002b:00007f85076f2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 195.966127][ T7817] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 195.974079][ T7817] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005 [ 195.982029][ T7817] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 195.989977][ T7817] R10: 00008000fffffffe R11: 0000000000000246 R12: 00007f85076f36d4 [ 195.997929][ T7817] R13: 00000000004c5227 R14: 00000000004d9368 R15: 00000000ffffffff [ 196.013051][ T7817] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7817 [ 196.022475][ T7817] caller is ip6_finish_output+0x335/0xdc0 [ 196.028508][ T7817] CPU: 1 PID: 7817 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 196.037528][ T7817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 196.047579][ T7817] Call Trace: [ 196.050902][ T7817] dump_stack+0x172/0x1f0 [ 196.055346][ T7817] __this_cpu_preempt_check+0x246/0x270 [ 196.060912][ T7817] ip6_finish_output+0x335/0xdc0 [ 196.065855][ T7817] ip6_output+0x235/0x7f0 [ 196.070208][ T7817] ? ip6_finish_output+0xdc0/0xdc0 [ 196.075335][ T7817] ? ip6_fragment+0x3980/0x3980 [ 196.080197][ T7817] ip6_xmit+0xe41/0x20c0 [ 196.084450][ T7817] ? ip6_finish_output2+0x2550/0x2550 [ 196.089819][ T7817] ? mark_held_locks+0xf0/0xf0 [ 196.094591][ T7817] ? ip6_setup_cork+0x1870/0x1870 [ 196.099618][ T7817] ? inet6_csk_route_socket+0x715/0xf40 [ 196.105183][ T7817] inet6_csk_xmit+0x2fb/0x5d0 [ 196.109862][ T7817] ? inet6_csk_update_pmtu+0x190/0x190 [ 196.115319][ T7817] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 196.121566][ T7817] ? csum_ipv6_magic+0x20/0x80 [ 196.126339][ T7817] __tcp_transmit_skb+0x1a32/0x3750 [ 196.131546][ T7817] ? __tcp_select_window+0x8b0/0x8b0 [ 196.136829][ T7817] ? lockdep_hardirqs_on+0x418/0x5d0 [ 196.142143][ T7817] ? trace_hardirqs_on+0x67/0x230 [ 196.147188][ T7817] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 196.152910][ T7817] tcp_write_xmit+0xe39/0x5660 [ 196.157715][ T7817] ? tcp_established_options+0x29d/0x4d0 [ 196.163378][ T7817] __tcp_push_pending_frames+0xb4/0x350 [ 196.169012][ T7817] tcp_rcv_established+0x1974/0x1fb0 [ 196.174302][ T7817] ? tcp_data_queue+0x4840/0x4840 [ 196.179323][ T7817] ? __local_bh_enable_ip+0x15a/0x270 [ 196.184701][ T7817] ? _raw_spin_unlock_bh+0x31/0x40 [ 196.189823][ T7817] ? __local_bh_enable_ip+0x15a/0x270 [ 196.195198][ T7817] ? lockdep_hardirqs_on+0x418/0x5d0 [ 196.200486][ T7817] tcp_v6_do_rcv+0x421/0x12c0 [ 196.205174][ T7817] __release_sock+0x12e/0x3a0 [ 196.209857][ T7817] release_sock+0x59/0x1c0 [ 196.214281][ T7817] sk_stream_wait_memory+0x5cb/0xe70 [ 196.219574][ T7817] ? sk_stream_error+0x110/0x110 [ 196.224511][ T7817] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 196.230747][ T7817] ? do_wait_intr_irq+0x2b0/0x2b0 [ 196.235773][ T7817] ? tcp_push+0x4d2/0x6c0 [ 196.240202][ T7817] do_tcp_sendpages+0x84f/0x1b80 [ 196.245157][ T7817] ? sk_stream_alloc_skb+0xd10/0xd10 [ 196.250446][ T7817] ? __local_bh_enable_ip+0x15a/0x270 [ 196.255820][ T7817] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 196.261541][ T7817] tcp_sendpage_locked+0x84/0xd0 [ 196.266478][ T7817] tcp_sendpage+0x3f/0x60 [ 196.270803][ T7817] ? tcp_sendpage_locked+0xd0/0xd0 [ 196.275912][ T7817] inet_sendpage+0x16b/0x630 [ 196.280504][ T7817] kernel_sendpage+0x95/0xf0 [ 196.285091][ T7817] ? inet_sendmsg+0x5e0/0x5e0 [ 196.289772][ T7817] sock_sendpage+0x8b/0xc0 [ 196.294281][ T7817] pipe_to_sendpage+0x299/0x370 [ 196.299130][ T7817] ? kernel_sendpage+0xf0/0xf0 [ 196.303906][ T7817] ? direct_splice_actor+0x1a0/0x1a0 [ 196.309199][ T7817] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 196.315444][ T7817] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 196.321510][ T7817] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 196.327754][ T7817] __splice_from_pipe+0x395/0x7d0 [ 196.332782][ T7817] ? direct_splice_actor+0x1a0/0x1a0 [ 196.338074][ T7817] ? direct_splice_actor+0x1a0/0x1a0 [ 196.343358][ T7817] splice_from_pipe+0x108/0x170 [ 196.348208][ T7817] ? splice_shrink_spd+0xd0/0xd0 [ 196.353156][ T7817] generic_splice_sendpage+0x3c/0x50 [ 196.358449][ T7817] ? splice_from_pipe+0x170/0x170 [ 196.363482][ T7817] direct_splice_actor+0x126/0x1a0 [ 196.368593][ T7817] splice_direct_to_actor+0x369/0x970 [ 196.373964][ T7817] ? generic_pipe_buf_nosteal+0x10/0x10 [ 196.379515][ T7817] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 196.385838][ T7817] ? do_splice_to+0x190/0x190 [ 196.390522][ T7817] ? rw_verify_area+0x118/0x360 [ 196.395373][ T7817] do_splice_direct+0x1da/0x2a0 [ 196.400227][ T7817] ? splice_direct_to_actor+0x970/0x970 [ 196.405797][ T7817] ? rw_verify_area+0x118/0x360 [ 196.410656][ T7817] do_sendfile+0x597/0xd00 [ 196.415091][ T7817] ? do_compat_pwritev64+0x1c0/0x1c0 [ 196.420371][ T7817] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 196.426614][ T7817] ? put_timespec64+0xda/0x140 [ 196.431387][ T7817] __x64_sys_sendfile64+0x1dd/0x220 [ 196.436590][ T7817] ? __ia32_sys_sendfile+0x230/0x230 [ 196.441871][ T7817] ? do_syscall_64+0x26/0x610 [ 196.447070][ T7817] ? lockdep_hardirqs_on+0x418/0x5d0 [ 196.452363][ T7817] ? trace_hardirqs_on+0x67/0x230 [ 196.457389][ T7817] do_syscall_64+0x103/0x610 [ 196.461986][ T7817] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.467875][ T7817] RIP: 0033:0x4582b9 [ 196.471769][ T7817] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 196.491372][ T7817] RSP: 002b:00007f85076f2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 196.499778][ T7817] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 196.507745][ T7817] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005 [ 196.515714][ T7817] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 196.523680][ T7817] R10: 00008000fffffffe R11: 0000000000000246 R12: 00007f85076f36d4 [ 196.531672][ T7817] R13: 00000000004c5227 R14: 00000000004d9368 R15: 00000000ffffffff [ 196.543302][ T7817] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7817 [ 196.552674][ T7817] caller is ip6_finish_output+0x335/0xdc0 [ 196.558671][ T7817] CPU: 1 PID: 7817 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 196.567711][ T7817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 196.577761][ T7817] Call Trace: [ 196.581043][ T7817] dump_stack+0x172/0x1f0 [ 196.585361][ T7817] __this_cpu_preempt_check+0x246/0x270 [ 196.590891][ T7817] ip6_finish_output+0x335/0xdc0 [ 196.595811][ T7817] ip6_output+0x235/0x7f0 [ 196.600212][ T7817] ? ip6_finish_output+0xdc0/0xdc0 [ 196.605309][ T7817] ? ip6_fragment+0x3980/0x3980 [ 196.610151][ T7817] ip6_xmit+0xe41/0x20c0 [ 196.614380][ T7817] ? find_held_lock+0x35/0x130 [ 196.619154][ T7817] ? ip6_finish_output2+0x2550/0x2550 [ 196.624532][ T7817] ? mark_held_locks+0xf0/0xf0 [ 196.629279][ T7817] ? ip6_setup_cork+0x1870/0x1870 [ 196.634295][ T7817] inet6_csk_xmit+0x2fb/0x5d0 [ 196.638967][ T7817] ? inet6_csk_update_pmtu+0x190/0x190 [ 196.644408][ T7817] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 196.650632][ T7817] ? csum_ipv6_magic+0x20/0x80 [ 196.655380][ T7817] __tcp_transmit_skb+0x1a32/0x3750 [ 196.660592][ T7817] ? __tcp_select_window+0x8b0/0x8b0 [ 196.665858][ T7817] ? lockdep_hardirqs_on+0x418/0x5d0 [ 196.671134][ T7817] ? trace_hardirqs_on+0x67/0x230 [ 196.676156][ T7817] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 196.681863][ T7817] tcp_write_xmit+0xe39/0x5660 [ 196.686625][ T7817] ? tcp_enter_memory_pressure+0x130/0x130 [ 196.692507][ T7817] tcp_push_one+0xd7/0x110 [ 196.696908][ T7817] do_tcp_sendpages+0x115b/0x1b80 [ 196.701921][ T7817] ? sk_stream_alloc_skb+0xd10/0xd10 [ 196.707193][ T7817] ? __local_bh_enable_ip+0x15a/0x270 [ 196.712566][ T7817] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 196.718270][ T7817] tcp_sendpage_locked+0x84/0xd0 [ 196.723219][ T7817] tcp_sendpage+0x3f/0x60 [ 196.727532][ T7817] ? tcp_sendpage_locked+0xd0/0xd0 [ 196.732646][ T7817] inet_sendpage+0x16b/0x630 [ 196.737224][ T7817] kernel_sendpage+0x95/0xf0 [ 196.741790][ T7817] ? inet_sendmsg+0x5e0/0x5e0 [ 196.746463][ T7817] sock_sendpage+0x8b/0xc0 [ 196.750883][ T7817] pipe_to_sendpage+0x299/0x370 [ 196.755715][ T7817] ? kernel_sendpage+0xf0/0xf0 [ 196.760474][ T7817] ? direct_splice_actor+0x1a0/0x1a0 [ 196.765754][ T7817] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 196.771975][ T7817] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 196.778023][ T7817] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 196.784245][ T7817] __splice_from_pipe+0x395/0x7d0 [ 196.789251][ T7817] ? direct_splice_actor+0x1a0/0x1a0 [ 196.794616][ T7817] ? direct_splice_actor+0x1a0/0x1a0 [ 196.799892][ T7817] splice_from_pipe+0x108/0x170 [ 196.804727][ T7817] ? splice_shrink_spd+0xd0/0xd0 [ 196.809653][ T7817] generic_splice_sendpage+0x3c/0x50 [ 196.814918][ T7817] ? splice_from_pipe+0x170/0x170 [ 196.819937][ T7817] direct_splice_actor+0x126/0x1a0 [ 196.825030][ T7817] splice_direct_to_actor+0x369/0x970 [ 196.830403][ T7817] ? generic_pipe_buf_nosteal+0x10/0x10 [ 196.835936][ T7817] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 196.842175][ T7817] ? do_splice_to+0x190/0x190 [ 196.846839][ T7817] ? rw_verify_area+0x118/0x360 [ 196.851691][ T7817] do_splice_direct+0x1da/0x2a0 [ 196.856526][ T7817] ? splice_direct_to_actor+0x970/0x970 [ 196.862078][ T7817] ? rw_verify_area+0x118/0x360 [ 196.866928][ T7817] do_sendfile+0x597/0xd00 [ 196.871340][ T7817] ? do_compat_pwritev64+0x1c0/0x1c0 [ 196.876605][ T7817] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 196.882823][ T7817] ? put_timespec64+0xda/0x140 [ 196.887572][ T7817] __x64_sys_sendfile64+0x1dd/0x220 [ 196.892750][ T7817] ? __ia32_sys_sendfile+0x230/0x230 [ 196.898014][ T7817] ? do_syscall_64+0x26/0x610 [ 196.902671][ T7817] ? lockdep_hardirqs_on+0x418/0x5d0 [ 196.907945][ T7817] ? trace_hardirqs_on+0x67/0x230 [ 196.912948][ T7817] do_syscall_64+0x103/0x610 [ 196.917521][ T7817] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.923390][ T7817] RIP: 0033:0x4582b9 [ 196.927275][ T7817] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 196.946875][ T7817] RSP: 002b:00007f85076f2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 196.955265][ T7817] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 196.963217][ T7817] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005 [ 196.971201][ T7817] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 196.979155][ T7817] R10: 00008000fffffffe R11: 0000000000000246 R12: 00007f85076f36d4 [ 196.987114][ T7817] R13: 00000000004c5227 R14: 00000000004d9368 R15: 00000000ffffffff [ 196.997549][ T7817] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7817 [ 197.007342][ T7817] caller is ip6_finish_output+0x335/0xdc0 [ 197.013060][ T7817] CPU: 1 PID: 7817 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 197.022053][ T7817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 197.032106][ T7817] Call Trace: [ 197.035403][ T7817] dump_stack+0x172/0x1f0 [ 197.039721][ T7817] __this_cpu_preempt_check+0x246/0x270 [ 197.045249][ T7817] ip6_finish_output+0x335/0xdc0 [ 197.050202][ T7817] ip6_output+0x235/0x7f0 [ 197.054535][ T7817] ? ip6_finish_output+0xdc0/0xdc0 [ 197.059653][ T7817] ? ip6_fragment+0x3980/0x3980 [ 197.064487][ T7817] ip6_xmit+0xe41/0x20c0 [ 197.068712][ T7817] ? find_held_lock+0x35/0x130 [ 197.073461][ T7817] ? ip6_finish_output2+0x2550/0x2550 [ 197.078829][ T7817] ? mark_held_locks+0xf0/0xf0 [ 197.083575][ T7817] ? ip6_setup_cork+0x1870/0x1870 [ 197.088591][ T7817] inet6_csk_xmit+0x2fb/0x5d0 [ 197.093270][ T7817] ? inet6_csk_update_pmtu+0x190/0x190 [ 197.098718][ T7817] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 197.104942][ T7817] ? csum_ipv6_magic+0x20/0x80 [ 197.109695][ T7817] __tcp_transmit_skb+0x1a32/0x3750 [ 197.114880][ T7817] ? __tcp_select_window+0x8b0/0x8b0 [ 197.120145][ T7817] ? lockdep_hardirqs_on+0x418/0x5d0 [ 197.125446][ T7817] ? trace_hardirqs_on+0x67/0x230 [ 197.130466][ T7817] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 197.136174][ T7817] tcp_write_xmit+0xe39/0x5660 [ 197.140921][ T7817] ? tcp_established_options+0x29d/0x4d0 [ 197.146542][ T7817] __tcp_push_pending_frames+0xb4/0x350 [ 197.152063][ T7817] tcp_rcv_established+0x989/0x1fb0 [ 197.157242][ T7817] ? tcp_data_queue+0x4840/0x4840 [ 197.162276][ T7817] ? __local_bh_enable_ip+0x100/0x270 [ 197.167629][ T7817] ? _raw_spin_unlock_bh+0x31/0x40 [ 197.172716][ T7817] ? __local_bh_enable_ip+0x15a/0x270 [ 197.178066][ T7817] ? lockdep_hardirqs_on+0x418/0x5d0 [ 197.183332][ T7817] tcp_v6_do_rcv+0x421/0x12c0 [ 197.187994][ T7817] __release_sock+0x12e/0x3a0 [ 197.192655][ T7817] release_sock+0x59/0x1c0 [ 197.197053][ T7817] tcp_sendpage+0x4a/0x60 [ 197.201383][ T7817] ? tcp_sendpage_locked+0xd0/0xd0 [ 197.206495][ T7817] inet_sendpage+0x16b/0x630 [ 197.211070][ T7817] kernel_sendpage+0x95/0xf0 [ 197.215636][ T7817] ? inet_sendmsg+0x5e0/0x5e0 [ 197.220304][ T7817] sock_sendpage+0x8b/0xc0 [ 197.224706][ T7817] pipe_to_sendpage+0x299/0x370 [ 197.229537][ T7817] ? kernel_sendpage+0xf0/0xf0 [ 197.234286][ T7817] ? direct_splice_actor+0x1a0/0x1a0 [ 197.239550][ T7817] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 197.245769][ T7817] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 197.251819][ T7817] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 197.258041][ T7817] __splice_from_pipe+0x395/0x7d0 [ 197.263042][ T7817] ? direct_splice_actor+0x1a0/0x1a0 [ 197.274537][ T7817] ? direct_splice_actor+0x1a0/0x1a0 [ 197.279804][ T7817] splice_from_pipe+0x108/0x170 [ 197.284636][ T7817] ? splice_shrink_spd+0xd0/0xd0 [ 197.289559][ T7817] generic_splice_sendpage+0x3c/0x50 [ 197.294820][ T7817] ? splice_from_pipe+0x170/0x170 [ 197.299838][ T7817] direct_splice_actor+0x126/0x1a0 [ 197.304932][ T7817] splice_direct_to_actor+0x369/0x970 [ 197.310290][ T7817] ? generic_pipe_buf_nosteal+0x10/0x10 [ 197.316317][ T7817] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 197.322535][ T7817] ? do_splice_to+0x190/0x190 [ 197.327206][ T7817] ? rw_verify_area+0x118/0x360 [ 197.332035][ T7817] do_splice_direct+0x1da/0x2a0 [ 197.336870][ T7817] ? splice_direct_to_actor+0x970/0x970 [ 197.342399][ T7817] ? rw_verify_area+0x118/0x360 [ 197.347228][ T7817] do_sendfile+0x597/0xd00 [ 197.351627][ T7817] ? do_compat_pwritev64+0x1c0/0x1c0 [ 197.356897][ T7817] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 197.363123][ T7817] ? put_timespec64+0xda/0x140 [ 197.367891][ T7817] __x64_sys_sendfile64+0x1dd/0x220 [ 197.373069][ T7817] ? __ia32_sys_sendfile+0x230/0x230 [ 197.378334][ T7817] ? do_syscall_64+0x26/0x610 [ 197.382989][ T7817] ? lockdep_hardirqs_on+0x418/0x5d0 [ 197.388273][ T7817] ? trace_hardirqs_on+0x67/0x230 [ 197.393283][ T7817] do_syscall_64+0x103/0x610 [ 197.397857][ T7817] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.403724][ T7817] RIP: 0033:0x4582b9 [ 197.407597][ T7817] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 03:38:15 executing program 5: 03:38:15 executing program 3: [ 197.427183][ T7817] RSP: 002b:00007f85076f2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 197.435575][ T7817] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 197.443521][ T7817] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005 [ 197.451470][ T7817] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 197.459415][ T7817] R10: 00008000fffffffe R11: 0000000000000246 R12: 00007f85076f36d4 [ 197.467362][ T7817] R13: 00000000004c5227 R14: 00000000004d9368 R15: 00000000ffffffff 03:38:15 executing program 1: 03:38:15 executing program 0: 03:38:15 executing program 2: 03:38:15 executing program 4: 03:38:15 executing program 1: 03:38:15 executing program 4: 03:38:15 executing program 3: 03:38:15 executing program 0: 03:38:15 executing program 2: 03:38:16 executing program 5: 03:38:16 executing program 3: 03:38:16 executing program 1: 03:38:16 executing program 0: 03:38:16 executing program 4: 03:38:16 executing program 2: 03:38:16 executing program 3: 03:38:16 executing program 5: 03:38:16 executing program 1: 03:38:16 executing program 4: 03:38:16 executing program 3: 03:38:16 executing program 0: 03:38:16 executing program 2: 03:38:16 executing program 5: 03:38:16 executing program 1: 03:38:16 executing program 3: 03:38:16 executing program 4: 03:38:16 executing program 0: 03:38:16 executing program 5: 03:38:16 executing program 2: 03:38:16 executing program 0: 03:38:16 executing program 1: 03:38:16 executing program 4: 03:38:16 executing program 3: 03:38:16 executing program 4: 03:38:16 executing program 5: 03:38:16 executing program 1: 03:38:16 executing program 0: 03:38:16 executing program 2: 03:38:16 executing program 3: 03:38:16 executing program 4: 03:38:16 executing program 3: 03:38:16 executing program 1: 03:38:16 executing program 5: 03:38:16 executing program 0: 03:38:16 executing program 2: 03:38:17 executing program 1: 03:38:17 executing program 4: 03:38:17 executing program 3: 03:38:17 executing program 5: 03:38:17 executing program 0: 03:38:17 executing program 1: 03:38:17 executing program 2: 03:38:17 executing program 4: 03:38:17 executing program 3: 03:38:17 executing program 0: 03:38:17 executing program 1: 03:38:17 executing program 5: 03:38:17 executing program 3: 03:38:17 executing program 5: 03:38:17 executing program 2: 03:38:17 executing program 0: 03:38:17 executing program 4: 03:38:17 executing program 1: 03:38:17 executing program 5: 03:38:17 executing program 3: 03:38:17 executing program 4: 03:38:17 executing program 2: 03:38:17 executing program 0: 03:38:17 executing program 5: 03:38:17 executing program 3: 03:38:17 executing program 2: 03:38:17 executing program 0: 03:38:17 executing program 1: 03:38:17 executing program 5: 03:38:17 executing program 4: 03:38:17 executing program 2: 03:38:17 executing program 1: 03:38:17 executing program 3: 03:38:17 executing program 0: 03:38:17 executing program 5: 03:38:17 executing program 4: 03:38:17 executing program 2: 03:38:17 executing program 1: 03:38:18 executing program 3: 03:38:18 executing program 1: 03:38:18 executing program 5: 03:38:18 executing program 4: 03:38:18 executing program 2: 03:38:18 executing program 0: 03:38:18 executing program 3: 03:38:18 executing program 5: 03:38:18 executing program 2: 03:38:18 executing program 4: 03:38:18 executing program 1: 03:38:18 executing program 3: 03:38:18 executing program 0: 03:38:18 executing program 3: 03:38:18 executing program 1: 03:38:18 executing program 2: 03:38:18 executing program 5: 03:38:18 executing program 4: 03:38:18 executing program 0: 03:38:18 executing program 3: 03:38:18 executing program 5: 03:38:18 executing program 2: 03:38:18 executing program 1: 03:38:18 executing program 0: 03:38:18 executing program 4: 03:38:18 executing program 1: 03:38:18 executing program 5: 03:38:18 executing program 3: 03:38:18 executing program 2: 03:38:18 executing program 0: 03:38:18 executing program 1: 03:38:18 executing program 3: 03:38:18 executing program 4: 03:38:18 executing program 5: 03:38:18 executing program 2: 03:38:18 executing program 5: 03:38:18 executing program 0: 03:38:19 executing program 2: 03:38:19 executing program 1: 03:38:19 executing program 4: 03:38:19 executing program 3: 03:38:19 executing program 5: 03:38:19 executing program 0: 03:38:19 executing program 1: 03:38:19 executing program 2: ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000180)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4004010) perf_event_open$cgroup(&(0x7f00000000c0)={0x0, 0x70, 0x8001, 0x100000001, 0x400, 0x7, 0x0, 0x10000, 0x0, 0x2, 0x5, 0x5, 0x0, 0x401, 0x17b0, 0x5, 0x4, 0xec02, 0x0, 0x3, 0x0, 0x0, 0x0, 0x9, 0x0, 0x9, 0x9, 0x0, 0x1, 0x6, 0x0, 0x0, 0x8ca6, 0x0, 0x0, 0xfffffffffffffffe, 0x8, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x2020, 0xfff, 0x400, 0x0, 0xffffffff, 0x8, 0x7}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) r0 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r0, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) ioctl$TIOCLINUX2(0xffffffffffffffff, 0x541c, &(0x7f0000000540)={0x2, 0x4, 0x2, 0x4, 0x0, 0x6}) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000200)) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$EVIOCGKEY(r1, 0x80404518, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, 0x0, &(0x7f0000000180)) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) getsockopt$EBT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x81, &(0x7f0000000280)={'nat\x00', 0x0, 0x3, 0x0, [], 0x3, &(0x7f0000001b00)=[{}, {}, {}], 0x0}, &(0x7f00000003c0)=0x78) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz1\x00'}, 0x45c) 03:38:19 executing program 4: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x800000000040, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000100)=@in={0x2, 0x4e20}, 0x80) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{&(0x7f0000000400)=@ethernet={0x0, @dev}, 0x0, &(0x7f0000000480)}}], 0x6fdaec, 0x22, 0x0) 03:38:19 executing program 3: 03:38:19 executing program 5: 03:38:19 executing program 1: 03:38:19 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000200)=0x100000001, 0x4) connect$inet6(r1, &(0x7f0000000140), 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='pagemap\x00') sendfile(r1, r2, 0x0, 0xfffc) [ 200.985293][ T8081] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 201.017813][ C1] hrtimer: interrupt took 27130 ns 03:38:19 executing program 3: clone(0x100002102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_misc(r0, &(0x7f00000000c0)=ANY=[], 0x7fffffff) open(0x0, 0x0, 0x0) ioctl$EVIOCGMASK(0xffffffffffffffff, 0x80104592, 0x0) recvfrom(r1, &(0x7f0000000180)=""/184, 0xfffffffffffffd84, 0x10100, 0x0, 0xfffffffffffffd51) r3 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x0, 0x0) pread64(r3, &(0x7f0000002640)=""/207, 0xfffffede, 0x0) ioctl$BLKROSET(r3, 0x125d, &(0x7f00000004c0)=0x1) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) fcntl$getownex(r2, 0x10, &(0x7f0000000100)={0x0, 0x0}) r5 = getpgid(0x0) tgkill(r4, r5, 0x35) sendto$packet(r3, 0x0, 0x0, 0x10, &(0x7f0000000480)={0x11, 0x9, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) 03:38:19 executing program 5: r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x8040, 0x32) ioctl$KDSKBMETA(r0, 0x4b63, &(0x7f0000000300)=0x41b) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xed}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) rmdir(&(0x7f0000000040)='./bus\x00') r2 = socket$inet6(0xa, 0xffffffffffffffff, 0x1) r3 = fcntl$getown(r2, 0x9) ptrace$pokeuser(0x6, r3, 0x7fe, 0x2) ioctl(r1, 0x8912, &(0x7f00000008c0)) remap_file_pages(&(0x7f0000fee000/0xf000)=nil, 0xf000, 0x0, 0x0, 0x0) creat(0x0, 0x0) setxattr$security_selinux(0x0, 0x0, 0x0, 0x0, 0x0) rmdir(0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) mkdir(0x0, 0x0) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, 0x0, 0x0) ioctl$PIO_UNISCRNMAP(0xffffffffffffffff, 0x4b6a, 0x0) r4 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000880)={@remote, 0x800, 0x0, 0x3, 0x1}, 0x20) 03:38:19 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="020700001000000000000000000000000800120000000100000000000000000006000000000000000000000000000200e00040e0ff00000000000000000000000000ada8008004000000200000000000030006000000000002000080ac14ffbbf00000000000000003000500000000000200423b1d632bd7b8200000000000c7"], 0x80}}, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmmsg(r1, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 201.230524][ T8102] mmap: syz-executor.5 (8102) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. 03:38:19 executing program 0: r0 = epoll_create(0x800) r1 = socket$inet6_udp(0xa, 0x2, 0x0) epoll_ctl$EPOLL_CTL_DEL(r0, 0x2, r1) 03:38:19 executing program 5: r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x8040, 0x32) ioctl$KDSKBMETA(r0, 0x4b63, &(0x7f0000000300)=0x41b) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xed}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) rmdir(&(0x7f0000000040)='./bus\x00') r2 = socket$inet6(0xa, 0xffffffffffffffff, 0x1) r3 = fcntl$getown(r2, 0x9) ptrace$pokeuser(0x6, r3, 0x7fe, 0x2) ioctl(r1, 0x8912, &(0x7f00000008c0)) remap_file_pages(&(0x7f0000fee000/0xf000)=nil, 0xf000, 0x0, 0x0, 0x0) creat(0x0, 0x0) setxattr$security_selinux(0x0, 0x0, 0x0, 0x0, 0x0) rmdir(0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) mkdir(0x0, 0x0) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, 0x0, 0x0) ioctl$PIO_UNISCRNMAP(0xffffffffffffffff, 0x4b6a, 0x0) r4 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000880)={@remote, 0x800, 0x0, 0x3, 0x1}, 0x20) 03:38:19 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xf7c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f000094f000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff}) ioctl$EXT4_IOC_SWAP_BOOT(0xffffffffffffffff, 0x6611) fcntl$getown(r0, 0x9) 03:38:20 executing program 2: r0 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f00000001c0)=ANY=[], 0x9562545) clone(0x2100001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fremovexattr(r0, &(0x7f0000000380)=ANY=[@ANYBLOB='s']) creat(&(0x7f0000000200)='./file0\x00', 0x0) close(0xffffffffffffffff) 03:38:20 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(r0, 0x401845c0, 0x0) 03:38:20 executing program 5: r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x8040, 0x32) ioctl$KDSKBMETA(r0, 0x4b63, &(0x7f0000000300)=0x41b) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xed}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) rmdir(&(0x7f0000000040)='./bus\x00') r2 = socket$inet6(0xa, 0xffffffffffffffff, 0x1) r3 = fcntl$getown(r2, 0x9) ptrace$pokeuser(0x6, r3, 0x7fe, 0x2) ioctl(r1, 0x8912, &(0x7f00000008c0)) remap_file_pages(&(0x7f0000fee000/0xf000)=nil, 0xf000, 0x0, 0x0, 0x0) creat(0x0, 0x0) setxattr$security_selinux(0x0, 0x0, 0x0, 0x0, 0x0) rmdir(0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) mkdir(0x0, 0x0) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, 0x0, 0x0) ioctl$PIO_UNISCRNMAP(0xffffffffffffffff, 0x4b6a, 0x0) r4 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000880)={@remote, 0x800, 0x0, 0x3, 0x1}, 0x20) 03:38:20 executing program 4: ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)) syz_genetlink_get_family_id$tipc(&(0x7f0000000180)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4004010) perf_event_open$cgroup(&(0x7f00000000c0)={0x0, 0x70, 0x8001, 0x100000001, 0x0, 0x7, 0x0, 0x10000, 0x0, 0x2, 0x5, 0x5, 0xc457, 0x401, 0x17b0, 0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x9, 0x9, 0x0, 0x1, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x8, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x2020, 0xfff, 0x400, 0x0, 0x0, 0x8, 0x7}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r0, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) ioctl$TIOCLINUX2(0xffffffffffffffff, 0x541c, &(0x7f0000000540)={0x2, 0x4, 0x2, 0x4, 0x0, 0x6}) ioctl$EVIOCGKEY(0xffffffffffffffff, 0x80404518, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, &(0x7f0000000180)) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) 03:38:20 executing program 0: ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000900)={@loopback, 0x76}) sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x0) perf_event_open$cgroup(&(0x7f00000000c0)={0x0, 0x70, 0x8001, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x5, 0xc457, 0x401, 0x17b0, 0x0, 0x4, 0xec02, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x9, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x80, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xfff}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) r0 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r0, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) ioctl$TIOCLINUX2(0xffffffffffffffff, 0x541c, &(0x7f0000000540)={0x2, 0x4}) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000200)) ioctl$EVIOCGKEY(0xffffffffffffffff, 0x80404518, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, &(0x7f0000000180)) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) getsockopt$EBT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x81, &(0x7f0000000280)={'nat\x00', 0x0, 0x3, 0x0, [], 0x0, 0x0, 0x0}, &(0x7f00000003c0)=0x78) 03:38:20 executing program 5: r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x8040, 0x32) ioctl$KDSKBMETA(r0, 0x4b63, &(0x7f0000000300)=0x41b) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xed}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) rmdir(&(0x7f0000000040)='./bus\x00') r2 = socket$inet6(0xa, 0xffffffffffffffff, 0x1) r3 = fcntl$getown(r2, 0x9) ptrace$pokeuser(0x6, r3, 0x7fe, 0x2) ioctl(r1, 0x8912, &(0x7f00000008c0)) remap_file_pages(&(0x7f0000fee000/0xf000)=nil, 0xf000, 0x0, 0x0, 0x0) creat(0x0, 0x0) setxattr$security_selinux(0x0, 0x0, 0x0, 0x0, 0x0) rmdir(0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) mkdir(0x0, 0x0) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, 0x0, 0x0) ioctl$PIO_UNISCRNMAP(0xffffffffffffffff, 0x4b6a, 0x0) r4 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000880)={@remote, 0x800, 0x0, 0x3, 0x1}, 0x20) 03:38:20 executing program 3: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) mkdir(&(0x7f00000000c0)='./file0/file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x2001002, 0x0) rename(&(0x7f0000000200)='./file0/file0\x00', &(0x7f0000000240)='./file0/file1\x00') 03:38:20 executing program 5: r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x8040, 0x32) ioctl$KDSKBMETA(r0, 0x4b63, &(0x7f0000000300)=0x41b) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xed}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) rmdir(&(0x7f0000000040)='./bus\x00') r2 = socket$inet6(0xa, 0xffffffffffffffff, 0x1) r3 = fcntl$getown(r2, 0x9) ptrace$pokeuser(0x6, r3, 0x7fe, 0x2) ioctl(r1, 0x8912, &(0x7f00000008c0)="f59e131e79f154a7d8171700400892ac23a823df9a188cde74d4a3379c26e9b94a664c6d4b7c7f2f7c807f5604e9f25fa7138c150b99b2eee500086426593d107ca2923a9447ac9bbe11e112c02106e636c510c7cd19c23efc691bb6b74fd01ce3d482cc82596cb35afd36aab53f0becccd9467d6ed52e1f46871defe59a2bb2bd838b39bb55dc87db8add86369a9880766feed61cb6083493927e964c7e7ed0e3570d76e4752b53c92d6888ac12f003402ce08acab246541c36622e935c58d9b8cffb1735c98505cb6e1896445a7d74") r4 = socket$inet6(0xa, 0x3, 0x6) r5 = syz_open_procfs(0x0, &(0x7f0000000340)='net/ip6_flowlabel\x00n\xc01\x14\x894X\xed\xc1\xc9\xd8\xdcK\r\x8d\xae\x98&@\xd0\xe6\xbbQ\xd7\xffYn\x1c\x92\xde\x0e\xaa1\x91\x98\xe9\x1f\nMCi|+\xcdw\xf0\x176Z\xf1`\xac\xf3;\xd6d2\xeb\xe5\f\x0e\x8b\xda\xf7\xfc9\xfe\xff4\xef\'\xa19q\x93\"\x7fG3\xc1E\xe6e6\xc6\xc2u\x11% \xe7+0\x97\x84;\\\xda\xc4\x80\xc3\xb18N\xbfY%\x05\xf8\x85\x89\xfc\xd2\xd7') sendfile(r4, r5, &(0x7f00000000c0)=0x202, 0x8) 03:38:20 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\b', 0x8001}) ioctl$sock_ifreq(r0, 0x8923, &(0x7f0000000080)={'eql\x00\x00\x00\x10\x00\x00\xff\xff\xff\xe1\xff\xe9\x00', @ifru_ivalue=0x10e8}) 03:38:20 executing program 4: ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)) syz_genetlink_get_family_id$tipc(&(0x7f0000000180)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4004010) perf_event_open$cgroup(&(0x7f00000000c0)={0x0, 0x70, 0x8001, 0x100000001, 0x0, 0x7, 0x0, 0x10000, 0x0, 0x2, 0x5, 0x5, 0xc457, 0x401, 0x17b0, 0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x9, 0x9, 0x0, 0x1, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x8, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x2020, 0xfff, 0x400, 0x0, 0x0, 0x8, 0x7}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r0, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) ioctl$TIOCLINUX2(0xffffffffffffffff, 0x541c, &(0x7f0000000540)={0x2, 0x4, 0x2, 0x4, 0x0, 0x6}) ioctl$EVIOCGKEY(0xffffffffffffffff, 0x80404518, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, &(0x7f0000000180)) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) 03:38:20 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup\x00\f#\x9f\xd0\x85\xac\xc4\x9b\x81-\xb3\xd7=C\xea', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file1\x00', 0x0) write$P9_RSTATu(r1, &(0x7f0000000040)=ANY=[], 0x445144e9) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0) r2 = open$dir(&(0x7f0000000100)='./file1\x00', 0x0, 0x0) lseek(r2, 0x0, 0x4) socketpair$unix(0x1, 0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, 0x0) close(r2) 03:38:20 executing program 3: pipe(&(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000040)=0x72, 0x4) bind$inet(r3, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) write$binfmt_script(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB], 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r4, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000)=0xda9, 0x4) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x8001, 0x0) [ 202.681858][ T8260] è: renamed from eql 03:38:21 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000880)={@remote, 0x0, 0x0, 0x3, 0x1}, 0x20) 03:38:21 executing program 0: ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000900)={@loopback, 0x76}) sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x0) perf_event_open$cgroup(&(0x7f00000000c0)={0x0, 0x70, 0x8001, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x5, 0xc457, 0x401, 0x17b0, 0x0, 0x4, 0xec02, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x9, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x80, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xfff}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) r0 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r0, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) ioctl$TIOCLINUX2(0xffffffffffffffff, 0x541c, &(0x7f0000000540)={0x2, 0x4}) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000200)) ioctl$EVIOCGKEY(0xffffffffffffffff, 0x80404518, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, &(0x7f0000000180)) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) getsockopt$EBT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x81, &(0x7f0000000280)={'nat\x00', 0x0, 0x3, 0x0, [], 0x0, 0x0, 0x0}, &(0x7f00000003c0)=0x78) 03:38:21 executing program 5: ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000900)={@loopback, 0x76}) sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4004010) perf_event_open$cgroup(&(0x7f00000000c0)={0x0, 0x70, 0x8001, 0x100000001, 0x400, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x5, 0xc457, 0x401, 0x17b0, 0x0, 0x4, 0xec02, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x9, 0x0, 0x1, 0x6, 0x0, 0x0, 0x8ca6, 0x0, 0x0, 0xfffffffffffffffe, 0x8, 0x80, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0xfff, 0x400, 0x0, 0x0, 0x0, 0x7}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) r0 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r0, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) ioctl$TIOCLINUX2(0xffffffffffffffff, 0x541c, &(0x7f0000000540)={0x2, 0x4}) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000200)) r1 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffff9c, 0xc0106434, 0x0) ioctl$EVIOCGKEY(r1, 0x80404518, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, 0x0, &(0x7f0000000180)) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) getsockopt$EBT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x81, &(0x7f0000000280)={'nat\x00', 0x0, 0x3, 0x0, [], 0x6, &(0x7f0000001b00)=[{}, {}, {}, {}, {}, {}], 0x0}, &(0x7f00000003c0)=0x78) 03:38:21 executing program 4: ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)) syz_genetlink_get_family_id$tipc(&(0x7f0000000180)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4004010) perf_event_open$cgroup(&(0x7f00000000c0)={0x0, 0x70, 0x8001, 0x100000001, 0x0, 0x7, 0x0, 0x10000, 0x0, 0x2, 0x5, 0x5, 0xc457, 0x401, 0x17b0, 0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x9, 0x9, 0x0, 0x1, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x8, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x2020, 0xfff, 0x400, 0x0, 0x0, 0x8, 0x7}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r0, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) ioctl$TIOCLINUX2(0xffffffffffffffff, 0x541c, &(0x7f0000000540)={0x2, 0x4, 0x2, 0x4, 0x0, 0x6}) ioctl$EVIOCGKEY(0xffffffffffffffff, 0x80404518, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, &(0x7f0000000180)) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0)