[ 33.697097][ T26] audit: type=1800 audit(1554684211.932:27): pid=7336 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 33.719958][ T26] audit: type=1800 audit(1554684211.932:28): pid=7336 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 34.581970][ T26] audit: type=1800 audit(1554684212.862:29): pid=7336 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 34.605259][ T26] audit: type=1800 audit(1554684212.862:30): pid=7336 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.13' (ECDSA) to the list of known hosts. 2019/04/08 00:43:42 fuzzer started 2019/04/08 00:43:45 dialing manager at 10.128.0.26:34543 2019/04/08 00:43:45 syscalls: 2408 2019/04/08 00:43:45 code coverage: enabled 2019/04/08 00:43:45 comparison tracing: enabled 2019/04/08 00:43:45 extra coverage: extra coverage is not supported by the kernel 2019/04/08 00:43:45 setuid sandbox: enabled 2019/04/08 00:43:45 namespace sandbox: enabled 2019/04/08 00:43:45 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/08 00:43:45 fault injection: enabled 2019/04/08 00:43:45 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/08 00:43:45 net packet injection: enabled 2019/04/08 00:43:45 net device setup: enabled 00:45:46 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f00000007c0)='./file0\x00', 0x0) truncate(&(0x7f00000000c0)='./file0\x00', 0x0) syzkaller login: [ 168.303832][ T7501] IPVS: ftp: loaded support on port[0] = 21 00:45:46 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) stat(&(0x7f00000000c0)='./file0/file0\x00', 0x0) open(&(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0) read$FUSE(r0, 0x0, 0x0) [ 168.420200][ T7501] chnl_net:caif_netlink_parms(): no params data found [ 168.507088][ T7501] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.515393][ T7501] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.523573][ T7501] device bridge_slave_0 entered promiscuous mode [ 168.539700][ T7504] IPVS: ftp: loaded support on port[0] = 21 [ 168.546251][ T7501] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.558832][ T7501] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.566935][ T7501] device bridge_slave_1 entered promiscuous mode 00:45:46 executing program 2: r0 = openat$pfkey(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFCONF(r0, 0x8912, &(0x7f0000000300)) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x400000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$setstatus(r1, 0x4, 0x6400) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.net/syz1\x00', 0x1ff) ioctl$KVM_GET_CLOCK(r0, 0x8030ae7c, &(0x7f00000001c0)) recvmmsg(0xffffffffffffffff, &(0x7f0000003500)=[{{0x0, 0x0, &(0x7f0000002580)=[{&(0x7f00000012c0)=""/115, 0x73}], 0x1}}], 0x1, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000100)='net/ip_mr_cache\x00') setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) prctl$PR_GET_FP_MODE(0x2e) preadv(r3, &(0x7f0000000480), 0x10000000000002a1, 0x4000000000000000) readlinkat(r2, 0x0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) pipe(0x0) [ 168.604827][ T7501] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 168.624322][ T7501] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 168.701771][ T7501] team0: Port device team_slave_0 added [ 168.744308][ T7501] team0: Port device team_slave_1 added [ 168.763643][ T7504] chnl_net:caif_netlink_parms(): no params data found 00:45:47 executing program 3: syz_emit_ethernet(0x6e, &(0x7f0000000000)={@link_local, @broadcast, [], {@ipv6={0x86dd, {0x0, 0x6, "02290f", 0x38, 0x3a, 0x0, @ipv4, @mcast2, {[], @icmpv6=@pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "9433df", 0x0, 0x4, 0x0, @loopback={0x4}, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb]}, [], "802a08000000006b"}}}}}}}, 0x0) [ 168.843601][ T7501] device hsr_slave_0 entered promiscuous mode [ 168.902187][ T7501] device hsr_slave_1 entered promiscuous mode [ 168.972799][ T7501] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.980021][ T7501] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.988049][ T7501] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.995179][ T7501] bridge0: port 1(bridge_slave_0) entered forwarding state [ 169.016192][ T7507] IPVS: ftp: loaded support on port[0] = 21 00:45:47 executing program 4: mlockall(0x5) clone(0xfffefffffffffffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vfio(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vfio/vfio\x00', 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) futex(&(0x7f0000000100)=0x2, 0x1, 0x2, &(0x7f0000000200)={r1, r2+30000000}, &(0x7f0000000240)=0x2, 0x0) ioctl$TIOCGETD(r0, 0x5424, &(0x7f0000000140)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) mlockall(0x4) [ 169.028265][ T7509] IPVS: ftp: loaded support on port[0] = 21 [ 169.114554][ T7504] bridge0: port 1(bridge_slave_0) entered blocking state [ 169.122075][ T7504] bridge0: port 1(bridge_slave_0) entered disabled state [ 169.130072][ T7504] device bridge_slave_0 entered promiscuous mode [ 169.148230][ T7504] bridge0: port 2(bridge_slave_1) entered blocking state [ 169.158512][ T7504] bridge0: port 2(bridge_slave_1) entered disabled state [ 169.166843][ T7504] device bridge_slave_1 entered promiscuous mode [ 169.220739][ T7501] 8021q: adding VLAN 0 to HW filter on device bond0 [ 169.294874][ T7510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 169.304185][ T7512] IPVS: ftp: loaded support on port[0] = 21 [ 169.316780][ T7510] bridge0: port 1(bridge_slave_0) entered disabled state 00:45:47 executing program 5: syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe800, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(0x0, 0x0, 0x61) r1 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r0, 0xc08c5335, &(0x7f0000000640)={0x100000000, 0x1, 0x7ff, 'queue0\x00', 0x35670935}) fchdir(r1) quotactl(0x3ff, &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000002c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz0\x00', 0x200002, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) write(0xffffffffffffffff, &(0x7f0000000400), 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) [ 169.339120][ T7510] bridge0: port 2(bridge_slave_1) entered disabled state [ 169.350824][ T7510] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 169.365471][ T7504] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 169.379063][ T7501] 8021q: adding VLAN 0 to HW filter on device team0 [ 169.417340][ T7504] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 169.496942][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 169.506419][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 169.509285][ T7516] IPVS: ftp: loaded support on port[0] = 21 [ 169.515104][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 169.527563][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 169.554242][ T7507] chnl_net:caif_netlink_parms(): no params data found [ 169.569625][ T7504] team0: Port device team_slave_0 added [ 169.577390][ T7504] team0: Port device team_slave_1 added [ 169.590525][ T7509] chnl_net:caif_netlink_parms(): no params data found [ 169.605223][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 169.614312][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 169.622812][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 169.629853][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 169.674235][ T7507] bridge0: port 1(bridge_slave_0) entered blocking state [ 169.681825][ T7507] bridge0: port 1(bridge_slave_0) entered disabled state [ 169.689487][ T7507] device bridge_slave_0 entered promiscuous mode [ 169.764478][ T7504] device hsr_slave_0 entered promiscuous mode [ 169.801432][ T7504] device hsr_slave_1 entered promiscuous mode [ 169.848540][ T7519] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 169.857658][ T7507] bridge0: port 2(bridge_slave_1) entered blocking state [ 169.865219][ T7507] bridge0: port 2(bridge_slave_1) entered disabled state [ 169.873278][ T7507] device bridge_slave_1 entered promiscuous mode [ 169.894622][ T7507] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 169.912901][ T7507] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 169.964623][ T7509] bridge0: port 1(bridge_slave_0) entered blocking state [ 169.971946][ T7509] bridge0: port 1(bridge_slave_0) entered disabled state [ 169.979536][ T7509] device bridge_slave_0 entered promiscuous mode [ 169.987414][ T7509] bridge0: port 2(bridge_slave_1) entered blocking state [ 169.995282][ T7509] bridge0: port 2(bridge_slave_1) entered disabled state [ 170.003398][ T7509] device bridge_slave_1 entered promiscuous mode [ 170.011698][ T7507] team0: Port device team_slave_0 added [ 170.022616][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 170.046926][ T7512] chnl_net:caif_netlink_parms(): no params data found [ 170.063402][ T7507] team0: Port device team_slave_1 added [ 170.070099][ T7509] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 170.094398][ T7510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 170.103445][ T7510] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 170.114741][ T7509] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 170.173577][ T7507] device hsr_slave_0 entered promiscuous mode [ 170.231430][ T7507] device hsr_slave_1 entered promiscuous mode [ 170.271791][ T7510] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 170.286353][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 170.295057][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 170.324007][ T7509] team0: Port device team_slave_0 added [ 170.338846][ T7501] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 170.349655][ T7501] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 170.372900][ T7509] team0: Port device team_slave_1 added [ 170.381646][ T7512] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.388719][ T7512] bridge0: port 1(bridge_slave_0) entered disabled state [ 170.397779][ T7512] device bridge_slave_0 entered promiscuous mode [ 170.407672][ T7510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 170.416163][ T7510] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 170.425014][ T7510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 170.433594][ T7510] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 170.442028][ T7510] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 170.534700][ T7509] device hsr_slave_0 entered promiscuous mode [ 170.571395][ T7509] device hsr_slave_1 entered promiscuous mode [ 170.631467][ T7512] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.638544][ T7512] bridge0: port 2(bridge_slave_1) entered disabled state [ 170.646349][ T7512] device bridge_slave_1 entered promiscuous mode [ 170.688192][ T7516] chnl_net:caif_netlink_parms(): no params data found [ 170.710344][ T7512] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 170.720274][ T7512] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 170.744552][ T7501] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 170.776298][ T7512] team0: Port device team_slave_0 added [ 170.793546][ T7512] team0: Port device team_slave_1 added [ 170.824665][ T7516] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.831915][ T7516] bridge0: port 1(bridge_slave_0) entered disabled state [ 170.839701][ T7516] device bridge_slave_0 entered promiscuous mode [ 170.865515][ T7509] 8021q: adding VLAN 0 to HW filter on device bond0 [ 170.873903][ T7516] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.895889][ T7516] bridge0: port 2(bridge_slave_1) entered disabled state [ 170.903700][ T7516] device bridge_slave_1 entered promiscuous mode [ 170.923175][ T7516] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 170.956102][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 170.965478][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 00:45:49 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000004c0)='/dev/loop#\x00', 0x0, 0x105082) syz_genetlink_get_family_id$tipc(0x0) r1 = memfd_create(&(0x7f0000000280)='IPVS\x00', 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_CAPACITY(r0, 0x4c07) [ 170.985212][ T7509] 8021q: adding VLAN 0 to HW filter on device team0 [ 171.003108][ T7507] 8021q: adding VLAN 0 to HW filter on device bond0 [ 171.024077][ T7504] 8021q: adding VLAN 0 to HW filter on device bond0 [ 171.033965][ T7516] bond0: Enslaving bond_slave_1 as an active interface with an up link 00:45:49 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil) mmap(&(0x7f00008da000/0x1000)=nil, 0x1000, 0x0, 0xb4972, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x4002) io_setup(0x3, &(0x7f0000000080)=0x0) io_submit(r1, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 171.104072][ T7512] device hsr_slave_0 entered promiscuous mode [ 171.141540][ T7512] device hsr_slave_1 entered promiscuous mode [ 171.208205][ T7507] 8021q: adding VLAN 0 to HW filter on device team0 [ 171.230322][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 171.239803][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 171.249109][ T2402] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.256224][ T2402] bridge0: port 1(bridge_slave_0) entered forwarding state [ 171.259918][ C1] hrtimer: interrupt took 29136 ns [ 171.265090][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 171.277928][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 171.286730][ T2402] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.293856][ T2402] bridge0: port 2(bridge_slave_1) entered forwarding state [ 171.302301][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 171.310147][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 171.318112][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 171.327038][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 171.335216][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 171.378699][ T7516] team0: Port device team_slave_0 added [ 171.390093][ T7516] team0: Port device team_slave_1 added [ 171.400090][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 171.412035][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 171.420483][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 171.429722][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 171.438687][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 171.447234][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 171.455715][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 171.463995][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 171.472267][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 171.480750][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 171.489117][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.496182][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 171.504104][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 171.512775][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 171.521095][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.528150][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 171.535873][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 171.544452][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 171.556803][ T7504] 8021q: adding VLAN 0 to HW filter on device team0 [ 171.568546][ T7509] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 00:45:49 executing program 0: syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00') socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil) mmap(&(0x7f00008da000/0x1000)=nil, 0x1000, 0x0, 0xb4972, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4000, 0x0, &(0x7f0000002000/0x4000)=nil) r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x4002) io_setup(0x3, &(0x7f0000000080)=0x0) io_submit(r1, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}]) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getdents64(r0, 0x0, 0x0) [ 171.587185][ T7507] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 171.599445][ T7507] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 171.612159][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 171.620032][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 171.628239][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 171.637374][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 171.646070][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 171.657395][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 171.665909][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 171.676950][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 171.685553][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 171.694079][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 171.749152][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 171.758031][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 171.770083][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 171.779739][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 171.793224][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.800646][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 171.814398][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 171.825058][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 171.837180][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.844302][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 171.852046][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 171.897530][ T7516] device hsr_slave_0 entered promiscuous mode 00:45:50 executing program 0: syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00') socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil) mmap(&(0x7f00008da000/0x1000)=nil, 0x1000, 0x0, 0xb4972, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4000, 0x0, &(0x7f0000002000/0x4000)=nil) r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x4002) io_setup(0x3, &(0x7f0000000080)=0x0) io_submit(r1, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}]) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getdents64(r0, 0x0, 0x0) [ 171.951373][ T7516] device hsr_slave_1 entered promiscuous mode [ 172.009039][ T7510] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 172.029979][ T7510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 172.044685][ T7510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 172.056169][ T7510] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 172.068450][ T7510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 172.079502][ T7510] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 172.094015][ T7510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 172.105677][ T7510] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 172.122434][ T7509] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 172.135465][ T7512] 8021q: adding VLAN 0 to HW filter on device bond0 [ 172.152142][ T7504] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 172.167769][ T7504] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 172.178608][ T7510] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 172.192939][ T7510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 172.201565][ T7510] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 172.217931][ T7507] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 172.235009][ T7519] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 172.243232][ T7519] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 172.262792][ T7512] 8021q: adding VLAN 0 to HW filter on device team0 [ 172.295942][ T7504] 8021q: adding VLAN 0 to HW filter on device batadv0 00:45:50 executing program 0: syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00') socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil) mmap(&(0x7f00008da000/0x1000)=nil, 0x1000, 0x0, 0xb4972, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4000, 0x0, &(0x7f0000002000/0x4000)=nil) r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x4002) io_setup(0x3, &(0x7f0000000080)=0x0) io_submit(r1, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}]) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getdents64(r0, 0x0, 0x0) [ 172.345058][ T7510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 172.357895][ T7510] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready 00:45:50 executing program 2: setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0) r0 = dup(0xffffffffffffffff) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, &(0x7f0000000040), &(0x7f00000001c0)=0x4) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=0x201, 0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000140)='/dev/loop#\x00', 0x0, 0x100082) r2 = memfd_create(&(0x7f00000002c0)='wlan1\x00d5sum\x00', 0x100000000) ioctl$FS_IOC_FIEMAP(r2, 0xc020660b, &(0x7f0000000900)={0x3, 0x3f, 0x1, 0x0, 0x7, [{0x4, 0x2, 0x1, 0x0, 0x0, 0x408}, {0x1f, 0x6, 0x2, 0x0, 0x0, 0x2}, {0x0, 0x3, 0x8001, 0x0, 0x0, 0x1a89}, {0x7fffffff, 0xfffffffffffff4d9, 0xd27e, 0x0, 0x0, 0x200}, {0x5a28, 0x24000000000000, 0x0, 0x0, 0x0, 0x1000}, {0x1ff, 0x40, 0x10001, 0x0, 0x0, 0x8}, {0xffffffff, 0xfff, 0x80, 0x0, 0x0, 0x2}]}) flock(r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f0000000480)={{0x7fffffff, 0x2}, 'port1\x00', 0x20, 0x20000, 0x296, 0x5, 0xfffffffffffffffa, 0x1ff, 0x2, 0x0, 0x5, 0x7}) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) pwritev(r2, &(0x7f00000000c0)=[{&(0x7f00000005c0)='\'', 0x1}], 0x1, 0x81806) fsetxattr$security_smack_transmute(r2, &(0x7f0000000000)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000080)='TRUE', 0x4, 0x0) migrate_pages(0x0, 0x400, &(0x7f0000000240)=0xfffffffffffffffb, &(0x7f0000000300)=0x5) sendfile(r1, r2, 0x0, 0x20000102000007) listen(0xffffffffffffffff, 0x0) 00:45:50 executing program 3: openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$loop(&(0x7f00000004c0)='/dev/loop#\x00', 0x0, 0x105082) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') msgctl$IPC_STAT(0x0, 0x2, &(0x7f0000000500)=""/4096) prctl$PR_GET_FPEMU(0x9, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, 0xffffffffffffffff) ioctl$LOOP_SET_CAPACITY(r0, 0x4c07) [ 172.394932][ T7510] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.402448][ T7510] bridge0: port 1(bridge_slave_0) entered forwarding state [ 172.458081][ T7510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 172.475957][ T7510] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 172.503484][ T7510] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.510600][ T7510] bridge0: port 2(bridge_slave_1) entered forwarding state [ 172.567454][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 172.608338][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 172.650576][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 172.671744][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 172.687163][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 172.731227][ T7510] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 172.743877][ T7510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 172.780427][ T7510] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 172.827854][ T7510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 172.860461][ T7510] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 172.885168][ T7510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 172.904046][ T7510] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 172.925616][ T7512] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 172.954163][ T7516] 8021q: adding VLAN 0 to HW filter on device bond0 [ 172.999229][ T7512] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 173.037750][ T7516] 8021q: adding VLAN 0 to HW filter on device team0 [ 173.061394][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 173.069147][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 173.181505][ T7510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 173.190150][ T7510] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 173.205592][ T7510] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.212735][ T7510] bridge0: port 1(bridge_slave_0) entered forwarding state [ 173.214711][ T7510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 173.234544][ T7510] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 173.245916][ T7510] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.253056][ T7510] bridge0: port 2(bridge_slave_1) entered forwarding state [ 173.312957][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 173.325747][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 173.339992][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 173.366635][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 173.395145][ T2402] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 173.445613][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 173.459780][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 173.499511][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 173.528921][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 173.554932][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 173.607390][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 173.644216][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 173.681418][ T7516] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 00:45:52 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000080)={0x0, 0x7530}, 0x10) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendmsg$TIPC_NL_PEER_REMOVE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB], 0x1}}, 0x4c080) setsockopt$inet_tcp_int(r1, 0x6, 0x2000000000000013, &(0x7f0000000180)=0x1, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000380)=0x1, 0x4) r2 = open(&(0x7f0000000280)='./file0\x00', 0x110000141042, 0x0) write$P9_RREADDIR(r1, &(0x7f00000001c0)=ANY=[@ANYBLOB='0'], 0x1) ftruncate(r2, 0x10099b7) sendfile(r0, r2, 0x0, 0x88000fbfffffc) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) 00:45:52 executing program 1: 00:45:52 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f00000007c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000240)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000480)={0x29, 0x4, 0x0, {0x1, 0xffffffff00000000, 0x1, 0x0, [0x0]}}, 0x29) [ 173.830597][ T7516] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 173.866894][ T7582] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 174.041938][ T7582] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7582 [ 174.052023][ T7582] caller is ip6_finish_output+0x335/0xdc0 [ 174.057771][ T7582] CPU: 0 PID: 7582 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 174.066795][ T7582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 174.077572][ T7582] Call Trace: [ 174.080876][ T7582] dump_stack+0x172/0x1f0 [ 174.085230][ T7582] __this_cpu_preempt_check+0x246/0x270 [ 174.090782][ T7582] ip6_finish_output+0x335/0xdc0 [ 174.095728][ T7582] ip6_output+0x235/0x7f0 [ 174.100064][ T7582] ? ip6_finish_output+0xdc0/0xdc0 [ 174.105184][ T7582] ? ip6_fragment+0x3980/0x3980 [ 174.111022][ T7582] ? nf_tables_rule_destroy+0x128/0x140 [ 174.116575][ T7582] ip6_xmit+0xe41/0x20c0 [ 174.120838][ T7582] ? ip6_finish_output2+0x2550/0x2550 [ 174.126212][ T7582] ? mark_held_locks+0xf0/0xf0 [ 174.130980][ T7582] ? ip6_setup_cork+0x1870/0x1870 [ 174.136018][ T7582] ? nf_tables_rule_destroy+0xd0/0x140 [ 174.141484][ T7582] inet6_csk_xmit+0x2fb/0x5d0 [ 174.146168][ T7582] ? inet6_csk_update_pmtu+0x190/0x190 [ 174.151626][ T7582] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 174.157878][ T7582] ? csum_ipv6_magic+0x20/0x80 [ 174.162651][ T7582] __tcp_transmit_skb+0x1a32/0x3750 [ 174.167860][ T7582] ? __tcp_select_window+0x8b0/0x8b0 [ 174.173164][ T7582] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 174.179403][ T7582] ? tcp_fastopen_no_cookie+0xe0/0x190 [ 174.184864][ T7582] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 174.191162][ T7582] tcp_connect+0x1e47/0x4280 [ 174.195765][ T7582] ? tcp_push_one+0x110/0x110 [ 174.200451][ T7582] ? secure_tcpv6_ts_off+0x24f/0x360 [ 174.205737][ T7582] ? secure_dccpv6_sequence_number+0x280/0x280 [ 174.211902][ T7582] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 174.218153][ T7582] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 174.224417][ T7582] ? prandom_u32_state+0x13/0x180 [ 174.229445][ T7582] tcp_v6_connect+0x150b/0x20a0 [ 174.234308][ T7582] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 174.239686][ T7582] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 174.244977][ T7582] ? __switch_to_asm+0x34/0x70 [ 174.249742][ T7582] ? __switch_to_asm+0x40/0x70 [ 174.254782][ T7582] ? find_held_lock+0x35/0x130 [ 174.259546][ T7582] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 174.265184][ T7582] __inet_stream_connect+0x83f/0xea0 [ 174.270473][ T7582] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 174.275758][ T7582] ? __inet_stream_connect+0x83f/0xea0 [ 174.281233][ T7582] ? inet_dgram_connect+0x2e0/0x2e0 [ 174.286437][ T7582] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 174.291813][ T7582] ? rcu_read_lock_sched_held+0x110/0x130 [ 174.297533][ T7582] ? kmem_cache_alloc_trace+0x354/0x760 [ 174.303079][ T7582] ? __lock_acquire+0x548/0x3fb0 [ 174.308130][ T7582] tcp_sendmsg_locked+0x231f/0x37f0 [ 174.313331][ T7582] ? mark_held_locks+0xf0/0xf0 [ 174.318096][ T7582] ? mark_held_locks+0xa4/0xf0 [ 174.323148][ T7582] ? tcp_sendpage+0x60/0x60 [ 174.327648][ T7582] ? lock_sock_nested+0x9a/0x120 [ 174.332588][ T7582] ? trace_hardirqs_on+0x67/0x230 [ 174.337615][ T7582] ? lock_sock_nested+0x9a/0x120 [ 174.342551][ T7582] ? __local_bh_enable_ip+0x15a/0x270 [ 174.347932][ T7582] tcp_sendmsg+0x30/0x50 [ 174.352177][ T7582] inet_sendmsg+0x147/0x5e0 [ 174.356678][ T7582] ? ipip_gro_receive+0x100/0x100 [ 174.361705][ T7582] sock_sendmsg+0xdd/0x130 [ 174.366138][ T7582] __sys_sendto+0x262/0x380 [ 174.370641][ T7582] ? __ia32_sys_getpeername+0xb0/0xb0 [ 174.376029][ T7582] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 174.382287][ T7582] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 174.387746][ T7582] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 174.393207][ T7582] ? do_syscall_64+0x26/0x610 [ 174.397881][ T7582] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 174.403956][ T7582] __x64_sys_sendto+0xe1/0x1a0 [ 174.408723][ T7582] do_syscall_64+0x103/0x610 [ 174.413317][ T7582] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 174.419207][ T7582] RIP: 0033:0x4582b9 [ 174.423107][ T7582] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 174.442717][ T7582] RSP: 002b:00007f4a461dac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 174.451134][ T7582] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 174.459118][ T7582] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 174.467094][ T7582] RBP: 000000000073bf00 R08: 0000000020000100 R09: 000000000000001c [ 174.475066][ T7582] R10: 0000000020000008 R11: 0000000000000246 R12: 00007f4a461db6d4 [ 174.483043][ T7582] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff 00:45:53 executing program 1: 00:45:53 executing program 4: mlockall(0x5) clone(0xfffefffffffffffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vfio(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vfio/vfio\x00', 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) futex(&(0x7f0000000100)=0x2, 0x1, 0x2, &(0x7f0000000200)={r1, r2+30000000}, &(0x7f0000000240)=0x2, 0x0) ioctl$TIOCGETD(r0, 0x5424, &(0x7f0000000140)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) mlockall(0x4) 00:45:53 executing program 5: [ 174.882841][ T7582] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7582 [ 174.892630][ T7582] caller is ip6_finish_output+0x335/0xdc0 [ 174.898368][ T7582] CPU: 0 PID: 7582 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 174.907384][ T7582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 174.917443][ T7582] Call Trace: [ 174.920752][ T7582] dump_stack+0x172/0x1f0 [ 174.925107][ T7582] __this_cpu_preempt_check+0x246/0x270 [ 174.930666][ T7582] ip6_finish_output+0x335/0xdc0 [ 174.935619][ T7582] ip6_output+0x235/0x7f0 [ 174.941410][ T7582] ? ip6_finish_output+0xdc0/0xdc0 [ 174.946532][ T7582] ? ip6_fragment+0x3980/0x3980 [ 174.951521][ T7582] ip6_xmit+0xe41/0x20c0 [ 174.955769][ T7582] ? find_held_lock+0x35/0x130 [ 174.960552][ T7582] ? ip6_finish_output2+0x2550/0x2550 [ 174.965934][ T7582] ? mark_held_locks+0xf0/0xf0 [ 174.970883][ T7582] ? ip6_setup_cork+0x1870/0x1870 [ 174.975932][ T7582] inet6_csk_xmit+0x2fb/0x5d0 [ 174.980639][ T7582] ? inet6_csk_update_pmtu+0x190/0x190 [ 174.986140][ T7582] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 174.992394][ T7582] ? csum_ipv6_magic+0x20/0x80 [ 174.997177][ T7582] __tcp_transmit_skb+0x1a32/0x3750 [ 175.002381][ T7582] ? memcpy+0x46/0x50 [ 175.006380][ T7582] ? __tcp_select_window+0x8b0/0x8b0 [ 175.011689][ T7582] ? tcp_rbtree_insert+0x188/0x200 [ 175.016822][ T7582] tcp_send_synack+0x4b0/0x15b0 [ 175.021691][ T7582] ? tcp_send_active_reset+0x8e0/0x8e0 [ 175.027166][ T7582] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 175.034718][ T7582] ? tcp_sync_mss+0x2ee/0xa30 [ 175.039417][ T7582] tcp_rcv_state_process+0x225d/0x4d93 [ 175.044888][ T7582] ? tcp_finish_connect+0x510/0x510 [ 175.044920][ T7582] ? __release_sock+0xca/0x3a0 [ 175.054857][ T7582] ? find_held_lock+0x35/0x130 [ 175.059622][ T7582] ? mark_held_locks+0xa4/0xf0 [ 175.064403][ T7582] ? __local_bh_enable_ip+0x15a/0x270 [ 175.069782][ T7582] ? _raw_spin_unlock_bh+0x31/0x40 [ 175.074892][ T7582] ? __local_bh_enable_ip+0x15a/0x270 [ 175.074913][ T7582] tcp_v6_do_rcv+0x7da/0x12c0 [ 175.074922][ T7582] ? tcp_v6_do_rcv+0x7da/0x12c0 [ 175.074943][ T7582] __release_sock+0x12e/0x3a0 [ 175.094468][ T7582] release_sock+0x59/0x1c0 [ 175.098910][ T7582] __inet_stream_connect+0x59f/0xea0 [ 175.104222][ T7582] ? inet_dgram_connect+0x2e0/0x2e0 [ 175.109431][ T7582] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 175.114802][ T7582] ? do_wait_intr_irq+0x2b0/0x2b0 [ 175.114816][ T7582] ? __lock_acquire+0x548/0x3fb0 [ 175.114838][ T7582] tcp_sendmsg_locked+0x231f/0x37f0 [ 175.114855][ T7582] ? mark_held_locks+0xf0/0xf0 [ 175.124812][ T7582] ? mark_held_locks+0xa4/0xf0 [ 175.134743][ T7582] ? tcp_sendpage+0x60/0x60 [ 175.134756][ T7582] ? lock_sock_nested+0x9a/0x120 [ 175.134768][ T7582] ? trace_hardirqs_on+0x67/0x230 [ 175.134780][ T7582] ? lock_sock_nested+0x9a/0x120 [ 175.134798][ T7582] ? __local_bh_enable_ip+0x15a/0x270 [ 175.164279][ T7582] tcp_sendmsg+0x30/0x50 [ 175.168537][ T7582] inet_sendmsg+0x147/0x5e0 [ 175.173067][ T7582] ? ipip_gro_receive+0x100/0x100 [ 175.178102][ T7582] sock_sendmsg+0xdd/0x130 [ 175.182534][ T7582] __sys_sendto+0x262/0x380 [ 175.187075][ T7582] ? __ia32_sys_getpeername+0xb0/0xb0 [ 175.192471][ T7582] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 175.198735][ T7582] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 175.204218][ T7582] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 175.209704][ T7582] ? do_syscall_64+0x26/0x610 [ 175.214397][ T7582] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 175.220746][ T7582] __x64_sys_sendto+0xe1/0x1a0 [ 175.225527][ T7582] do_syscall_64+0x103/0x610 [ 175.230136][ T7582] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 175.236049][ T7582] RIP: 0033:0x4582b9 [ 175.239952][ T7582] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 175.259569][ T7582] RSP: 002b:00007f4a461dac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 175.268033][ T7582] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 175.276028][ T7582] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 00:45:53 executing program 4: mlockall(0x5) clone(0xfffefffffffffffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vfio(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vfio/vfio\x00', 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) futex(&(0x7f0000000100)=0x2, 0x1, 0x2, &(0x7f0000000200)={r1, r2+30000000}, &(0x7f0000000240)=0x2, 0x0) ioctl$TIOCGETD(r0, 0x5424, &(0x7f0000000140)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) mlockall(0x4) 00:45:53 executing program 1: 00:45:53 executing program 0: mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='sysfs\x00', 0x0, 0x0) umount2(&(0x7f00000003c0)='./file0\x00', 0x4) umount2(&(0x7f00000000c0)='./file0\x00', 0x4) 00:45:53 executing program 2: setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0) r0 = dup(0xffffffffffffffff) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, &(0x7f0000000040), &(0x7f00000001c0)=0x4) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=0x201, 0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000140)='/dev/loop#\x00', 0x0, 0x100082) r2 = memfd_create(&(0x7f00000002c0)='wlan1\x00d5sum\x00', 0x100000000) ioctl$FS_IOC_FIEMAP(r2, 0xc020660b, &(0x7f0000000900)={0x3, 0x3f, 0x1, 0x0, 0x7, [{0x4, 0x2, 0x1, 0x0, 0x0, 0x408}, {0x1f, 0x6, 0x2, 0x0, 0x0, 0x2}, {0x0, 0x3, 0x8001, 0x0, 0x0, 0x1a89}, {0x7fffffff, 0xfffffffffffff4d9, 0xd27e, 0x0, 0x0, 0x200}, {0x5a28, 0x24000000000000, 0x0, 0x0, 0x0, 0x1000}, {0x1ff, 0x40, 0x10001, 0x0, 0x0, 0x8}, {0xffffffff, 0xfff, 0x80, 0x0, 0x0, 0x2}]}) flock(r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f0000000480)={{0x7fffffff, 0x2}, 'port1\x00', 0x20, 0x20000, 0x296, 0x5, 0xfffffffffffffffa, 0x1ff, 0x2, 0x0, 0x5, 0x7}) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) pwritev(r2, &(0x7f00000000c0)=[{&(0x7f00000005c0)='\'', 0x1}], 0x1, 0x81806) fsetxattr$security_smack_transmute(r2, &(0x7f0000000000)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000080)='TRUE', 0x4, 0x0) migrate_pages(0x0, 0x400, &(0x7f0000000240)=0xfffffffffffffffb, &(0x7f0000000300)=0x5) sendfile(r1, r2, 0x0, 0x20000102000007) listen(0xffffffffffffffff, 0x0) [ 175.284012][ T7582] RBP: 000000000073bf00 R08: 0000000020000100 R09: 000000000000001c [ 175.292008][ T7582] R10: 0000000020000008 R11: 0000000000000246 R12: 00007f4a461db6d4 [ 175.300025][ T7582] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 175.312407][ T7582] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7582 [ 175.321775][ T7582] caller is ip6_finish_output+0x335/0xdc0 [ 175.327509][ T7582] CPU: 1 PID: 7582 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 175.336540][ T7582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 175.346949][ T7582] Call Trace: [ 175.350249][ T7582] dump_stack+0x172/0x1f0 [ 175.354599][ T7582] __this_cpu_preempt_check+0x246/0x270 [ 175.360161][ T7582] ip6_finish_output+0x335/0xdc0 [ 175.365113][ T7582] ip6_output+0x235/0x7f0 [ 175.369451][ T7582] ? ip6_finish_output+0xdc0/0xdc0 [ 175.374579][ T7582] ? ip6_fragment+0x3980/0x3980 [ 175.379436][ T7582] ip6_xmit+0xe41/0x20c0 [ 175.383709][ T7582] ? ip6_finish_output2+0x2550/0x2550 [ 175.389090][ T7582] ? mark_held_locks+0xf0/0xf0 [ 175.393866][ T7582] ? ip6_setup_cork+0x1870/0x1870 [ 175.398922][ T7582] inet6_csk_xmit+0x2fb/0x5d0 [ 175.403613][ T7582] ? inet6_csk_update_pmtu+0x190/0x190 [ 175.409083][ T7582] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 175.415343][ T7582] ? csum_ipv6_magic+0x20/0x80 [ 175.420125][ T7582] __tcp_transmit_skb+0x1a32/0x3750 [ 175.425357][ T7582] ? __tcp_select_window+0x8b0/0x8b0 [ 175.430671][ T7582] ? tcp_mstamp_refresh+0x16/0xa0 [ 175.435719][ T7582] __tcp_send_ack.part.0+0x3c6/0x5b0 [ 175.441028][ T7582] tcp_send_ack+0x88/0xa0 [ 175.445363][ T7582] tcp_send_challenge_ack.isra.0+0x250/0x300 [ 175.451351][ T7582] tcp_validate_incoming+0x55e/0x1660 [ 175.456740][ T7582] tcp_rcv_state_process+0xb6b/0x4d93 [ 175.462126][ T7582] ? tcp_finish_connect+0x510/0x510 [ 175.467324][ T7582] ? __release_sock+0xca/0x3a0 [ 175.472089][ T7582] ? find_held_lock+0x35/0x130 [ 175.476861][ T7582] ? mark_held_locks+0xa4/0xf0 [ 175.481644][ T7582] ? __local_bh_enable_ip+0x15a/0x270 [ 175.487047][ T7582] ? _raw_spin_unlock_bh+0x31/0x40 [ 175.492177][ T7582] ? __local_bh_enable_ip+0x15a/0x270 [ 175.497567][ T7582] tcp_v6_do_rcv+0x7da/0x12c0 [ 175.502252][ T7582] ? tcp_v6_do_rcv+0x7da/0x12c0 [ 175.507116][ T7582] __release_sock+0x12e/0x3a0 [ 175.511808][ T7582] release_sock+0x59/0x1c0 [ 175.516238][ T7582] __inet_stream_connect+0x59f/0xea0 [ 175.521544][ T7582] ? inet_dgram_connect+0x2e0/0x2e0 [ 175.526744][ T7582] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 175.532130][ T7582] ? do_wait_intr_irq+0x2b0/0x2b0 [ 175.537170][ T7582] ? __lock_acquire+0x548/0x3fb0 [ 175.542133][ T7582] tcp_sendmsg_locked+0x231f/0x37f0 [ 175.547339][ T7582] ? mark_held_locks+0xf0/0xf0 [ 175.552114][ T7582] ? mark_held_locks+0xa4/0xf0 [ 175.556888][ T7582] ? tcp_sendpage+0x60/0x60 [ 175.561398][ T7582] ? lock_sock_nested+0x9a/0x120 [ 175.566336][ T7582] ? trace_hardirqs_on+0x67/0x230 [ 175.571361][ T7582] ? lock_sock_nested+0x9a/0x120 [ 175.576399][ T7582] ? __local_bh_enable_ip+0x15a/0x270 [ 175.581800][ T7582] tcp_sendmsg+0x30/0x50 00:45:53 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil) mmap(&(0x7f00008da000/0x1000)=nil, 0x1000, 0x0, 0xb4972, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x4002) io_setup(0x3, &(0x7f0000000080)=0x0) io_submit(r1, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 175.586051][ T7582] inet_sendmsg+0x147/0x5e0 [ 175.590556][ T7582] ? ipip_gro_receive+0x100/0x100 [ 175.595590][ T7582] sock_sendmsg+0xdd/0x130 [ 175.600020][ T7582] __sys_sendto+0x262/0x380 [ 175.604541][ T7582] ? __ia32_sys_getpeername+0xb0/0xb0 [ 175.609940][ T7582] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 175.616203][ T7582] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 175.621681][ T7582] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 175.627148][ T7582] ? do_syscall_64+0x26/0x610 00:45:53 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x269) socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, 0x0, 0x0) recvmsg(r0, &(0x7f00000007c0)={&(0x7f0000000040)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1}}}, 0x80, 0x0}, 0x0) fcntl$getown(0xffffffffffffffff, 0x9) dup3(r1, r2, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0xee, 0x0, 0x0, 0x0) write$P9_RATTACH(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_opts(r2, 0x29, 0x0, 0x0, 0x0) [ 175.631837][ T7582] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 175.637945][ T7582] __x64_sys_sendto+0xe1/0x1a0 [ 175.642735][ T7582] do_syscall_64+0x103/0x610 [ 175.647334][ T7582] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 175.653228][ T7582] RIP: 0033:0x4582b9 [ 175.657217][ T7582] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 175.676929][ T7582] RSP: 002b:00007f4a461dac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 175.685357][ T7582] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 175.693332][ T7582] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 175.693340][ T7582] RBP: 000000000073bf00 R08: 0000000020000100 R09: 000000000000001c [ 175.693348][ T7582] R10: 0000000020000008 R11: 0000000000000246 R12: 00007f4a461db6d4 [ 175.693355][ T7582] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 175.711362][ T7612] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7612 [ 175.735398][ T7612] caller is ip6_finish_output+0x335/0xdc0 [ 175.741188][ T7612] CPU: 1 PID: 7612 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 175.751420][ T7612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 175.761480][ T7612] Call Trace: [ 175.764777][ T7612] dump_stack+0x172/0x1f0 [ 175.769100][ T7612] __this_cpu_preempt_check+0x246/0x270 [ 175.774641][ T7612] ip6_finish_output+0x335/0xdc0 [ 175.779566][ T7612] ip6_output+0x235/0x7f0 [ 175.783896][ T7612] ? ip6_finish_output+0xdc0/0xdc0 [ 175.789002][ T7612] ? ip6_fragment+0x3980/0x3980 [ 175.793838][ T7612] ? nf_tables_rule_destroy+0x128/0x140 [ 175.799373][ T7612] ip6_xmit+0xe41/0x20c0 [ 175.803607][ T7612] ? ip6_finish_output2+0x2550/0x2550 [ 175.808962][ T7612] ? mark_held_locks+0xf0/0xf0 [ 175.813726][ T7612] ? ip6_setup_cork+0x1870/0x1870 [ 175.818739][ T7612] ? nf_tables_rule_destroy+0xd0/0x140 [ 175.824184][ T7612] inet6_csk_xmit+0x2fb/0x5d0 [ 175.828847][ T7612] ? inet6_csk_update_pmtu+0x190/0x190 [ 175.834290][ T7612] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 175.840524][ T7612] ? csum_ipv6_magic+0x20/0x80 [ 175.845303][ T7612] __tcp_transmit_skb+0x1a32/0x3750 [ 175.850513][ T7612] ? __tcp_select_window+0x8b0/0x8b0 [ 175.855782][ T7612] ? lockdep_hardirqs_on+0x418/0x5d0 [ 175.861063][ T7612] ? trace_hardirqs_on+0x67/0x230 [ 175.866077][ T7612] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 175.871793][ T7612] tcp_write_xmit+0xe39/0x5660 [ 175.876541][ T7612] ? trace_hardirqs_on+0x67/0x230 [ 175.881558][ T7612] ? mem_cgroup_sk_alloc+0x170/0x1a0 [ 175.886832][ T7612] __tcp_push_pending_frames+0xb4/0x350 [ 175.892365][ T7612] tcp_push+0x4cd/0x6c0 [ 175.896524][ T7612] do_tcp_sendpages+0x15c2/0x1b80 [ 175.901555][ T7612] ? sk_stream_alloc_skb+0xd10/0xd10 [ 175.906822][ T7612] ? __local_bh_enable_ip+0x15a/0x270 [ 175.912177][ T7612] ? trace_hardirqs_on+0x67/0x230 [ 175.917201][ T7612] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 175.922907][ T7612] tcp_sendpage_locked+0x84/0xd0 [ 175.927831][ T7612] tcp_sendpage+0x3f/0x60 [ 175.932146][ T7612] ? tcp_sendpage_locked+0xd0/0xd0 [ 175.937240][ T7612] inet_sendpage+0x16b/0x630 [ 175.941821][ T7612] kernel_sendpage+0x95/0xf0 [ 175.947088][ T7612] ? inet_sendmsg+0x5e0/0x5e0 [ 175.951750][ T7612] sock_sendpage+0x8b/0xc0 [ 175.956152][ T7612] pipe_to_sendpage+0x299/0x370 [ 175.960994][ T7612] ? kernel_sendpage+0xf0/0xf0 [ 175.965742][ T7612] ? direct_splice_actor+0x1a0/0x1a0 [ 175.971044][ T7612] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 175.977271][ T7612] __splice_from_pipe+0x395/0x7d0 [ 175.982280][ T7612] ? direct_splice_actor+0x1a0/0x1a0 [ 175.987554][ T7612] ? direct_splice_actor+0x1a0/0x1a0 [ 175.992820][ T7612] splice_from_pipe+0x108/0x170 [ 175.997667][ T7612] ? splice_shrink_spd+0xd0/0xd0 [ 176.002601][ T7612] generic_splice_sendpage+0x3c/0x50 [ 176.007866][ T7612] ? splice_from_pipe+0x170/0x170 [ 176.012890][ T7612] direct_splice_actor+0x126/0x1a0 [ 176.017990][ T7612] splice_direct_to_actor+0x369/0x970 [ 176.023349][ T7612] ? generic_pipe_buf_nosteal+0x10/0x10 [ 176.028883][ T7612] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 176.035107][ T7612] ? do_splice_to+0x190/0x190 [ 176.039783][ T7612] ? rw_verify_area+0x118/0x360 [ 176.044626][ T7612] do_splice_direct+0x1da/0x2a0 [ 176.049463][ T7612] ? splice_direct_to_actor+0x970/0x970 [ 176.055005][ T7612] ? rw_verify_area+0x118/0x360 [ 176.059839][ T7612] do_sendfile+0x597/0xd00 [ 176.064247][ T7612] ? do_compat_pwritev64+0x1c0/0x1c0 [ 176.069523][ T7612] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 176.075747][ T7612] ? put_timespec64+0xda/0x140 [ 176.080511][ T7612] __x64_sys_sendfile64+0x1dd/0x220 [ 176.085719][ T7612] ? __ia32_sys_sendfile+0x230/0x230 [ 176.090990][ T7612] ? do_syscall_64+0x26/0x610 [ 176.095650][ T7612] ? lockdep_hardirqs_on+0x418/0x5d0 [ 176.101709][ T7612] ? trace_hardirqs_on+0x67/0x230 [ 176.106720][ T7612] do_syscall_64+0x103/0x610 [ 176.112585][ T7612] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 176.118475][ T7612] RIP: 0033:0x4582b9 [ 176.122354][ T7612] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 176.141937][ T7612] RSP: 002b:00007f4a46135c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 176.150356][ T7612] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 176.158571][ T7612] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000003 [ 176.166628][ T7612] RBP: 000000000073c220 R08: 0000000000000000 R09: 0000000000000000 [ 176.174592][ T7612] R10: 00088000fbfffffc R11: 0000000000000246 R12: 00007f4a461366d4 [ 176.182551][ T7612] R13: 00000000004c5227 R14: 00000000004d9368 R15: 00000000ffffffff [ 176.258261][ T7612] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7612 [ 176.267757][ T7612] caller is ip6_finish_output+0x335/0xdc0 [ 176.273792][ T7612] CPU: 0 PID: 7612 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 176.282815][ T7612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 176.292872][ T7612] Call Trace: [ 176.296182][ T7612] dump_stack+0x172/0x1f0 [ 176.300534][ T7612] __this_cpu_preempt_check+0x246/0x270 [ 176.306097][ T7612] ip6_finish_output+0x335/0xdc0 [ 176.311051][ T7612] ip6_output+0x235/0x7f0 [ 176.315392][ T7612] ? ip6_finish_output+0xdc0/0xdc0 [ 176.320516][ T7612] ? ip6_fragment+0x3980/0x3980 [ 176.325383][ T7612] ip6_xmit+0xe41/0x20c0 [ 176.329633][ T7612] ? ip6_finish_output2+0x2550/0x2550 [ 176.335003][ T7612] ? mark_held_locks+0xf0/0xf0 [ 176.339761][ T7612] ? ip6_setup_cork+0x1870/0x1870 [ 176.344777][ T7612] inet6_csk_xmit+0x2fb/0x5d0 [ 176.349435][ T7612] ? inet6_csk_update_pmtu+0x190/0x190 [ 176.354892][ T7612] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 176.361138][ T7612] ? csum_ipv6_magic+0x20/0x80 [ 176.365904][ T7612] __tcp_transmit_skb+0x1a32/0x3750 [ 176.371173][ T7612] ? __tcp_select_window+0x8b0/0x8b0 [ 176.376442][ T7612] ? tcp_rearm_rto.part.0+0x1e0/0x390 [ 176.381810][ T7612] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 176.387514][ T7612] tcp_write_xmit+0xe39/0x5660 [ 176.392260][ T7612] ? trace_hardirqs_on+0x67/0x230 [ 176.397268][ T7612] ? mem_cgroup_sk_alloc+0x170/0x1a0 [ 176.402547][ T7612] __tcp_push_pending_frames+0xb4/0x350 [ 176.408092][ T7612] tcp_push+0x4cd/0x6c0 [ 176.412245][ T7612] do_tcp_sendpages+0x15c2/0x1b80 [ 176.417258][ T7612] ? sk_stream_alloc_skb+0xd10/0xd10 [ 176.422540][ T7612] ? __local_bh_enable_ip+0x15a/0x270 [ 176.427903][ T7612] ? trace_hardirqs_on+0x67/0x230 [ 176.432921][ T7612] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 176.438646][ T7612] tcp_sendpage_locked+0x84/0xd0 [ 176.443567][ T7612] tcp_sendpage+0x3f/0x60 [ 176.447878][ T7612] ? tcp_sendpage_locked+0xd0/0xd0 [ 176.452984][ T7612] inet_sendpage+0x16b/0x630 [ 176.457559][ T7612] kernel_sendpage+0x95/0xf0 [ 176.462137][ T7612] ? inet_sendmsg+0x5e0/0x5e0 [ 176.466810][ T7612] sock_sendpage+0x8b/0xc0 [ 176.471234][ T7612] pipe_to_sendpage+0x299/0x370 [ 176.476068][ T7612] ? kernel_sendpage+0xf0/0xf0 [ 176.480811][ T7612] ? direct_splice_actor+0x1a0/0x1a0 [ 176.486081][ T7612] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 176.492317][ T7612] __splice_from_pipe+0x395/0x7d0 [ 176.497324][ T7612] ? direct_splice_actor+0x1a0/0x1a0 [ 176.502616][ T7612] ? direct_splice_actor+0x1a0/0x1a0 [ 176.507899][ T7612] splice_from_pipe+0x108/0x170 [ 176.512759][ T7612] ? splice_shrink_spd+0xd0/0xd0 [ 176.517687][ T7612] generic_splice_sendpage+0x3c/0x50 [ 176.522964][ T7612] ? splice_from_pipe+0x170/0x170 [ 176.527972][ T7612] direct_splice_actor+0x126/0x1a0 [ 176.533068][ T7612] splice_direct_to_actor+0x369/0x970 [ 176.538424][ T7612] ? generic_pipe_buf_nosteal+0x10/0x10 [ 176.543969][ T7612] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 176.550208][ T7612] ? do_splice_to+0x190/0x190 [ 176.554872][ T7612] ? rw_verify_area+0x118/0x360 [ 176.559723][ T7612] do_splice_direct+0x1da/0x2a0 [ 176.564569][ T7612] ? splice_direct_to_actor+0x970/0x970 [ 176.570116][ T7612] ? rw_verify_area+0x118/0x360 [ 176.574955][ T7612] do_sendfile+0x597/0xd00 [ 176.579458][ T7612] ? do_compat_pwritev64+0x1c0/0x1c0 [ 176.584724][ T7612] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 176.590953][ T7612] ? put_timespec64+0xda/0x140 [ 176.595717][ T7612] __x64_sys_sendfile64+0x1dd/0x220 [ 176.600904][ T7612] ? __ia32_sys_sendfile+0x230/0x230 [ 176.606177][ T7612] ? do_syscall_64+0x26/0x610 [ 176.610836][ T7612] ? lockdep_hardirqs_on+0x418/0x5d0 [ 176.616117][ T7612] ? trace_hardirqs_on+0x67/0x230 [ 176.621125][ T7612] do_syscall_64+0x103/0x610 [ 176.625712][ T7612] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 176.631582][ T7612] RIP: 0033:0x4582b9 [ 176.635459][ T7612] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 176.655225][ T7612] RSP: 002b:00007f4a46135c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 176.663619][ T7612] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 176.671593][ T7612] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000003 [ 176.679548][ T7612] RBP: 000000000073c220 R08: 0000000000000000 R09: 0000000000000000 [ 176.687503][ T7612] R10: 00088000fbfffffc R11: 0000000000000246 R12: 00007f4a461366d4 [ 176.695458][ T7612] R13: 00000000004c5227 R14: 00000000004d9368 R15: 00000000ffffffff [ 176.708819][ T7612] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7612 [ 176.719722][ T7612] caller is ip6_finish_output+0x335/0xdc0 [ 176.725721][ T7612] CPU: 1 PID: 7612 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 176.734735][ T7612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 176.734740][ T7612] Call Trace: [ 176.734763][ T7612] dump_stack+0x172/0x1f0 [ 176.734789][ T7612] __this_cpu_preempt_check+0x246/0x270 [ 176.752491][ T7612] ip6_finish_output+0x335/0xdc0 [ 176.752514][ T7612] ip6_output+0x235/0x7f0 [ 176.752529][ T7612] ? ip6_finish_output+0xdc0/0xdc0 [ 176.752548][ T7612] ? ip6_fragment+0x3980/0x3980 [ 176.752570][ T7612] ip6_xmit+0xe41/0x20c0 [ 176.752593][ T7612] ? ip6_finish_output2+0x2550/0x2550 [ 176.752611][ T7612] ? mark_held_locks+0xf0/0xf0 [ 176.791633][ T7612] ? ip6_setup_cork+0x1870/0x1870 [ 176.796752][ T7612] ? inet6_csk_route_socket+0x715/0xf40 [ 176.802327][ T7612] inet6_csk_xmit+0x2fb/0x5d0 [ 176.807011][ T7612] ? inet6_csk_update_pmtu+0x190/0x190 [ 176.807028][ T7612] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 176.807050][ T7612] ? csum_ipv6_magic+0x20/0x80 [ 176.823500][ T7612] __tcp_transmit_skb+0x1a32/0x3750 [ 176.828723][ T7612] ? __tcp_select_window+0x8b0/0x8b0 [ 176.834031][ T7612] __tcp_send_ack.part.0+0x3c6/0x5b0 [ 176.834051][ T7612] tcp_send_ack+0x88/0xa0 [ 176.834063][ T7612] __tcp_ack_snd_check+0x165/0x8d0 [ 176.834078][ T7612] tcp_rcv_established+0x9ed/0x1fb0 [ 176.834098][ T7612] ? tcp_data_queue+0x4840/0x4840 [ 176.834111][ T7612] ? __local_bh_enable_ip+0x100/0x270 [ 176.834124][ T7612] ? _raw_spin_unlock_bh+0x31/0x40 [ 176.834135][ T7612] ? __local_bh_enable_ip+0x15a/0x270 [ 176.834150][ T7612] ? lockdep_hardirqs_on+0x418/0x5d0 [ 176.834168][ T7612] tcp_v6_do_rcv+0x421/0x12c0 [ 176.834187][ T7612] __release_sock+0x12e/0x3a0 [ 176.834208][ T7612] release_sock+0x59/0x1c0 [ 176.894286][ T7612] tcp_sendpage+0x4a/0x60 [ 176.898630][ T7612] ? tcp_sendpage_locked+0xd0/0xd0 [ 176.903753][ T7612] inet_sendpage+0x16b/0x630 [ 176.908357][ T7612] kernel_sendpage+0x95/0xf0 [ 176.912950][ T7612] ? inet_sendmsg+0x5e0/0x5e0 [ 176.917640][ T7612] sock_sendpage+0x8b/0xc0 [ 176.917662][ T7612] pipe_to_sendpage+0x299/0x370 [ 176.917678][ T7612] ? kernel_sendpage+0xf0/0xf0 [ 176.917694][ T7612] ? direct_splice_actor+0x1a0/0x1a0 [ 176.917716][ T7612] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 176.931695][ T7612] __splice_from_pipe+0x395/0x7d0 [ 176.931712][ T7612] ? direct_splice_actor+0x1a0/0x1a0 [ 176.931734][ T7612] ? direct_splice_actor+0x1a0/0x1a0 [ 176.931749][ T7612] splice_from_pipe+0x108/0x170 [ 176.931764][ T7612] ? splice_shrink_spd+0xd0/0xd0 [ 176.931790][ T7612] generic_splice_sendpage+0x3c/0x50 [ 176.931802][ T7612] ? splice_from_pipe+0x170/0x170 [ 176.931815][ T7612] direct_splice_actor+0x126/0x1a0 [ 176.931833][ T7612] splice_direct_to_actor+0x369/0x970 [ 176.931849][ T7612] ? generic_pipe_buf_nosteal+0x10/0x10 [ 176.931867][ T7612] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 176.931886][ T7612] ? do_splice_to+0x190/0x190 [ 176.931903][ T7612] ? rw_verify_area+0x118/0x360 [ 176.931918][ T7612] do_splice_direct+0x1da/0x2a0 [ 176.931932][ T7612] ? splice_direct_to_actor+0x970/0x970 [ 176.931953][ T7612] ? rw_verify_area+0x118/0x360 [ 176.931968][ T7612] do_sendfile+0x597/0xd00 [ 176.931993][ T7612] ? do_compat_pwritev64+0x1c0/0x1c0 [ 176.932006][ T7612] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 176.932019][ T7612] ? put_timespec64+0xda/0x140 [ 176.932044][ T7612] __x64_sys_sendfile64+0x1dd/0x220 [ 176.932061][ T7612] ? __ia32_sys_sendfile+0x230/0x230 [ 176.932073][ T7612] ? do_syscall_64+0x26/0x610 [ 176.932091][ T7612] ? lockdep_hardirqs_on+0x418/0x5d0 [ 177.068111][ T7612] ? trace_hardirqs_on+0x67/0x230 [ 177.073240][ T7612] do_syscall_64+0x103/0x610 [ 177.077848][ T7612] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 177.083748][ T7612] RIP: 0033:0x4582b9 [ 177.083763][ T7612] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 177.083770][ T7612] RSP: 002b:00007f4a46135c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 177.083785][ T7612] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 177.083792][ T7612] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000003 [ 177.083798][ T7612] RBP: 000000000073c220 R08: 0000000000000000 R09: 0000000000000000 [ 177.083806][ T7612] R10: 00088000fbfffffc R11: 0000000000000246 R12: 00007f4a461366d4 [ 177.083813][ T7612] R13: 00000000004c5227 R14: 00000000004d9368 R15: 00000000ffffffff [ 177.093558][ T7612] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7612 [ 177.116334][ T7612] caller is ip6_finish_output+0x335/0xdc0 [ 177.116353][ T7612] CPU: 1 PID: 7612 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 177.180552][ T7612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 177.190621][ T7612] Call Trace: [ 177.193925][ T7612] dump_stack+0x172/0x1f0 [ 177.198433][ T7612] __this_cpu_preempt_check+0x246/0x270 [ 177.203979][ T7612] ip6_finish_output+0x335/0xdc0 [ 177.208935][ T7612] ip6_output+0x235/0x7f0 [ 177.213249][ T7612] ? ip6_finish_output+0xdc0/0xdc0 [ 177.218353][ T7612] ? ip6_fragment+0x3980/0x3980 [ 177.223227][ T7612] ip6_xmit+0xe41/0x20c0 [ 177.227465][ T7612] ? ip6_finish_output2+0x2550/0x2550 [ 177.232840][ T7612] ? mark_held_locks+0xf0/0xf0 [ 177.237632][ T7612] ? ip6_setup_cork+0x1870/0x1870 [ 177.242655][ T7612] ? inet6_csk_route_socket+0x715/0xf40 [ 177.248244][ T7612] inet6_csk_xmit+0x2fb/0x5d0 [ 177.252924][ T7612] ? inet6_csk_update_pmtu+0x190/0x190 [ 177.258381][ T7612] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 177.264611][ T7612] ? csum_ipv6_magic+0x20/0x80 [ 177.269372][ T7612] __tcp_transmit_skb+0x1a32/0x3750 [ 177.274658][ T7612] ? __tcp_select_window+0x8b0/0x8b0 [ 177.279947][ T7612] __tcp_send_ack.part.0+0x3c6/0x5b0 [ 177.285221][ T7612] tcp_send_ack+0x88/0xa0 [ 177.289531][ T7612] __tcp_ack_snd_check+0x165/0x8d0 [ 177.294627][ T7612] tcp_rcv_established+0x9ed/0x1fb0 [ 177.299808][ T7612] ? tcp_data_queue+0x4840/0x4840 [ 177.304829][ T7612] ? __local_bh_enable_ip+0x100/0x270 [ 177.310200][ T7612] tcp_v6_do_rcv+0x421/0x12c0 [ 177.314871][ T7612] __release_sock+0x12e/0x3a0 [ 177.319566][ T7612] release_sock+0x59/0x1c0 [ 177.323984][ T7612] tcp_sendpage+0x4a/0x60 [ 177.328302][ T7612] ? tcp_sendpage_locked+0xd0/0xd0 [ 177.333494][ T7612] inet_sendpage+0x16b/0x630 [ 177.338079][ T7612] kernel_sendpage+0x95/0xf0 [ 177.342654][ T7612] ? inet_sendmsg+0x5e0/0x5e0 [ 177.347312][ T7612] sock_sendpage+0x8b/0xc0 [ 177.351723][ T7612] pipe_to_sendpage+0x299/0x370 [ 177.356557][ T7612] ? kernel_sendpage+0xf0/0xf0 [ 177.361307][ T7612] ? direct_splice_actor+0x1a0/0x1a0 [ 177.366583][ T7612] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 177.372816][ T7612] __splice_from_pipe+0x395/0x7d0 [ 177.377825][ T7612] ? direct_splice_actor+0x1a0/0x1a0 [ 177.383382][ T7612] ? direct_splice_actor+0x1a0/0x1a0 [ 177.388674][ T7612] splice_from_pipe+0x108/0x170 [ 177.393509][ T7612] ? splice_shrink_spd+0xd0/0xd0 [ 177.398437][ T7612] generic_splice_sendpage+0x3c/0x50 [ 177.403705][ T7612] ? splice_from_pipe+0x170/0x170 [ 177.408982][ T7612] direct_splice_actor+0x126/0x1a0 [ 177.414083][ T7612] splice_direct_to_actor+0x369/0x970 [ 177.419440][ T7612] ? generic_pipe_buf_nosteal+0x10/0x10 [ 177.425070][ T7612] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 177.431297][ T7612] ? do_splice_to+0x190/0x190 [ 177.435960][ T7612] ? rw_verify_area+0x118/0x360 [ 177.440794][ T7612] do_splice_direct+0x1da/0x2a0 [ 177.445632][ T7612] ? splice_direct_to_actor+0x970/0x970 [ 177.451192][ T7612] ? rw_verify_area+0x118/0x360 [ 177.456026][ T7612] do_sendfile+0x597/0xd00 [ 177.460440][ T7612] ? do_compat_pwritev64+0x1c0/0x1c0 [ 177.465705][ T7612] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 177.471928][ T7612] ? put_timespec64+0xda/0x140 [ 177.476681][ T7612] __x64_sys_sendfile64+0x1dd/0x220 [ 177.481872][ T7612] ? __ia32_sys_sendfile+0x230/0x230 [ 177.487141][ T7612] ? do_syscall_64+0x26/0x610 [ 177.491799][ T7612] ? lockdep_hardirqs_on+0x418/0x5d0 [ 177.497076][ T7612] ? trace_hardirqs_on+0x67/0x230 [ 177.502086][ T7612] do_syscall_64+0x103/0x610 [ 177.506673][ T7612] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 177.512542][ T7612] RIP: 0033:0x4582b9 [ 177.516505][ T7612] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 177.536176][ T7612] RSP: 002b:00007f4a46135c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 177.544579][ T7612] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 177.552616][ T7612] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000003 [ 177.560568][ T7612] RBP: 000000000073c220 R08: 0000000000000000 R09: 0000000000000000 [ 177.568605][ T7612] R10: 00088000fbfffffc R11: 0000000000000246 R12: 00007f4a461366d4 [ 177.576741][ T7612] R13: 00000000004c5227 R14: 00000000004d9368 R15: 00000000ffffffff [ 177.586601][ T7612] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7612 [ 177.596140][ T7612] caller is ip6_finish_output+0x335/0xdc0 [ 177.601929][ T7612] CPU: 0 PID: 7612 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 177.610956][ T7612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 177.621016][ T7612] Call Trace: [ 177.624331][ T7612] dump_stack+0x172/0x1f0 [ 177.628682][ T7612] __this_cpu_preempt_check+0x246/0x270 [ 177.634252][ T7612] ip6_finish_output+0x335/0xdc0 [ 177.639217][ T7612] ip6_output+0x235/0x7f0 [ 177.643573][ T7612] ? ip6_finish_output+0xdc0/0xdc0 [ 177.648708][ T7612] ? ip6_fragment+0x3980/0x3980 [ 177.653565][ T7612] ? gred_change+0x18/0x1903 [ 177.658163][ T7612] ip6_xmit+0xe41/0x20c0 [ 177.662417][ T7612] ? ip6_finish_output2+0x2550/0x2550 [ 177.667786][ T7612] ? mark_held_locks+0xf0/0xf0 [ 177.672555][ T7612] ? ip6_setup_cork+0x1870/0x1870 [ 177.672578][ T7612] ? gred_init+0x380/0x3c0 [ 177.672596][ T7612] inet6_csk_xmit+0x2fb/0x5d0 [ 177.672614][ T7612] ? inet6_csk_update_pmtu+0x190/0x190 [ 177.692155][ T7612] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 177.698453][ T7612] ? csum_ipv6_magic+0x20/0x80 [ 177.703227][ T7612] __tcp_transmit_skb+0x1a32/0x3750 [ 177.708416][ T7612] ? __tcp_select_window+0x8b0/0x8b0 [ 177.713715][ T7612] ? lockdep_hardirqs_on+0x418/0x5d0 [ 177.718985][ T7612] ? trace_hardirqs_on+0x67/0x230 [ 177.723996][ T7612] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 177.729696][ T7612] tcp_write_xmit+0xe39/0x5660 [ 177.735038][ T7612] ? tcp_established_options+0x29d/0x4d0 [ 177.740677][ T7612] __tcp_push_pending_frames+0xb4/0x350 [ 177.746200][ T7612] tcp_rcv_established+0x1974/0x1fb0 [ 177.751466][ T7612] ? tcp_data_queue+0x4840/0x4840 [ 177.756466][ T7612] ? __local_bh_enable_ip+0x15a/0x270 [ 177.761817][ T7612] ? _raw_spin_unlock_bh+0x31/0x40 [ 177.766906][ T7612] ? __local_bh_enable_ip+0x15a/0x270 [ 177.772253][ T7612] ? lockdep_hardirqs_on+0x418/0x5d0 [ 177.777514][ T7612] tcp_v6_do_rcv+0x421/0x12c0 [ 177.782434][ T7612] __release_sock+0x12e/0x3a0 [ 177.787114][ T7612] release_sock+0x59/0x1c0 [ 177.791512][ T7612] tcp_sendpage+0x4a/0x60 [ 177.795823][ T7612] ? tcp_sendpage_locked+0xd0/0xd0 [ 177.800919][ T7612] inet_sendpage+0x16b/0x630 [ 177.805500][ T7612] kernel_sendpage+0x95/0xf0 [ 177.810066][ T7612] ? inet_sendmsg+0x5e0/0x5e0 [ 177.814723][ T7612] sock_sendpage+0x8b/0xc0 [ 177.819119][ T7612] pipe_to_sendpage+0x299/0x370 [ 177.823947][ T7612] ? kernel_sendpage+0xf0/0xf0 [ 177.828698][ T7612] ? direct_splice_actor+0x1a0/0x1a0 [ 177.833989][ T7612] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 177.840293][ T7612] __splice_from_pipe+0x395/0x7d0 [ 177.845295][ T7612] ? direct_splice_actor+0x1a0/0x1a0 [ 177.850566][ T7612] ? direct_splice_actor+0x1a0/0x1a0 [ 177.855834][ T7612] splice_from_pipe+0x108/0x170 [ 177.860677][ T7612] ? splice_shrink_spd+0xd0/0xd0 [ 177.865599][ T7612] generic_splice_sendpage+0x3c/0x50 [ 177.870875][ T7612] ? splice_from_pipe+0x170/0x170 [ 177.875880][ T7612] direct_splice_actor+0x126/0x1a0 [ 177.880993][ T7612] splice_direct_to_actor+0x369/0x970 [ 177.886352][ T7612] ? generic_pipe_buf_nosteal+0x10/0x10 [ 177.891877][ T7612] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 177.898106][ T7612] ? do_splice_to+0x190/0x190 [ 177.902766][ T7612] ? rw_verify_area+0x118/0x360 [ 177.907613][ T7612] do_splice_direct+0x1da/0x2a0 [ 177.912448][ T7612] ? splice_direct_to_actor+0x970/0x970 [ 177.918674][ T7612] ? rw_verify_area+0x118/0x360 [ 177.923561][ T7612] do_sendfile+0x597/0xd00 [ 177.927978][ T7612] ? do_compat_pwritev64+0x1c0/0x1c0 [ 177.933330][ T7612] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 177.940091][ T7612] ? put_timespec64+0xda/0x140 [ 177.944839][ T7612] __x64_sys_sendfile64+0x1dd/0x220 [ 177.950016][ T7612] ? __ia32_sys_sendfile+0x230/0x230 [ 177.955280][ T7612] ? do_syscall_64+0x26/0x610 [ 177.959950][ T7612] ? lockdep_hardirqs_on+0x418/0x5d0 [ 177.965214][ T7612] ? trace_hardirqs_on+0x67/0x230 [ 177.970218][ T7612] do_syscall_64+0x103/0x610 [ 177.974816][ T7612] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 177.980821][ T7612] RIP: 0033:0x4582b9 [ 177.984715][ T7612] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 178.004316][ T7612] RSP: 002b:00007f4a46135c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 00:45:56 executing program 3: 00:45:56 executing program 2: setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0) r0 = dup(0xffffffffffffffff) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, &(0x7f0000000040), &(0x7f00000001c0)=0x4) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=0x201, 0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000140)='/dev/loop#\x00', 0x0, 0x100082) r2 = memfd_create(&(0x7f00000002c0)='wlan1\x00d5sum\x00', 0x100000000) ioctl$FS_IOC_FIEMAP(r2, 0xc020660b, &(0x7f0000000900)={0x3, 0x3f, 0x1, 0x0, 0x7, [{0x4, 0x2, 0x1, 0x0, 0x0, 0x408}, {0x1f, 0x6, 0x2, 0x0, 0x0, 0x2}, {0x0, 0x3, 0x8001, 0x0, 0x0, 0x1a89}, {0x7fffffff, 0xfffffffffffff4d9, 0xd27e, 0x0, 0x0, 0x200}, {0x5a28, 0x24000000000000, 0x0, 0x0, 0x0, 0x1000}, {0x1ff, 0x40, 0x10001, 0x0, 0x0, 0x8}, {0xffffffff, 0xfff, 0x80, 0x0, 0x0, 0x2}]}) flock(r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f0000000480)={{0x7fffffff, 0x2}, 'port1\x00', 0x20, 0x20000, 0x296, 0x5, 0xfffffffffffffffa, 0x1ff, 0x2, 0x0, 0x5, 0x7}) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) pwritev(r2, &(0x7f00000000c0)=[{&(0x7f00000005c0)='\'', 0x1}], 0x1, 0x81806) fsetxattr$security_smack_transmute(r2, &(0x7f0000000000)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000080)='TRUE', 0x4, 0x0) migrate_pages(0x0, 0x400, &(0x7f0000000240)=0xfffffffffffffffb, &(0x7f0000000300)=0x5) sendfile(r1, r2, 0x0, 0x20000102000007) listen(0xffffffffffffffff, 0x0) 00:45:56 executing program 5: timer_create(0xfffffffffffffffe, 0x0, &(0x7f0000000180)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) timer_settime(0x0, 0x0, &(0x7f0000000080)={{}, {0x0, 0x9}}, &(0x7f0000d43000)) 00:45:56 executing program 4: 00:45:56 executing program 0: 00:45:56 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil) mmap(&(0x7f00008da000/0x1000)=nil, 0x1000, 0x0, 0xb4972, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x4002) io_setup(0x3, &(0x7f0000000080)=0x0) io_submit(r1, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 178.012729][ T7612] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 178.020691][ T7612] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000003 [ 178.028640][ T7612] RBP: 000000000073c220 R08: 0000000000000000 R09: 0000000000000000 [ 178.036609][ T7612] R10: 00088000fbfffffc R11: 0000000000000246 R12: 00007f4a461366d4 [ 178.044566][ T7612] R13: 00000000004c5227 R14: 00000000004d9368 R15: 00000000ffffffff 00:45:56 executing program 0: 00:45:56 executing program 4: syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe800, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) syz_open_dev$sndseq(0x0, 0x0, 0x0) r1 = open(&(0x7f0000000240)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000600)='./file0\x00', 0x4000, 0x0) write(r1, &(0x7f0000000400)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc", 0x101) sendfile(r1, r2, 0x0, 0xc700000e) 00:45:56 executing program 5: timer_create(0xfffffffffffffffe, 0x0, &(0x7f0000000180)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) timer_settime(0x0, 0x0, &(0x7f0000000080)={{}, {0x0, 0x9}}, &(0x7f0000d43000)) 00:45:56 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_GET_REGS(r2, 0x8090ae81, &(0x7f00000000c0)) [ 178.280708][ T26] audit: type=1800 audit(1554684356.552:31): pid=7663 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="file0" dev="sda1" ino=16541 res=0 [ 178.289093][ T7667] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 00:45:56 executing program 0: perf_event_open(&(0x7f0000000240)={0x800000000000002, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000080)=@abs={0x1}, 0x2) 00:45:56 executing program 5: timer_create(0xfffffffffffffffe, 0x0, &(0x7f0000000180)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) timer_settime(0x0, 0x0, &(0x7f0000000080)={{}, {0x0, 0x9}}, &(0x7f0000d43000)) 00:45:56 executing program 4: clone(0x100000000200, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000000100)='./file0\x00', 0x103e, 0x0) execve(&(0x7f0000000540)='./file0\x00', 0x0, 0x0) r0 = inotify_init1(0x0) r1 = getpid() lstat(0x0, 0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000040)={0x0, 0x0}) kcmp$KCMP_EPOLL_TFD(r1, r2, 0x4, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) [ 178.443449][ T26] audit: type=1804 audit(1554684356.552:32): pid=7663 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir065859506/syzkaller.5G4tJB/5/file0/file0" dev="sda1" ino=16541 res=1 00:45:57 executing program 2: setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0) r0 = dup(0xffffffffffffffff) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, &(0x7f0000000040), &(0x7f00000001c0)=0x4) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=0x201, 0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000140)='/dev/loop#\x00', 0x0, 0x100082) r2 = memfd_create(&(0x7f00000002c0)='wlan1\x00d5sum\x00', 0x100000000) ioctl$FS_IOC_FIEMAP(r2, 0xc020660b, &(0x7f0000000900)={0x3, 0x3f, 0x1, 0x0, 0x7, [{0x4, 0x2, 0x1, 0x0, 0x0, 0x408}, {0x1f, 0x6, 0x2, 0x0, 0x0, 0x2}, {0x0, 0x3, 0x8001, 0x0, 0x0, 0x1a89}, {0x7fffffff, 0xfffffffffffff4d9, 0xd27e, 0x0, 0x0, 0x200}, {0x5a28, 0x24000000000000, 0x0, 0x0, 0x0, 0x1000}, {0x1ff, 0x40, 0x10001, 0x0, 0x0, 0x8}, {0xffffffff, 0xfff, 0x80, 0x0, 0x0, 0x2}]}) flock(r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f0000000480)={{0x7fffffff, 0x2}, 'port1\x00', 0x20, 0x20000, 0x296, 0x5, 0xfffffffffffffffa, 0x1ff, 0x2, 0x0, 0x5, 0x7}) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) pwritev(r2, &(0x7f00000000c0)=[{&(0x7f00000005c0)='\'', 0x1}], 0x1, 0x81806) fsetxattr$security_smack_transmute(r2, &(0x7f0000000000)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000080)='TRUE', 0x4, 0x0) migrate_pages(0x0, 0x400, &(0x7f0000000240)=0xfffffffffffffffb, &(0x7f0000000300)=0x5) sendfile(r1, r2, 0x0, 0x20000102000007) listen(0xffffffffffffffff, 0x0) 00:45:57 executing program 5: timer_create(0xfffffffffffffffe, 0x0, &(0x7f0000000180)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) timer_settime(0x0, 0x0, &(0x7f0000000080)={{}, {0x0, 0x9}}, &(0x7f0000d43000)) 00:45:57 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mlockall(0x0) 00:45:57 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) r2 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000400)) dup2(r0, r1) timerfd_settime(r2, 0x0, &(0x7f0000005000)={{}, {0x0, 0x989680}}, 0x0) epoll_pwait(r1, &(0x7f0000000080)=[{}], 0x1, 0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r2, &(0x7f00000000c0)={0x9}) 00:45:57 executing program 3: clone(0x200, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000000340)='./file0\x00', 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000280)=""/11, 0xb) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) prlimit64(0x0, 0x3, &(0x7f00000001c0), 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = creat(0x0, 0x109) dup2(0xffffffffffffffff, r1) execve(&(0x7f00000000c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0) open$dir(&(0x7f0000000240)='./file0\x00', 0x841, 0x0) 00:45:57 executing program 5: timer_create(0xfffffffffffffffe, 0x0, &(0x7f0000000180)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000080)={{}, {0x0, 0x9}}, &(0x7f0000d43000)) 00:45:57 executing program 0: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000740)='/dev/userio\x00', 0x8082, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000100)={0x9}, 0x2) 00:45:57 executing program 1: mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x0, 0x400002172, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000000000/0x9000)=nil, 0x9000, 0xe000, 0x3, &(0x7f0000ff2000/0xe000)=nil) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/netlink\x00') 00:45:57 executing program 5: timer_create(0xfffffffffffffffe, 0x0, &(0x7f0000000180)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000080)={{}, {0x0, 0x9}}, &(0x7f0000d43000)) 00:45:57 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_GET_REGS(r2, 0x8090ae81, &(0x7f00000000c0)) 00:45:57 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) perf_event_open(&(0x7f000025c000)={0x2000000000000002, 0x70, 0x3, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)) 00:45:57 executing program 4: clone(0x100000000200, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000000100)='./file0\x00', 0x103e, 0x0) execve(&(0x7f0000000540)='./file0\x00', 0x0, 0x0) r0 = inotify_init1(0x0) r1 = getpid() lstat(0x0, 0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000040)={0x0, 0x0}) kcmp$KCMP_EPOLL_TFD(r1, r2, 0x4, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) 00:45:59 executing program 2: setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0) r0 = dup(0xffffffffffffffff) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, &(0x7f0000000040), &(0x7f00000001c0)=0x4) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=0x201, 0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000140)='/dev/loop#\x00', 0x0, 0x100082) r2 = memfd_create(&(0x7f00000002c0)='wlan1\x00d5sum\x00', 0x100000000) ioctl$FS_IOC_FIEMAP(r2, 0xc020660b, &(0x7f0000000900)={0x3, 0x3f, 0x1, 0x0, 0x7, [{0x4, 0x2, 0x1, 0x0, 0x0, 0x408}, {0x1f, 0x6, 0x2, 0x0, 0x0, 0x2}, {0x0, 0x3, 0x8001, 0x0, 0x0, 0x1a89}, {0x7fffffff, 0xfffffffffffff4d9, 0xd27e, 0x0, 0x0, 0x200}, {0x5a28, 0x24000000000000, 0x0, 0x0, 0x0, 0x1000}, {0x1ff, 0x40, 0x10001, 0x0, 0x0, 0x8}, {0xffffffff, 0xfff, 0x80, 0x0, 0x0, 0x2}]}) flock(r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f0000000480)={{0x7fffffff, 0x2}, 'port1\x00', 0x20, 0x20000, 0x296, 0x5, 0xfffffffffffffffa, 0x1ff, 0x2, 0x0, 0x5, 0x7}) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) pwritev(r2, &(0x7f00000000c0)=[{&(0x7f00000005c0)='\'', 0x1}], 0x1, 0x81806) fsetxattr$security_smack_transmute(r2, &(0x7f0000000000)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000080)='TRUE', 0x4, 0x0) migrate_pages(0x0, 0x400, &(0x7f0000000240)=0xfffffffffffffffb, &(0x7f0000000300)=0x5) sendfile(r1, r2, 0x0, 0x20000102000007) 00:45:59 executing program 5: timer_create(0xfffffffffffffffe, 0x0, &(0x7f0000000180)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000080)={{}, {0x0, 0x9}}, &(0x7f0000d43000)) 00:45:59 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup2(r1, r0) ppoll(&(0x7f0000000180)=[{r2, 0x6000}], 0x1, 0x0, 0x0, 0x0) 00:45:59 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) getxattr(&(0x7f0000000400)='./bus\x00', &(0x7f0000000440)=@known='user.syz\x00', &(0x7f0000000540)=""/163, 0xa3) 00:45:59 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @link_local, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2f, 0x0, @remote, @local}, @igmp={0x0, 0x9, 0x0, @multicast1}}}}}, 0x0) 00:45:59 executing program 4: clone(0x200, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000000340)='./file0\x00', 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/ptmx\x00', 0x0, 0x0) prlimit64(0x0, 0x3, &(0x7f00000001c0), 0x0) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_execute_func(&(0x7f0000000040)="410f01f964ff0941c3c4e2c99758423e46d8731266420fe2e33e0f1110c442019dcc6f") r1 = creat(&(0x7f00000002c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x109) dup2(r0, r1) execve(&(0x7f00000000c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0) read$eventfd(r1, &(0x7f0000000000), 0x8) open$dir(&(0x7f0000000240)='./file0\x00', 0x841, 0x0) 00:45:59 executing program 5: timer_create(0xfffffffffffffffe, 0x0, &(0x7f0000000180)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) timer_settime(0x0, 0x0, &(0x7f0000000080)={{}, {0x0, 0x9}}, &(0x7f0000d43000)) 00:45:59 executing program 0: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045109, 0x0) 00:45:59 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu\x00', 0x200002, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000080), 0x12) r1 = openat$cgroup_int(r0, &(0x7f0000000140)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000080)={[{0x2c}]}, 0x1e4) 00:45:59 executing program 3: syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000100)="803f8e15d67d000013000300e60100006cff99000000003c0000000001fffffff44000000040000080000000000000006d5ebe5a0000ffff53efe1a679248449492fd8fe6d771c3f387d85cc6057e58731c205cb50a449657c82fde7868a7ee2d4f8fb2254a90fb6af33a603983c04c13c0b7e6f18bf36ec3449e5e3dd30cb145217a25514f73344301a9372a854995bfd77e85dd93760c1e68cbd72f4499e46d80828e1bd7af8aafaec05cce40e175e7e117c0b292f4c06753e6b95eb99d6822c8824ce803ffb5cc4e419e5e6358e7b80bd8f98bea2d8d4feb05531b4aef94c4ca7a5183df8796821279b5bdecdf632fce22400e01c5901e6634c4045dacadbb0", 0x101, 0x400}], 0x0, 0x0) 00:45:59 executing program 5: timer_create(0xfffffffffffffffe, 0x0, &(0x7f0000000180)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) timer_settime(0x0, 0x0, &(0x7f0000000080)={{}, {0x0, 0x9}}, &(0x7f0000d43000)) 00:45:59 executing program 0: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snapshot\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xf, 0x4, 0x4, 0x8, 0x0, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x3c) [ 181.076488][ T7780] EXT4-fs: Warning: mounting with data=journal disables delayed allocation and O_DIRECT support! [ 181.144575][ T7780] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 181.199482][ T7780] EXT4-fs (loop3): Couldn't mount because of unsupported optional features (22fa1800) [ 181.318434][ T7780] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 181.348387][ T7780] EXT4-fs (loop3): Couldn't mount because of unsupported optional features (22fa1800) 00:46:00 executing program 2: setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0) r0 = dup(0xffffffffffffffff) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, &(0x7f0000000040), &(0x7f00000001c0)=0x4) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=0x201, 0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000140)='/dev/loop#\x00', 0x0, 0x100082) r2 = memfd_create(&(0x7f00000002c0)='wlan1\x00d5sum\x00', 0x100000000) ioctl$FS_IOC_FIEMAP(r2, 0xc020660b, &(0x7f0000000900)={0x3, 0x3f, 0x1, 0x0, 0x7, [{0x4, 0x2, 0x1, 0x0, 0x0, 0x408}, {0x1f, 0x6, 0x2, 0x0, 0x0, 0x2}, {0x0, 0x3, 0x8001, 0x0, 0x0, 0x1a89}, {0x7fffffff, 0xfffffffffffff4d9, 0xd27e, 0x0, 0x0, 0x200}, {0x5a28, 0x24000000000000, 0x0, 0x0, 0x0, 0x1000}, {0x1ff, 0x40, 0x10001, 0x0, 0x0, 0x8}, {0xffffffff, 0xfff, 0x80, 0x0, 0x0, 0x2}]}) flock(r2, 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f0000000480)={{0x7fffffff, 0x2}, 'port1\x00', 0x20, 0x20000, 0x296, 0x5, 0xfffffffffffffffa, 0x1ff, 0x2, 0x0, 0x5, 0x7}) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) pwritev(r2, &(0x7f00000000c0)=[{&(0x7f00000005c0)='\'', 0x1}], 0x1, 0x81806) fsetxattr$security_smack_transmute(r2, &(0x7f0000000000)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000080)='TRUE', 0x4, 0x0) migrate_pages(0x0, 0x400, &(0x7f0000000240)=0xfffffffffffffffb, &(0x7f0000000300)=0x5) sendfile(r1, r2, 0x0, 0x20000102000007) 00:46:00 executing program 4: r0 = gettid() timer_create(0x0, 0x0, 0x0) r1 = shmget$private(0x0, 0x2000, 0x0, &(0x7f0000ffc000/0x2000)=nil) shmctl$IPC_STAT(r1, 0x2, 0x0) timer_create(0x0, &(0x7f0000001280)={0x0, 0x4000000000000012, 0x0, @thr={0x0, 0x0}}, &(0x7f0000001240)) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) r2 = shmat(r1, &(0x7f0000ffc000/0x1000)=nil, 0x2325d08bdbe12da6) shmdt(r2) tkill(r0, 0x1000000000016) 00:46:00 executing program 5: timer_create(0xfffffffffffffffe, 0x0, &(0x7f0000000180)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) timer_settime(0x0, 0x0, &(0x7f0000000080)={{}, {0x0, 0x9}}, &(0x7f0000d43000)) 00:46:00 executing program 1: clone(0x200, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000000340)='./file0\x00', 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000180)=""/11, 0x5e) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) prlimit64(0x0, 0x3, &(0x7f00000001c0), 0x0) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_execute_func(&(0x7f0000000040)="410f01f964ff0941c3c4e2c99758423e46d8731266420fe2e33e0f1110c442019dcc6f") r1 = creat(&(0x7f00000002c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x109) r2 = dup2(r0, r1) execve(&(0x7f00000000c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0) ioctl$KDGETKEYCODE(r2, 0x4b4c, 0x0) open$dir(&(0x7f0000000240)='./file0\x00', 0x841, 0x0) 00:46:00 executing program 0: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snapshot\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xf, 0x4, 0x4, 0x8, 0x0, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x3c) 00:46:00 executing program 3: getsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x5, 0x0) bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(0xffffffffffffffff, 0x800442d2, 0x0) listen(r0, 0x103) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) recvmmsg(r0, &(0x7f0000001b40)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x600, 0x3e8}}], 0x500, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) close(0xffffffffffffffff) ioctl$TIOCSCTTY(0xffffffffffffffff, 0x540e, 0x0) write(r1, &(0x7f0000000100), 0x34000) 00:46:00 executing program 0: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snapshot\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xf, 0x4, 0x4, 0x8, 0x0, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x3c) 00:46:00 executing program 5: timer_create(0xfffffffffffffffe, 0x0, &(0x7f0000000180)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) timer_settime(0x0, 0x0, &(0x7f0000000080)={{}, {0x0, 0x9}}, &(0x7f0000d43000)) [ 182.577149][ T7822] check_preemption_disabled: 3 callbacks suppressed [ 182.577162][ T7822] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7822 [ 182.593416][ T7822] caller is ip6_finish_output+0x335/0xdc0 [ 182.599144][ T7822] CPU: 0 PID: 7822 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 182.608170][ T7822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 182.618228][ T7822] Call Trace: [ 182.621532][ T7822] dump_stack+0x172/0x1f0 [ 182.625884][ T7822] __this_cpu_preempt_check+0x246/0x270 [ 182.631442][ T7822] ip6_finish_output+0x335/0xdc0 [ 182.636410][ T7822] ip6_output+0x235/0x7f0 [ 182.640752][ T7822] ? ip6_finish_output+0xdc0/0xdc0 [ 182.646039][ T7822] ? ip6_fragment+0x3980/0x3980 [ 182.651155][ T7822] ? kasan_check_read+0x11/0x20 [ 182.656018][ T7822] ip6_xmit+0xe41/0x20c0 [ 182.660268][ T7822] ? ip6_finish_output2+0x2550/0x2550 [ 182.665639][ T7822] ? mark_held_locks+0xf0/0xf0 [ 182.670415][ T7822] ? ip6_setup_cork+0x1870/0x1870 [ 182.675455][ T7822] sctp_v6_xmit+0x313/0x660 [ 182.679975][ T7822] sctp_packet_transmit+0x1bc4/0x36f0 [ 182.685385][ T7822] ? sctp_packet_config+0xfe0/0xfe0 [ 182.690591][ T7822] ? sctp_packet_append_chunk+0x946/0xda0 [ 182.696335][ T7822] ? sctp_outq_select_transport+0x21a/0x790 [ 182.702237][ T7822] sctp_outq_flush_ctrl.constprop.0+0x6d4/0xd50 [ 182.708491][ T7822] ? sctp_prsctp_prune_sent.isra.0+0x820/0x820 [ 182.714642][ T7822] ? lock_downgrade+0x880/0x880 [ 182.719496][ T7822] ? add_timer+0x400/0x930 [ 182.723911][ T7822] ? find_held_lock+0x35/0x130 [ 182.728679][ T7822] ? add_timer+0x41e/0x930 [ 182.733369][ T7822] sctp_outq_flush+0xe8/0x2780 [ 182.738135][ T7822] ? mark_held_locks+0xa4/0xf0 [ 182.742899][ T7822] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 182.748702][ T7822] ? add_timer+0x41e/0x930 [ 182.753118][ T7822] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 182.758924][ T7822] ? lockdep_hardirqs_on+0x418/0x5d0 [ 182.764205][ T7822] ? trace_hardirqs_on+0x67/0x230 [ 182.769240][ T7822] ? __sctp_outq_teardown+0xc60/0xc60 [ 182.774623][ T7822] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 182.780950][ T7822] ? sctp_outq_tail+0x68c/0x930 [ 182.785813][ T7822] sctp_outq_uncork+0x6c/0x80 [ 182.790494][ T7822] sctp_do_sm+0x2575/0x5770 [ 182.795001][ T7822] ? sctp_hash_transport+0xdb1/0x18d0 [ 182.800398][ T7822] ? sctp_do_8_2_transport_strike.isra.0+0x940/0x940 [ 182.807075][ T7822] ? __local_bh_enable_ip+0x15a/0x270 [ 182.812456][ T7822] ? lock_downgrade+0x880/0x880 [ 182.817305][ T7822] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 182.823554][ T7822] ? kasan_check_read+0x11/0x20 [ 182.828411][ T7822] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 182.834657][ T7822] ? sctp_hash_transport+0x10b/0x18d0 [ 182.840046][ T7822] ? memcpy+0x46/0x50 [ 182.844030][ T7822] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 182.850363][ T7822] ? sctp_assoc_set_primary+0x274/0x310 [ 182.855919][ T7822] sctp_primitive_ASSOCIATE+0x9d/0xd0 [ 182.861304][ T7822] __sctp_connect+0x8cd/0xce0 [ 182.865986][ T7822] ? sctp_sendmsg_to_asoc+0x17b0/0x17b0 [ 182.871568][ T7822] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 182.877805][ T7822] ? _copy_from_user+0xdd/0x150 [ 182.882711][ T7822] ? security_sctp_bind_connect+0x99/0xd0 [ 182.888436][ T7822] __sctp_setsockopt_connectx+0x133/0x1a0 [ 182.894161][ T7822] sctp_setsockopt+0x15db/0x6fe0 [ 182.899106][ T7822] ? sctp_setsockopt_paddr_thresholds+0x540/0x540 [ 182.905518][ T7822] ? kasan_check_read+0x11/0x20 [ 182.910386][ T7822] ? ___might_sleep+0x163/0x280 [ 182.915411][ T7822] ? __might_sleep+0x95/0x190 [ 182.920091][ T7822] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 182.925718][ T7822] ? aa_sk_perm+0x288/0x880 [ 182.930230][ T7822] ? aa_sock_opt_perm.isra.0+0xa1/0x130 [ 182.935777][ T7822] sock_common_setsockopt+0x9a/0xe0 [ 182.942473][ T7822] __sys_setsockopt+0x180/0x280 [ 182.947364][ T7822] ? kernel_accept+0x310/0x310 [ 182.952141][ T7822] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 182.957600][ T7822] ? do_syscall_64+0x26/0x610 [ 182.962276][ T7822] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 182.968346][ T7822] ? do_syscall_64+0x26/0x610 [ 182.973041][ T7822] __x64_sys_setsockopt+0xbe/0x150 [ 182.978154][ T7822] do_syscall_64+0x103/0x610 [ 182.982750][ T7822] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 182.988638][ T7822] RIP: 0033:0x4582b9 [ 182.992528][ T7822] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 183.012223][ T7822] RSP: 002b:00007f4a46198c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 183.020648][ T7822] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004582b9 [ 183.028640][ T7822] RDX: 000000000000006b RSI: 0000000000000084 RDI: 0000000000000005 [ 183.036619][ T7822] RBP: 000000000073c040 R08: 000000000000001c R09: 0000000000000000 [ 183.044588][ T7822] R10: 0000000020000000 R11: 0000000000000246 R12: 00007f4a461996d4 [ 183.052556][ T7822] R13: 00000000004cd198 R14: 00000000004dafa0 R15: 00000000ffffffff 00:46:01 executing program 5: timer_create(0xfffffffffffffffe, 0x0, &(0x7f0000000180)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) timer_settime(0x0, 0x0, &(0x7f0000000080)={{}, {0x0, 0x9}}, &(0x7f0000d43000)) 00:46:01 executing program 0: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snapshot\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xf, 0x4, 0x4, 0x8, 0x0, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x3c) 00:46:01 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:46:01 executing program 5: timer_create(0xfffffffffffffffe, 0x0, &(0x7f0000000180)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) timer_settime(0x0, 0x0, &(0x7f0000000080)={{}, {0x0, 0x9}}, &(0x7f0000d43000))