[ 31.633603][ T26] audit: type=1800 audit(1550849308.466:27): pid=7247 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 31.656319][ T26] audit: type=1800 audit(1550849308.476:28): pid=7247 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 32.442361][ T26] audit: type=1800 audit(1550849309.366:29): pid=7247 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 32.462747][ T26] audit: type=1800 audit(1550849309.366:30): pid=7247 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.252' (ECDSA) to the list of known hosts. 2019/02/22 15:28:38 fuzzer started 2019/02/22 15:28:40 dialing manager at 10.128.0.26:34601 2019/02/22 15:28:41 syscalls: 1 2019/02/22 15:28:41 code coverage: enabled 2019/02/22 15:28:41 comparison tracing: enabled 2019/02/22 15:28:41 extra coverage: extra coverage is not supported by the kernel 2019/02/22 15:28:41 setuid sandbox: enabled 2019/02/22 15:28:41 namespace sandbox: enabled 2019/02/22 15:28:41 Android sandbox: /sys/fs/selinux/policy does not exist 2019/02/22 15:28:41 fault injection: enabled 2019/02/22 15:28:41 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/02/22 15:28:41 net packet injection: enabled 2019/02/22 15:28:41 net device setup: enabled 15:30:46 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(aes)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) accept$packet(r1, 0x0, 0x0) syzkaller login: [ 170.161488][ T7413] IPVS: ftp: loaded support on port[0] = 21 15:30:47 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu\x00', 0x200002, 0x0) r2 = openat$cgroup_procs(r1, &(0x7f0000000080)='tasks\x00', 0x2, 0x0) r3 = socket$kcm(0x29, 0x805, 0x0) sendfile(r3, r2, 0x0, 0x800000000ffff) [ 170.319565][ T7413] chnl_net:caif_netlink_parms(): no params data found [ 170.360744][ T7413] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.368853][ T7413] bridge0: port 1(bridge_slave_0) entered disabled state [ 170.377029][ T7413] device bridge_slave_0 entered promiscuous mode [ 170.385120][ T7413] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.392611][ T7413] bridge0: port 2(bridge_slave_1) entered disabled state [ 170.400624][ T7413] device bridge_slave_1 entered promiscuous mode [ 170.420927][ T7413] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 170.436944][ T7413] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 170.452222][ T7416] IPVS: ftp: loaded support on port[0] = 21 [ 170.491447][ T7413] team0: Port device team_slave_0 added [ 170.498965][ T7413] team0: Port device team_slave_1 added 15:30:47 executing program 2: clone(0x0, 0x0, 0x0, 0x0, 0x0) set_robust_list(0x0, 0x0) [ 170.578396][ T7413] device hsr_slave_0 entered promiscuous mode [ 170.616319][ T7413] device hsr_slave_1 entered promiscuous mode 15:30:47 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-ssse3\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg(r1, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can, 0x7ffff000, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x1a9, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) [ 170.752510][ T7418] IPVS: ftp: loaded support on port[0] = 21 [ 170.763759][ T7413] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.770939][ T7413] bridge0: port 2(bridge_slave_1) entered forwarding state [ 170.778606][ T7413] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.785651][ T7413] bridge0: port 1(bridge_slave_0) entered forwarding state [ 170.887077][ T7416] chnl_net:caif_netlink_parms(): no params data found [ 170.890743][ T7421] IPVS: ftp: loaded support on port[0] = 21 [ 170.955616][ T7416] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.965033][ T7416] bridge0: port 1(bridge_slave_0) entered disabled state [ 170.972836][ T7416] device bridge_slave_0 entered promiscuous mode [ 170.995346][ T7416] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.004623][ T7416] bridge0: port 2(bridge_slave_1) entered disabled state [ 171.012544][ T7416] device bridge_slave_1 entered promiscuous mode [ 171.067799][ T7413] 8021q: adding VLAN 0 to HW filter on device bond0 [ 171.075612][ T7416] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 171.085940][ T7418] chnl_net:caif_netlink_parms(): no params data found [ 171.099494][ T7416] bond0: Enslaving bond_slave_1 as an active interface with an up link 15:30:48 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") pipe(&(0x7f0000000000)) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x2dce334) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000100)) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) [ 171.130730][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 171.140789][ T3482] bridge0: port 1(bridge_slave_0) entered disabled state [ 171.161963][ T3482] bridge0: port 2(bridge_slave_1) entered disabled state [ 171.174146][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 171.200295][ T7413] 8021q: adding VLAN 0 to HW filter on device team0 [ 171.217027][ T7416] team0: Port device team_slave_0 added [ 171.234449][ T7416] team0: Port device team_slave_1 added [ 171.303923][ T7424] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 171.315200][ T7424] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.322311][ T7424] bridge0: port 1(bridge_slave_0) entered forwarding state [ 171.356367][ T7418] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.363412][ T7418] bridge0: port 1(bridge_slave_0) entered disabled state [ 171.371770][ T7418] device bridge_slave_0 entered promiscuous mode [ 171.383871][ T7421] chnl_net:caif_netlink_parms(): no params data found 15:30:48 executing program 5: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, &(0x7f00000001c0), 0xfffffef3) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu\x00', 0x200002, 0x0) truncate(&(0x7f0000000240)='./bus\x00', 0x800) open(&(0x7f0000000140)='./bus\x00', 0x8, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_open_procfs(0x0, &(0x7f0000000940)='mounts\x00\xbau\xb6\t\x1el\xe4YD\x7f}\xae\xbc\xf7`\xa6\"\r\r\\*\xe0(\xe3,\x17|\xe9\x91\xb9\x80\xbf\"D\x05\xfc$\xa3\x1dl\x127\xc1\xcb\xa1\x8b\xff\x9b\xf6\x11\x1aJ\x9fn\x82\x02%\xdc\x02\xf4\x85k\x8a\x11\x03B\x96\x1c\x11p\x7f\x9bqd\xd9\t\xd6\xd4v\x90sPo\x8cn\xbb\x04Jz\x8e<\x03\xa3,\xa1pi\xf3\xc2\x81\xd4(\xce{\x1f/?C\xc4\xf6}\x98\xc0\xf4n5u\xd3\x1d\xb1Y*\xc7\x10\x87\xba\x12Lr\x1fl\x03j\xb9L\x95H@>g~\xed\xb1u\xc4\xdal\xce\xe8\xb4\x16\xa4-\x88\x05\xddR\xc9\x1e\xb9\x85\xbf\x19\xee\xb4\x8c\xbf\x01~i\x8a\xb0f\xa6\xc4\x9eAf\x06\xd8\xd0Fy\x066\xad\\\xeeD\x84\al\xd8\x92\xe8~\x9c\xd0\xf7L\xd27\xb1\xf2\xb7\x8df\x87\xd6C\f\xe6\xbbH\x93\xad\b\xa9et\x8b\xca#\aU\xd0\x16\x1afI\x81\x842[v\xbd\xd3\xd1\x13\xd1\x97m\xbd\xdd\x9d_\xc0\xb1I\xf9_\xd1\xff\xfc\xd4{\x86\x96\xa1\xe3\xdb\xbb0\x16s\xc4\xdb\\fe:s\xcc\xd3\xab\xafc\x8a\x9b\x92\x17\x03E/\xb1T\xeb\xac\x1aiF\xfe\xcb\xff\x94C\xcd\x1e\xc3\'g\nu#0\x13\x8a<\xe0\xd3\xb7\xf6\x96\x12\x00\xbaLA\x8d\xef\x1b\xd6\xd0a\x94\x00<\xcc@\xd15(\x91\x83(\xe0\xe3\xbfm\tc\x1bJj\xa6\n5\xdb\xe3\x8eo\xef_\xe7@!r\x1b\x8a \x97>\\S\xef\xd6lz!\xb8\x9f\a\xd9\x88,k\xb9;@\x0e\x1e\x91\x8a,\xe7co4\xfc\xb4\xa6\xcdkK\xfe:1\xec5\xd4l+\xba\x95\xfd\x05\xed\x9d') sendfile(r1, r2, 0x0, 0x800000080008002) [ 171.400472][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 171.413299][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 171.421948][ T3482] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.429032][ T3482] bridge0: port 2(bridge_slave_1) entered forwarding state [ 171.508761][ T7416] device hsr_slave_0 entered promiscuous mode [ 171.566267][ T7416] device hsr_slave_1 entered promiscuous mode [ 171.626905][ T7418] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.630238][ T7428] IPVS: ftp: loaded support on port[0] = 21 [ 171.633957][ T7418] bridge0: port 2(bridge_slave_1) entered disabled state [ 171.651036][ T7418] device bridge_slave_1 entered promiscuous mode [ 171.691074][ T7421] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.698235][ T7421] bridge0: port 1(bridge_slave_0) entered disabled state [ 171.705787][ T7421] device bridge_slave_0 entered promiscuous mode [ 171.713883][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 171.722643][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 171.754109][ T7421] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.761574][ T7421] bridge0: port 2(bridge_slave_1) entered disabled state [ 171.770949][ T7421] device bridge_slave_1 entered promiscuous mode [ 171.785927][ T7421] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 171.788671][ T7430] IPVS: ftp: loaded support on port[0] = 21 [ 171.794441][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 171.809232][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 171.817894][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 171.826354][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 171.834792][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 171.845511][ T7418] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 171.855638][ T7418] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 171.866740][ T7420] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 171.874842][ T7420] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 171.884343][ T7421] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 171.922800][ T7421] team0: Port device team_slave_0 added [ 171.931637][ T7418] team0: Port device team_slave_0 added [ 171.959753][ T7421] team0: Port device team_slave_1 added [ 171.971521][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 171.980138][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 171.989886][ T7418] team0: Port device team_slave_1 added [ 172.007679][ T7428] chnl_net:caif_netlink_parms(): no params data found [ 172.020152][ T7413] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 172.127801][ T7421] device hsr_slave_0 entered promiscuous mode [ 172.166545][ T7421] device hsr_slave_1 entered promiscuous mode [ 172.218758][ T7428] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.225812][ T7428] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.234803][ T7428] device bridge_slave_0 entered promiscuous mode [ 172.245867][ T7428] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.253174][ T7428] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.260829][ T7428] device bridge_slave_1 entered promiscuous mode [ 172.328790][ T7418] device hsr_slave_0 entered promiscuous mode [ 172.366398][ T7418] device hsr_slave_1 entered promiscuous mode [ 172.447152][ T7430] chnl_net:caif_netlink_parms(): no params data found [ 172.470818][ T7428] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 172.481558][ T7413] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 172.495512][ T7416] 8021q: adding VLAN 0 to HW filter on device bond0 [ 172.518947][ T7428] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 172.567025][ T7428] team0: Port device team_slave_0 added [ 172.573699][ T7428] team0: Port device team_slave_1 added [ 172.610241][ T7416] 8021q: adding VLAN 0 to HW filter on device team0 [ 172.618449][ T7430] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.632232][ T7430] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.640786][ T7430] device bridge_slave_0 entered promiscuous mode [ 172.652863][ T7420] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready 15:30:49 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f00000002c0)=[@increfs], 0x0, 0x0, 0x0}) [ 172.660864][ T7420] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 172.720990][ T7428] device hsr_slave_0 entered promiscuous mode [ 172.750144][ T7446] binder: 7444:7446 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 172.776449][ T7428] device hsr_slave_1 entered promiscuous mode [ 172.821933][ T7430] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.829237][ T7430] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.838198][ T7430] device bridge_slave_1 entered promiscuous mode [ 172.851019][ T7424] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 172.859822][ T7424] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 172.868218][ T7424] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.875244][ T7424] bridge0: port 1(bridge_slave_0) entered forwarding state [ 172.882849][ T7424] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 172.908108][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 15:30:49 executing program 0: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) futex(0x0, 0x100000000000087, 0x0, 0x0, 0x0, 0x41000000000000) [ 172.917630][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 172.929129][ T3482] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.936234][ T3482] bridge0: port 2(bridge_slave_1) entered forwarding state [ 172.970563][ T7430] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 172.991622][ T7430] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 173.008979][ T7424] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 173.018573][ T7424] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 173.027216][ T7424] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 173.035508][ T7424] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 173.044726][ T7424] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 173.064416][ T7421] 8021q: adding VLAN 0 to HW filter on device bond0 15:30:50 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r1, &(0x7f0000000080), 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) getsockopt$ARPT_SO_GET_INFO(r0, 0x0, 0x60, 0x0, &(0x7f0000000200)) [ 173.073526][ T7418] 8021q: adding VLAN 0 to HW filter on device bond0 [ 173.086853][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 173.095481][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 173.123470][ T7416] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 173.153497][ T7416] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 173.173544][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 173.182298][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 173.196517][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 173.204766][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 173.213699][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 173.233643][ T7430] team0: Port device team_slave_0 added [ 173.240429][ T7430] team0: Port device team_slave_1 added [ 173.257590][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 173.265553][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 173.273401][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready 15:30:50 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0xffffffffffffffb5, 0x20000802, &(0x7f0000000140)={0x2, 0x10004e23}, 0x68) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='ip6_vti0\x00', 0x10) sendto$inet(r0, &(0x7f0000000180)="c9", 0x1, 0x0, 0x0, 0x0) [ 173.281398][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 173.296476][ T7421] 8021q: adding VLAN 0 to HW filter on device team0 [ 173.311067][ T7418] 8021q: adding VLAN 0 to HW filter on device team0 15:30:50 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f00000002c0)=[@increfs], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x5c, 0x0, &(0x7f0000000180)=[@request_death={0x400c630e, 0x0, 0x2}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x9}}], 0x7d, 0x0, &(0x7f0000000200)="07ddd5de3bfb1436a2e73d88ecde6e97bdd269f02fb4cb7a87cca6ebdac152457f5cfc38886e15a8a5490e5b3a4b55c890473084c90ca667f6b06288b2bfea77663187d9b9d4ec1edca1609c62f36d2fcedb61eae9de1de9ef1260a428a50b220239f6881d5b45e76a98af50f247864be98d8a67fc2d91a027adcc72b2"}) [ 173.337953][ T7428] 8021q: adding VLAN 0 to HW filter on device bond0 [ 173.355611][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 173.366656][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 173.375132][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 173.383471][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.390541][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 173.399429][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 173.424240][ T7461] binder: 7459:7461 IncRefs 0 refcount change on invalid ref 0 ret -22 15:30:50 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_IRQCHIP(r1, 0xc208ae62, &(0x7f0000000100)={0x1, 0x0, @pic={0x0, 0x0, 0x0, 0x0, 0x80000000}}) [ 173.433407][ T7461] binder: 7459:7461 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 173.442494][ T7461] binder: 7459:7461 transaction failed 29189/-22, size 0-0 line 2994 [ 173.451468][ T7461] binder: 7459:7461 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 173.460155][ T7462] binder: 7459:7462 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 173.468321][ T7462] binder: 7459:7462 transaction failed 29189/-22, size 0-0 line 2994 [ 173.478214][ T7430] device hsr_slave_0 entered promiscuous mode [ 173.512032][ T7465] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 173.516301][ T7430] device hsr_slave_1 entered promiscuous mode 15:30:50 executing program 0: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='proc\x00', 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getdents(r0, &(0x7f0000000100)=""/124, 0x1016a) [ 173.580453][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 173.594508][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 173.616189][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.623230][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 173.630840][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 173.639324][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 173.647611][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.654628][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 173.662351][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 173.671281][ T7416] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 173.704892][ T7428] 8021q: adding VLAN 0 to HW filter on device team0 [ 173.724249][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 173.736268][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 173.744672][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 173.755228][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 173.763787][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.770843][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 173.778547][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 173.787581][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 173.796123][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 173.804363][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 173.812715][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 173.821062][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 173.829222][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 173.836791][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 173.844479][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 173.856591][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 173.864846][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 173.873740][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 173.882328][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 173.890542][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 173.898785][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 173.930408][ T7418] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 173.948920][ T7418] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 173.963991][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 173.975849][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 173.984347][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 173.992955][ T3482] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.000051][ T3482] bridge0: port 1(bridge_slave_0) entered forwarding state [ 174.007792][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 174.018359][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 174.026737][ T3482] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.033759][ T3482] bridge0: port 2(bridge_slave_1) entered forwarding state [ 174.041650][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 174.050045][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 174.058438][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 174.066950][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 174.075172][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 174.083371][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 174.091433][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 174.100080][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 174.108747][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 174.117015][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 174.125430][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 174.133430][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 174.146889][ T7421] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 174.162243][ T7418] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 174.186541][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 174.194811][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 174.203896][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 174.212498][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 174.220767][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 174.228925][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 15:30:51 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu\x00', 0x200002, 0x0) r2 = openat$cgroup_procs(r1, &(0x7f0000000080)='tasks\x00', 0x2, 0x0) r3 = socket$kcm(0x29, 0x805, 0x0) sendfile(r3, r2, 0x0, 0x800000000ffff) [ 174.248314][ T7430] 8021q: adding VLAN 0 to HW filter on device bond0 [ 174.270075][ T7428] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 174.290831][ T7430] 8021q: adding VLAN 0 to HW filter on device team0 15:30:51 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000003fe8)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000240)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) clone(0x2102001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x6, 0x0, 0x0) close(r1) [ 174.318816][ T7421] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 174.337451][ T7420] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 174.345063][ T7420] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 174.383155][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 174.403035][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 174.429503][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.436623][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 174.448280][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 174.457122][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 174.465362][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.472452][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 174.481769][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 174.491892][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 174.502531][ T7428] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 174.528349][ T7420] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 174.542553][ T7420] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 174.552830][ T7420] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 174.566574][ T7420] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 174.575136][ T7420] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 174.593021][ T7420] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 174.604302][ T7420] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 174.616787][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 174.629083][ T7430] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 174.663390][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 174.672134][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 174.725899][ T7430] 8021q: adding VLAN 0 to HW filter on device batadv0 15:30:51 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uinput\x00', 0x805, 0x0) write$uinput_user_dev(r0, &(0x7f0000000d00)={'syz1\x00'}, 0x45c) write$uinput_user_dev(r0, &(0x7f0000000100)={'syz1\x00'}, 0x45c) 15:30:52 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x14) 15:30:52 executing program 0: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x40, 0x0) 15:30:52 executing program 1: syz_open_dev$amidi(0x0, 0x0, 0x103000) r0 = syz_open_procfs(0x0, &(0x7f0000000280)='net/netstat\x00') fanotify_mark(0xffffffffffffffff, 0x4, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x4) writev(r1, &(0x7f0000000340)=[{&(0x7f0000000a80)="d85e678e676090b1343eb9c52bd02479d0747d8b2ab1410220300dba233c5193d6240d4a4d3d2a693cc7b07ce79ebbae29f214bee98043109616a4205ae885b9fa8c3b79353fa61bf3da3d814e673a4e0524a241d81a07f6dd09e1d0e34871ddf209e2e0ea4539e15d", 0x69}], 0x1) vmsplice(r0, 0x0, 0x0, 0x0) sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, 0x0, 0x40000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_elf32(r1, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f454c4600010000000000040000000000003e0000000000000000003800000000000000042233e9c50000000000002000000000000000000000c9484caaef0000000000000000000000000000000000000008000500000000000000000000000000dcd22cd830a0b2dfb284f65df3be04dde0a02b9b0419a613996c39550c551257a02ed03c964962b39865598eb492c34f905034bd7d9f10500ef64d649be114b2288c34fb7ddc637b9d0946f83fec2e839af8f9e12f1ee74fb6162bd4376c76bc5adde08ed5100ccc787198f570d1cf8416e898239ed43d19c4bb3eaa5c94af371c3873f17fd32c7f6dcd68149eaab27808e12a5f8b9eba051e6aa9643ecc28e846a75295aa20a67542b2e0f401cfa52d12d67c3a56d14afd8af1bc576c97aa3fd8157f787bc01ec50235d4478600038529f054d742fc59d22047ac17a240259f075336007911856ceec85fdfa92e4a10870b1dcaafd938a33e8aaef120c74f3535db08184a92fa"], 0x169) write$binfmt_elf64(r1, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 15:30:52 executing program 2: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) mknod$loop(&(0x7f0000000040)='./file0\x00', 0x6009, 0x1) clone(0x2100001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000002c0)=@filename='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='udf\x00', 0x0, 0x0) clone(0x4c000000, 0x0, 0x0, 0x0, 0x0) 15:30:52 executing program 3: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) clone(0x80002102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0xfdf2) setsockopt$inet6_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f0000000100)={0x8}, 0x4) write$apparmor_exec(r1, 0x0, 0x0) 15:30:52 executing program 5: syz_open_dev$usbmon(&(0x7f00000005c0)='/dev/usbmon#\x00', 0xcd, 0x0) ioctl$PPPIOCSDEBUG(0xffffffffffffffff, 0x40047440, 0x0) fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) getsockopt$IP6T_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x29, 0x45, 0x0, 0x0) creat(0x0, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, 0xffffffffffffffff) setsockopt$inet6_tcp_int(r0, 0x6, 0x12, &(0x7f00000003c0)=0x7f, 0x4) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r2, 0x2007fff) sendfile(r1, r2, 0x0, 0x8000fffffffe) 15:30:52 executing program 0: r0 = epoll_create1(0x0) epoll_pwait(r0, &(0x7f0000000000)=[{}], 0x1, 0x7ff, 0x0, 0x0) r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uhid\x00', 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000000c0)={0x4011}) write$UHID_CREATE(r1, &(0x7f0000000100)={0x0, 'syz1\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000000)=""/11, 0xb}, 0x11c) 15:30:52 executing program 3: syz_emit_ethernet(0x1, &(0x7f0000000400)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd601bfc97004d88cb04000000000000000000000000000000ff02000000000000000000000000000100004e20f50b9078e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934eccc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed00000000000000000000000"], 0x0) [ 175.684024][ T2488] print_req_error: I/O error, dev loop5, sector 64 flags 0 [ 175.700734][ T7522] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 175.713897][ T2487] print_req_error: I/O error, dev loop5, sector 256 flags 0 [ 175.747984][ T7526] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 15:30:52 executing program 4: r0 = eventfd2(0x0, 0x0) read(r0, &(0x7f00000000c0)=""/162, 0xa2) r1 = dup(r0) write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f0000000000)={0x30}, 0x30) [ 175.808474][ C1] hrtimer: interrupt took 59475 ns [ 175.823463][ T5] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 175.834246][ T7531] IPVS: ftp: loaded support on port[0] = 21 [ 175.855158][ T5] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 15:30:52 executing program 3: r0 = syz_open_dev$loop(&(0x7f0000000100)='/dev/loop#\x00', 0x0, 0x105082) r1 = memfd_create(&(0x7f0000000180)='}#*nodevem2N,\x00', 0x0) pwritev(r1, &(0x7f00000000c0)=[{&(0x7f0000000480)="a8", 0x1}], 0x1, 0x81000) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x80084503, 0x0) pipe(&(0x7f00000001c0)) sendfile(r0, r1, 0x0, 0x80005) [ 175.895489][ T2488] print_req_error: I/O error, dev loop5, sector 512 flags 0 [ 175.903130][ T5] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 175.908654][ T7526] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=512, location=512 15:30:52 executing program 4: r0 = eventfd2(0x0, 0x0) read(r0, &(0x7f00000000c0)=""/162, 0xa2) r1 = dup(r0) write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f0000000000)={0x30}, 0x30) [ 175.960906][ T5] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 176.011200][ T5] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 176.062354][ T5] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 176.072696][ T7551] BUG: Bad page state in process syz-executor.3 pfn:7ac52 [ 176.106525][ T7551] page:ffffea0001eb1480 count:0 mapcount:0 mapping:ffff8880911c4820 index:0x0 [ 176.119356][ T7526] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 176.221279][ T5] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 176.233819][ T7551] shmem_aops [ 176.233826][ T7551] name:"memfd:}#*nodevem2N," [ 176.261325][ T7551] flags: 0x1fffc000008000c(uptodate|dirty|swapbacked) 15:30:53 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000100)={'ne\x80teviim0\x00\x02\x00', 0x1402}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x339) close(r0) [ 176.285672][ T5] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 176.295921][ T7526] UDF-fs: Scanning with blocksize 512 failed [ 176.329175][ T7551] raw: 01fffc000008000c dead000000000100 dead000000000200 ffff8880911c4820 [ 176.353796][ T5] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 176.362817][ T2488] print_req_error: I/O error, dev loop5, sector 64 flags 0 15:30:53 executing program 5: unshare(0x6c060000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) semget(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$IP6T_SO_GET_INFO(r0, 0x29, 0x40, &(0x7f0000000000)={'security\x00'}, &(0x7f0000000140)=0x54) [ 176.383270][ T7551] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 176.392258][ T2488] print_req_error: I/O error, dev loop5, sector 512 flags 0 [ 176.400910][ T7526] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 176.436988][ T7551] page dumped because: non-NULL mapping [ 176.481851][ T7551] Modules linked in: [ 176.495702][ T7551] CPU: 1 PID: 7551 Comm: syz-executor.3 Not tainted 5.0.0-rc7-next-20190222 #41 [ 176.504743][ T7551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 176.514802][ T7551] Call Trace: [ 176.518098][ T7551] dump_stack+0x172/0x1f0 [ 176.522442][ T7551] bad_page.cold+0xda/0xff [ 176.526867][ T7551] ? si_mem_available+0x320/0x320 [ 176.531900][ T7551] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 176.538138][ T7551] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 176.544387][ T7551] free_pages_check_bad+0x142/0x1a0 [ 176.549597][ T7551] free_unref_page+0x3c6/0x600 [ 176.554366][ T7551] __put_page+0x8d/0xd0 [ 176.558531][ T7551] page_cache_pipe_buf_release+0x12b/0x180 [ 176.564339][ T7551] iter_file_splice_write+0x7d1/0xbe0 [ 176.569725][ T7551] ? atime_needs_update+0x5f0/0x5f0 [ 176.574940][ T7551] ? page_cache_pipe_buf_confirm+0x2b0/0x2b0 [ 176.580938][ T7551] ? rw_verify_area+0x118/0x360 [ 176.585790][ T7551] ? page_cache_pipe_buf_confirm+0x2b0/0x2b0 [ 176.591775][ T7551] direct_splice_actor+0x126/0x1a0 [ 176.596894][ T7551] splice_direct_to_actor+0x369/0x970 [ 176.602271][ T7551] ? generic_pipe_buf_nosteal+0x10/0x10 [ 176.607823][ T7551] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 176.614063][ T7551] ? do_splice_to+0x190/0x190 [ 176.618744][ T7551] ? rw_verify_area+0x118/0x360 [ 176.623596][ T7551] do_splice_direct+0x1da/0x2a0 [ 176.628455][ T7551] ? splice_direct_to_actor+0x970/0x970 [ 176.634017][ T7551] ? rw_verify_area+0x118/0x360 [ 176.638870][ T7551] do_sendfile+0x597/0xd00 [ 176.643297][ T7551] ? do_compat_pwritev64+0x1c0/0x1c0 [ 176.648583][ T7551] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 176.654826][ T7551] ? put_timespec64+0xda/0x140 [ 176.659605][ T7551] __x64_sys_sendfile64+0x1dd/0x220 [ 176.664805][ T7551] ? __ia32_sys_sendfile+0x230/0x230 [ 176.670097][ T7551] ? do_syscall_64+0x26/0x610 [ 176.674781][ T7551] ? lockdep_hardirqs_on+0x418/0x5d0 [ 176.680070][ T7551] ? trace_hardirqs_on+0x67/0x230 [ 176.685098][ T7551] do_syscall_64+0x103/0x610 [ 176.689711][ T7551] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 176.695597][ T7551] RIP: 0033:0x457e29 [ 176.699491][ T7551] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 176.719090][ T7551] RSP: 002b:00007f00d6aa8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 176.727498][ T7551] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29 [ 176.735469][ T7551] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 176.743446][ T7551] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 176.751414][ T7551] R10: 0000000000080005 R11: 0000000000000246 R12: 00007f00d6aa96d4 [ 176.759388][ T7551] R13: 00000000004c4dce R14: 00000000004d8af8 R15: 00000000ffffffff [ 176.841519][ T7564] IPVS: ftp: loaded support on port[0] = 21 [ 176.865906][ T2488] print_req_error: I/O error, dev loop5, sector 1024 flags 0 [ 176.873718][ T7526] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=512, location=512 15:30:53 executing program 1: syz_open_dev$amidi(0x0, 0x0, 0x103000) r0 = syz_open_procfs(0x0, &(0x7f0000000280)='net/netstat\x00') fanotify_mark(0xffffffffffffffff, 0x4, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x4) writev(r1, &(0x7f0000000340)=[{&(0x7f0000000a80)="d85e678e676090b1343eb9c52bd02479d0747d8b2ab1410220300dba233c5193d6240d4a4d3d2a693cc7b07ce79ebbae29f214bee98043109616a4205ae885b9fa8c3b79353fa61bf3da3d814e673a4e0524a241d81a07f6dd09e1d0e34871ddf209e2e0ea4539e15d", 0x69}], 0x1) vmsplice(r0, 0x0, 0x0, 0x0) sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, 0x0, 0x40000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_elf32(r1, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f454c4600010000000000040000000000003e0000000000000000003800000000000000042233e9c50000000000002000000000000000000000c9484caaef0000000000000000000000000000000000000008000500000000000000000000000000dcd22cd830a0b2dfb284f65df3be04dde0a02b9b0419a613996c39550c551257a02ed03c964962b39865598eb492c34f905034bd7d9f10500ef64d649be114b2288c34fb7ddc637b9d0946f83fec2e839af8f9e12f1ee74fb6162bd4376c76bc5adde08ed5100ccc787198f570d1cf8416e898239ed43d19c4bb3eaa5c94af371c3873f17fd32c7f6dcd68149eaab27808e12a5f8b9eba051e6aa9643ecc28e846a75295aa20a67542b2e0f401cfa52d12d67c3a56d14afd8af1bc576c97aa3fd8157f787bc01ec50235d4478600038529f054d742fc59d22047ac17a240259f075336007911856ceec85fdfa92e4a10870b1dcaafd938a33e8aaef120c74f3535db08184a92fa"], 0x169) write$binfmt_elf64(r1, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) [ 176.952452][ T7566] IPVS: ftp: loaded support on port[0] = 21 [ 176.987056][ T7526] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 177.045426][ T7526] UDF-fs: Scanning with blocksize 1024 failed [ 177.051754][ T5] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 177.059384][ T5] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 177.069460][ T5] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz1 15:30:54 executing program 0: r0 = epoll_create1(0x0) epoll_pwait(r0, &(0x7f0000000000)=[{}], 0x1, 0x7ff, 0x0, 0x0) r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uhid\x00', 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000000c0)={0x4011}) write$UHID_CREATE(r1, &(0x7f0000000100)={0x0, 'syz1\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000000)=""/11, 0xb}, 0x11c) [ 177.099379][ T7551] Disabling lock debugging due to kernel taint [ 177.105824][ T7551] BUG: Bad page state in process syz-executor.3 pfn:74b31 [ 177.124314][ T2487] print_req_error: I/O error, dev loop5, sector 64 flags 0 [ 177.131901][ T2487] print_req_error: I/O error, dev loop5, sector 1024 flags 0 [ 177.139338][ T7526] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 177.176104][ T7551] page:ffffea0001d2cc40 count:0 mapcount:0 mapping:ffff8880911c4820 index:0x1 [ 177.202095][ T2487] print_req_error: I/O error, dev loop5, sector 2048 flags 0 [ 177.211982][ T7420] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 177.222960][ T7526] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=512, location=512 [ 177.243903][ T7420] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 177.271379][ T7551] shmem_aops [ 177.271385][ T7551] name:"memfd:}#*nodevem2N," [ 177.297045][ T7420] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 177.312757][ T7551] flags: 0x1fffc000008000c(uptodate|dirty|swapbacked) [ 177.321871][ T7526] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 177.360082][ T7551] raw: 01fffc000008000c dead000000000100 dead000000000200 ffff8880911c4820 [ 177.375443][ T7526] UDF-fs: Scanning with blocksize 2048 failed [ 177.402524][ T7420] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 177.421912][ T2487] print_req_error: I/O error, dev loop5, sector 64 flags 0 [ 177.430691][ T7526] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 177.447133][ T7551] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 177.456188][ T7526] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=512, location=512 [ 177.465737][ T7526] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 177.473425][ T7526] UDF-fs: Scanning with blocksize 4096 failed [ 177.479509][ T7526] UDF-fs: warning (device loop5): udf_fill_super: No partition found (1) [ 177.488769][ T7565] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 177.498862][ T7565] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=512, location=512 [ 177.544911][ T7565] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 177.566959][ T7565] UDF-fs: Scanning with blocksize 512 failed [ 177.586258][ T7565] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 177.609942][ T7565] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=512, location=512 [ 177.621910][ T7565] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 177.629697][ T7565] UDF-fs: Scanning with blocksize 1024 failed [ 177.638569][ T7565] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 177.648367][ T7565] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=512, location=512 [ 177.660269][ T7565] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 177.668036][ T7565] UDF-fs: Scanning with blocksize 2048 failed [ 177.674508][ T7565] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 177.686881][ T7565] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=512, location=512 [ 177.698075][ T7565] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 177.705801][ T7565] UDF-fs: Scanning with blocksize 4096 failed [ 177.716254][ T7420] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 177.719829][ T7571] IPVS: ftp: loaded support on port[0] = 21 [ 177.723728][ T7420] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 177.732892][ T7565] UDF-fs: warning (device loop5): udf_fill_super: No partition found (1) [ 177.737198][ T7420] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 177.753015][ T7420] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 177.760965][ T7420] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 177.770365][ T7420] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 177.778319][ T7420] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 177.790772][ T7420] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz1 [ 177.819615][ T7551] page dumped because: non-NULL mapping [ 177.825228][ T7551] Modules linked in: [ 177.853800][ T7551] CPU: 0 PID: 7551 Comm: syz-executor.3 Tainted: G B 5.0.0-rc7-next-20190222 #41 [ 177.864220][ T7551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 177.874269][ T7551] Call Trace: [ 177.877581][ T7551] dump_stack+0x172/0x1f0 [ 177.881917][ T7551] bad_page.cold+0xda/0xff [ 177.886329][ T7551] ? si_mem_available+0x320/0x320 [ 177.891355][ T7551] ? trace_hardirqs_on+0x5e/0x230 [ 177.896382][ T7551] ? _raw_spin_unlock_irqrestore+0x95/0xe0 [ 177.902184][ T7551] free_pages_check_bad+0x142/0x1a0 [ 177.907379][ T7551] free_unref_page+0x3c6/0x600 [ 177.912142][ T7551] __put_page+0x8d/0xd0 [ 177.916298][ T7551] page_cache_pipe_buf_release+0x12b/0x180 [ 177.922099][ T7551] iter_file_splice_write+0x7d1/0xbe0 [ 177.927468][ T7551] ? atime_needs_update+0x5f0/0x5f0 [ 177.932671][ T7551] ? page_cache_pipe_buf_confirm+0x2b0/0x2b0 [ 177.938667][ T7551] ? rw_verify_area+0x118/0x360 [ 177.943517][ T7551] ? page_cache_pipe_buf_confirm+0x2b0/0x2b0 [ 177.949506][ T7551] direct_splice_actor+0x126/0x1a0 [ 177.954616][ T7551] splice_direct_to_actor+0x369/0x970 [ 177.959989][ T7551] ? generic_pipe_buf_nosteal+0x10/0x10 [ 177.965535][ T7551] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 177.971793][ T7551] ? do_splice_to+0x190/0x190 [ 177.976477][ T7551] ? rw_verify_area+0x118/0x360 [ 177.981326][ T7551] do_splice_direct+0x1da/0x2a0 [ 177.986173][ T7551] ? splice_direct_to_actor+0x970/0x970 [ 177.991719][ T7551] ? rw_verify_area+0x118/0x360 [ 177.996584][ T7551] do_sendfile+0x597/0xd00 [ 178.001002][ T7551] ? do_compat_pwritev64+0x1c0/0x1c0 [ 178.006285][ T7551] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 178.012520][ T7551] ? put_timespec64+0xda/0x140 [ 178.017306][ T7551] __x64_sys_sendfile64+0x1dd/0x220 [ 178.022501][ T7551] ? __ia32_sys_sendfile+0x230/0x230 [ 178.027787][ T7551] ? do_syscall_64+0x26/0x610 [ 178.032472][ T7551] ? lockdep_hardirqs_on+0x418/0x5d0 [ 178.037754][ T7551] ? trace_hardirqs_on+0x67/0x230 [ 178.042776][ T7551] do_syscall_64+0x103/0x610 [ 178.047373][ T7551] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 178.053260][ T7551] RIP: 0033:0x457e29 [ 178.057154][ T7551] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 178.076751][ T7551] RSP: 002b:00007f00d6aa8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 178.085156][ T7551] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29 [ 178.093123][ T7551] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 178.101577][ T7551] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 178.109559][ T7551] R10: 0000000000080005 R11: 0000000000000246 R12: 00007f00d6aa96d4 [ 178.117543][ T7551] R13: 00000000004c4dce R14: 00000000004d8af8 R15: 00000000ffffffff [ 178.142425][ T7551] BUG: Bad page state in process syz-executor.3 pfn:752e4 [ 178.152013][ T7551] page:ffffea0001d4b900 count:0 mapcount:0 mapping:ffff8880911c4820 index:0x2 [ 178.162875][ T7551] shmem_aops [ 178.162881][ T7551] name:"memfd:}#*nodevem2N," [ 178.168710][ T7551] flags: 0x1fffc000008000c(uptodate|dirty|swapbacked) [ 178.180430][ T7551] raw: 01fffc000008000c dead000000000100 dead000000000200 ffff8880911c4820 [ 178.191600][ T7551] raw: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 178.220543][ T7551] page dumped because: non-NULL mapping [ 178.227512][ T7551] Modules linked in: [ 178.231565][ T7551] CPU: 0 PID: 7551 Comm: syz-executor.3 Tainted: G B 5.0.0-rc7-next-20190222 #41 [ 178.241970][ T7551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 178.252018][ T7551] Call Trace: [ 178.255314][ T7551] dump_stack+0x172/0x1f0 [ 178.259651][ T7551] bad_page.cold+0xda/0xff [ 178.264071][ T7551] ? si_mem_available+0x320/0x320 [ 178.269102][ T7551] ? trace_hardirqs_on+0x67/0x230 [ 178.274128][ T7551] ? kasan_check_read+0x11/0x20 [ 178.278980][ T7551] free_pages_check_bad+0x142/0x1a0 [ 178.284179][ T7551] free_unref_page+0x3c6/0x600 [ 178.288939][ T7551] __put_page+0x8d/0xd0 [ 178.293097][ T7551] page_cache_pipe_buf_release+0x12b/0x180 [ 178.298902][ T7551] iter_file_splice_write+0x7d1/0xbe0 [ 178.304274][ T7551] ? atime_needs_update+0x5f0/0x5f0 [ 178.309480][ T7551] ? page_cache_pipe_buf_confirm+0x2b0/0x2b0 [ 178.315488][ T7551] ? rw_verify_area+0x118/0x360 [ 178.320351][ T7551] ? page_cache_pipe_buf_confirm+0x2b0/0x2b0 [ 178.326326][ T7551] direct_splice_actor+0x126/0x1a0 [ 178.331435][ T7551] splice_direct_to_actor+0x369/0x970 [ 178.336811][ T7551] ? generic_pipe_buf_nosteal+0x10/0x10 [ 178.342363][ T7551] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 178.348605][ T7551] ? do_splice_to+0x190/0x190 [ 178.353281][ T7551] ? rw_verify_area+0x118/0x360 [ 178.358133][ T7551] do_splice_direct+0x1da/0x2a0 [ 178.362984][ T7551] ? splice_direct_to_actor+0x970/0x970 [ 178.368550][ T7551] ? rw_verify_area+0x118/0x360 [ 178.373398][ T7551] do_sendfile+0x597/0xd00 [ 178.377820][ T7551] ? do_compat_pwritev64+0x1c0/0x1c0 [ 178.383103][ T7551] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 178.389344][ T7551] ? put_timespec64+0xda/0x140 [ 178.394113][ T7551] __x64_sys_sendfile64+0x1dd/0x220 [ 178.399311][ T7551] ? __ia32_sys_sendfile+0x230/0x230 [ 178.404593][ T7551] ? do_syscall_64+0x26/0x610 [ 178.409266][ T7551] ? lockdep_hardirqs_on+0x418/0x5d0 [ 178.414560][ T7551] ? trace_hardirqs_on+0x67/0x230 [ 178.419588][ T7551] do_syscall_64+0x103/0x610 [ 178.424182][ T7551] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 178.430068][ T7551] RIP: 0033:0x457e29 [ 178.433964][ T7551] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 178.453561][ T7551] RSP: 002b:00007f00d6aa8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 178.461966][ T7551] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29 [ 178.469935][ T7551] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 178.477906][ T7551] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 178.485871][ T7551] R10: 0000000000080005 R11: 0000000000000246 R12: 00007f00d6aa96d4 [ 178.493834][ T7551] R13: 00000000004c4dce R14: 00000000004d8af8 R15: 00000000ffffffff [ 178.510553][ T7551] BUG: Bad page state in process syz-executor.3 pfn:752b3 [ 178.517894][ T7551] page:ffffea0001d4acc0 count:0 mapcount:0 mapping:ffff8880911c4820 index:0x3 [ 178.529249][ T7551] shmem_aops [ 178.529255][ T7551] name:"memfd:}#*nodevem2N," [ 178.532638][ T7551] flags: 0x1fffc000008000c(uptodate|dirty|swapbacked) [ 178.544358][ T7551] raw: 01fffc000008000c dead000000000100 dead000000000200 ffff8880911c4820 [ 178.555390][ T7551] raw: 0000000000000003 0000000000000000 00000000ffffffff 0000000000000000 [ 178.564220][ T7551] page dumped because: non-NULL mapping [ 178.572205][ T7551] Modules linked in: [ 178.576354][ T7551] CPU: 0 PID: 7551 Comm: syz-executor.3 Tainted: G B 5.0.0-rc7-next-20190222 #41 [ 178.586757][ T7551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 178.596807][ T7551] Call Trace: [ 178.600097][ T7551] dump_stack+0x172/0x1f0 [ 178.604430][ T7551] bad_page.cold+0xda/0xff [ 178.608843][ T7551] ? si_mem_available+0x320/0x320 [ 178.613864][ T7551] ? trace_hardirqs_on+0x67/0x230 [ 178.618888][ T7551] ? kasan_check_read+0x11/0x20 [ 178.623737][ T7551] free_pages_check_bad+0x142/0x1a0 [ 178.628937][ T7551] free_unref_page+0x3c6/0x600 [ 178.633697][ T7551] __put_page+0x8d/0xd0 [ 178.637854][ T7551] page_cache_pipe_buf_release+0x12b/0x180 [ 178.643655][ T7551] iter_file_splice_write+0x7d1/0xbe0 [ 178.649664][ T7551] ? atime_needs_update+0x5f0/0x5f0 [ 178.654864][ T7551] ? page_cache_pipe_buf_confirm+0x2b0/0x2b0 [ 178.660852][ T7551] ? rw_verify_area+0x118/0x360 [ 178.665704][ T7551] ? page_cache_pipe_buf_confirm+0x2b0/0x2b0 [ 178.671686][ T7551] direct_splice_actor+0x126/0x1a0 [ 178.676798][ T7551] splice_direct_to_actor+0x369/0x970 [ 178.682166][ T7551] ? generic_pipe_buf_nosteal+0x10/0x10 [ 178.687711][ T7551] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 178.693948][ T7551] ? do_splice_to+0x190/0x190 [ 178.698627][ T7551] ? rw_verify_area+0x118/0x360 [ 178.703494][ T7551] do_splice_direct+0x1da/0x2a0 [ 178.708343][ T7551] ? splice_direct_to_actor+0x970/0x970 [ 178.713891][ T7551] ? rw_verify_area+0x118/0x360 [ 178.718743][ T7551] do_sendfile+0x597/0xd00 [ 178.723160][ T7551] ? do_compat_pwritev64+0x1c0/0x1c0 [ 178.728440][ T7551] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 178.734693][ T7551] ? put_timespec64+0xda/0x140 [ 178.739462][ T7551] __x64_sys_sendfile64+0x1dd/0x220 [ 178.744671][ T7551] ? __ia32_sys_sendfile+0x230/0x230 [ 178.749955][ T7551] ? do_syscall_64+0x26/0x610 [ 178.754634][ T7551] ? lockdep_hardirqs_on+0x418/0x5d0 [ 178.759919][ T7551] ? trace_hardirqs_on+0x67/0x230 [ 178.764940][ T7551] do_syscall_64+0x103/0x610 [ 178.769530][ T7551] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 178.775417][ T7551] RIP: 0033:0x457e29 [ 178.779314][ T7551] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 178.798908][ T7551] RSP: 002b:00007f00d6aa8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 178.807312][ T7551] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29 [ 178.815276][ T7551] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 178.823331][ T7551] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 178.831296][ T7551] R10: 0000000000080005 R11: 0000000000000246 R12: 00007f00d6aa96d4 [ 178.839261][ T7551] R13: 00000000004c4dce R14: 00000000004d8af8 R15: 00000000ffffffff [ 178.852223][ T7551] BUG: Bad page state in process syz-executor.3 pfn:752bb [ 178.859556][ T7551] page:ffffea0001d4aec0 count:0 mapcount:0 mapping:ffff8880911c4820 index:0x4 [ 178.870931][ T7551] shmem_aops [ 178.870937][ T7551] name:"memfd:}#*nodevem2N," [ 178.874314][ T7551] flags: 0x1fffc000008000c(uptodate|dirty|swapbacked) [ 178.888259][ T7551] raw: 01fffc000008000c dead000000000100 dead000000000200 ffff8880911c4820 [ 178.896948][ T7551] raw: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 178.905606][ T7551] page dumped because: non-NULL mapping [ 178.914008][ T7551] Modules linked in: [ 178.918143][ T7551] CPU: 0 PID: 7551 Comm: syz-executor.3 Tainted: G B 5.0.0-rc7-next-20190222 #41 [ 178.928547][ T7551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 178.938593][ T7551] Call Trace: [ 178.941885][ T7551] dump_stack+0x172/0x1f0 [ 178.946214][ T7551] bad_page.cold+0xda/0xff [ 178.950631][ T7551] ? si_mem_available+0x320/0x320 [ 178.955655][ T7551] ? trace_hardirqs_on+0x67/0x230 [ 178.960678][ T7551] ? kasan_check_read+0x11/0x20 [ 178.965532][ T7551] free_pages_check_bad+0x142/0x1a0 [ 178.970739][ T7551] free_unref_page+0x3c6/0x600 [ 178.975505][ T7551] __put_page+0x8d/0xd0 [ 178.979665][ T7551] page_cache_pipe_buf_release+0x12b/0x180 [ 178.985488][ T7551] iter_file_splice_write+0x7d1/0xbe0 [ 178.990861][ T7551] ? atime_needs_update+0x5f0/0x5f0 [ 178.996066][ T7551] ? page_cache_pipe_buf_confirm+0x2b0/0x2b0 [ 179.002056][ T7551] ? rw_verify_area+0x118/0x360 [ 179.006903][ T7551] ? page_cache_pipe_buf_confirm+0x2b0/0x2b0 [ 179.012884][ T7551] direct_splice_actor+0x126/0x1a0 [ 179.017995][ T7551] splice_direct_to_actor+0x369/0x970 [ 179.023366][ T7551] ? generic_pipe_buf_nosteal+0x10/0x10 [ 179.028913][ T7551] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 179.035153][ T7551] ? do_splice_to+0x190/0x190 [ 179.039832][ T7551] ? rw_verify_area+0x118/0x360 [ 179.044685][ T7551] do_splice_direct+0x1da/0x2a0 [ 179.049539][ T7551] ? splice_direct_to_actor+0x970/0x970 [ 179.055090][ T7551] ? rw_verify_area+0x118/0x360 [ 179.059949][ T7551] do_sendfile+0x597/0xd00 [ 179.064373][ T7551] ? do_compat_pwritev64+0x1c0/0x1c0 [ 179.069658][ T7551] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 179.075895][ T7551] ? put_timespec64+0xda/0x140 [ 179.080662][ T7551] __x64_sys_sendfile64+0x1dd/0x220 [ 179.085865][ T7551] ? __ia32_sys_sendfile+0x230/0x230 [ 179.091153][ T7551] ? do_syscall_64+0x26/0x610 [ 179.095833][ T7551] ? lockdep_hardirqs_on+0x418/0x5d0 [ 179.101208][ T7551] ? trace_hardirqs_on+0x67/0x230 [ 179.106237][ T7551] do_syscall_64+0x103/0x610 [ 179.110834][ T7551] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 179.116722][ T7551] RIP: 0033:0x457e29 [ 179.120620][ T7551] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 179.140217][ T7551] RSP: 002b:00007f00d6aa8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 179.148629][ T7551] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29 [ 179.156600][ T7551] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 179.164568][ T7551] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 179.172535][ T7551] R10: 0000000000080005 R11: 0000000000000246 R12: 00007f00d6aa96d4 [ 179.180508][ T7551] R13: 00000000004c4dce R14: 00000000004d8af8 R15: 00000000ffffffff [ 179.195333][ T7551] BUG: Bad page state in process syz-executor.3 pfn:752ac [ 179.202636][ T7551] page:ffffea0001d4ab00 count:0 mapcount:0 mapping:ffff8880911c4820 index:0x5 [ 179.213983][ T7551] shmem_aops [ 179.213990][ T7551] name:"memfd:}#*nodevem2N," [ 179.217520][ T7551] flags: 0x1fffc000008000c(uptodate|dirty|swapbacked) [ 179.231907][ T7551] raw: 01fffc000008000c dead000000000100 dead000000000200 ffff8880911c4820 [ 179.240901][ T7551] raw: 0000000000000005 0000000000000000 00000000ffffffff 0000000000000000 [ 179.251887][ T7551] page dumped because: non-NULL mapping [ 179.257638][ T7551] Modules linked in: [ 179.261600][ T7551] CPU: 0 PID: 7551 Comm: syz-executor.3 Tainted: G B 5.0.0-rc7-next-20190222 #41 [ 179.272278][ T7551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 179.282328][ T7551] Call Trace: [ 179.285621][ T7551] dump_stack+0x172/0x1f0 [ 179.289958][ T7551] bad_page.cold+0xda/0xff [ 179.294375][ T7551] ? si_mem_available+0x320/0x320 [ 179.299398][ T7551] ? trace_hardirqs_on+0x67/0x230 [ 179.304464][ T7551] ? kasan_check_read+0x11/0x20 [ 179.309316][ T7551] free_pages_check_bad+0x142/0x1a0 [ 179.314517][ T7551] free_unref_page+0x3c6/0x600 [ 179.319279][ T7551] __put_page+0x8d/0xd0 [ 179.323453][ T7551] page_cache_pipe_buf_release+0x12b/0x180 [ 179.329258][ T7551] iter_file_splice_write+0x7d1/0xbe0 [ 179.334632][ T7551] ? atime_needs_update+0x5f0/0x5f0 [ 179.339835][ T7551] ? page_cache_pipe_buf_confirm+0x2b0/0x2b0 [ 179.345823][ T7551] ? rw_verify_area+0x118/0x360 [ 179.350675][ T7551] ? page_cache_pipe_buf_confirm+0x2b0/0x2b0 [ 179.356652][ T7551] direct_splice_actor+0x126/0x1a0 [ 179.361769][ T7551] splice_direct_to_actor+0x369/0x970 [ 179.367139][ T7551] ? generic_pipe_buf_nosteal+0x10/0x10 [ 179.372691][ T7551] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 179.378931][ T7551] ? do_splice_to+0x190/0x190 [ 179.383611][ T7551] ? rw_verify_area+0x118/0x360 [ 179.388465][ T7551] do_splice_direct+0x1da/0x2a0 [ 179.393315][ T7551] ? splice_direct_to_actor+0x970/0x970 [ 179.398862][ T7551] ? rw_verify_area+0x118/0x360 [ 179.403711][ T7551] do_sendfile+0x597/0xd00 [ 179.408131][ T7551] ? do_compat_pwritev64+0x1c0/0x1c0 [ 179.413426][ T7551] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 179.419672][ T7551] ? put_timespec64+0xda/0x140 [ 179.424457][ T7551] __x64_sys_sendfile64+0x1dd/0x220 [ 179.429656][ T7551] ? __ia32_sys_sendfile+0x230/0x230 [ 179.434945][ T7551] ? do_syscall_64+0x26/0x610 [ 179.439621][ T7551] ? lockdep_hardirqs_on+0x418/0x5d0 [ 179.444903][ T7551] ? trace_hardirqs_on+0x67/0x230 [ 179.449926][ T7551] do_syscall_64+0x103/0x610 [ 179.454518][ T7551] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 179.460424][ T7551] RIP: 0033:0x457e29 [ 179.464319][ T7551] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 179.483919][ T7551] RSP: 002b:00007f00d6aa8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 179.492328][ T7551] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29 [ 179.500293][ T7551] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 179.508258][ T7551] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 179.516223][ T7551] R10: 0000000000080005 R11: 0000000000000246 R12: 00007f00d6aa96d4 [ 179.524189][ T7551] R13: 00000000004c4dce R14: 00000000004d8af8 R15: 00000000ffffffff [ 179.537600][ T7551] BUG: Bad page state in process syz-executor.3 pfn:752be [ 179.544881][ T7551] page:ffffea0001d4af80 count:0 mapcount:0 mapping:ffff8880911c4820 index:0x6 [ 179.558052][ T7551] shmem_aops [ 179.558058][ T7551] name:"memfd:}#*nodevem2N," [ 179.561438][ T7551] flags: 0x1fffc000008000c(uptodate|dirty|swapbacked) [ 179.573848][ T7551] raw: 01fffc000008000c dead000000000100 dead000000000200 ffff8880911c4820 [ 179.584120][ T7551] raw: 0000000000000006 0000000000000000 00000000ffffffff 0000000000000000 [ 179.593623][ T7551] page dumped because: non-NULL mapping [ 179.600824][ T7551] Modules linked in: [ 179.604785][ T7551] CPU: 0 PID: 7551 Comm: syz-executor.3 Tainted: G B 5.0.0-rc7-next-20190222 #41 [ 179.615183][ T7551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 179.625228][ T7551] Call Trace: [ 179.628522][ T7551] dump_stack+0x172/0x1f0 [ 179.632852][ T7551] bad_page.cold+0xda/0xff [ 179.637270][ T7551] ? si_mem_available+0x320/0x320 [ 179.642294][ T7551] ? trace_hardirqs_on+0x67/0x230 [ 179.647318][ T7551] ? kasan_check_read+0x11/0x20 [ 179.652170][ T7551] free_pages_check_bad+0x142/0x1a0 [ 179.657366][ T7551] free_unref_page+0x3c6/0x600 [ 179.662146][ T7551] __put_page+0x8d/0xd0 [ 179.666302][ T7551] page_cache_pipe_buf_release+0x12b/0x180 [ 179.672107][ T7551] iter_file_splice_write+0x7d1/0xbe0 [ 179.677480][ T7551] ? atime_needs_update+0x5f0/0x5f0 [ 179.682681][ T7551] ? page_cache_pipe_buf_confirm+0x2b0/0x2b0 [ 179.688672][ T7551] ? rw_verify_area+0x118/0x360 [ 179.693522][ T7551] ? page_cache_pipe_buf_confirm+0x2b0/0x2b0 [ 179.699498][ T7551] direct_splice_actor+0x126/0x1a0 [ 179.704611][ T7551] splice_direct_to_actor+0x369/0x970 [ 179.709984][ T7551] ? generic_pipe_buf_nosteal+0x10/0x10 [ 179.715530][ T7551] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 179.721765][ T7551] ? do_splice_to+0x190/0x190 [ 179.726448][ T7551] ? rw_verify_area+0x118/0x360 [ 179.731297][ T7551] do_splice_direct+0x1da/0x2a0 [ 179.736145][ T7551] ? splice_direct_to_actor+0x970/0x970 [ 179.741692][ T7551] ? rw_verify_area+0x118/0x360 [ 179.746545][ T7551] do_sendfile+0x597/0xd00 [ 179.750964][ T7551] ? do_compat_pwritev64+0x1c0/0x1c0 [ 179.756244][ T7551] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 179.762480][ T7551] ? put_timespec64+0xda/0x140 [ 179.767251][ T7551] __x64_sys_sendfile64+0x1dd/0x220 [ 179.772448][ T7551] ? __ia32_sys_sendfile+0x230/0x230 [ 179.777818][ T7551] ? do_syscall_64+0x26/0x610 [ 179.782492][ T7551] ? lockdep_hardirqs_on+0x418/0x5d0 [ 179.787780][ T7551] ? trace_hardirqs_on+0x67/0x230 [ 179.792806][ T7551] do_syscall_64+0x103/0x610 [ 179.797418][ T7551] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 179.803303][ T7551] RIP: 0033:0x457e29 [ 179.807199][ T7551] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 179.826794][ T7551] RSP: 002b:00007f00d6aa8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 179.835198][ T7551] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29 [ 179.843166][ T7551] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 179.851129][ T7551] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 179.859097][ T7551] R10: 0000000000080005 R11: 0000000000000246 R12: 00007f00d6aa96d4 [ 179.867066][ T7551] R13: 00000000004c4dce R14: 00000000004d8af8 R15: 00000000ffffffff [ 179.879408][ T7551] BUG: Bad page state in process syz-executor.3 pfn:752c1 [ 179.886701][ T7551] page:ffffea0001d4b040 count:0 mapcount:0 mapping:ffff8880911c4820 index:0x7 [ 179.895596][ T7551] shmem_aops [ 179.895602][ T7551] name:"memfd:}#*nodevem2N," [ 179.901288][ T7551] flags: 0x1fffc000008000c(uptodate|dirty|swapbacked) [ 179.912898][ T7551] raw: 01fffc000008000c dead000000000100 dead000000000200 ffff8880911c4820 [ 179.923761][ T7551] raw: 0000000000000007 0000000000000000 00000000ffffffff 0000000000000000 [ 179.932420][ T7551] page dumped because: non-NULL mapping [ 179.940325][ T7551] Modules linked in: [ 179.944302][ T7551] CPU: 0 PID: 7551 Comm: syz-executor.3 Tainted: G B 5.0.0-rc7-next-20190222 #41 [ 179.954701][ T7551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 179.964749][ T7551] Call Trace: [ 179.968040][ T7551] dump_stack+0x172/0x1f0 [ 179.972389][ T7551] bad_page.cold+0xda/0xff [ 179.976809][ T7551] ? si_mem_available+0x320/0x320 [ 179.981835][ T7551] ? trace_hardirqs_on+0x67/0x230 [ 179.986855][ T7551] ? kasan_check_read+0x11/0x20 [ 179.991710][ T7551] free_pages_check_bad+0x142/0x1a0 [ 179.996904][ T7551] free_unref_page+0x3c6/0x600 [ 180.001670][ T7551] __put_page+0x8d/0xd0 [ 180.005823][ T7551] page_cache_pipe_buf_release+0x12b/0x180 [ 180.011633][ T7551] iter_file_splice_write+0x7d1/0xbe0 [ 180.017001][ T7551] ? atime_needs_update+0x5f0/0x5f0 [ 180.022201][ T7551] ? page_cache_pipe_buf_confirm+0x2b0/0x2b0 [ 180.028189][ T7551] ? rw_verify_area+0x118/0x360 [ 180.033041][ T7551] ? page_cache_pipe_buf_confirm+0x2b0/0x2b0 [ 180.039020][ T7551] direct_splice_actor+0x126/0x1a0 [ 180.044131][ T7551] splice_direct_to_actor+0x369/0x970 [ 180.049500][ T7551] ? generic_pipe_buf_nosteal+0x10/0x10 [ 180.055044][ T7551] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 180.061283][ T7551] ? do_splice_to+0x190/0x190 [ 180.065962][ T7551] ? rw_verify_area+0x118/0x360 [ 180.070813][ T7551] do_splice_direct+0x1da/0x2a0 [ 180.075662][ T7551] ? splice_direct_to_actor+0x970/0x970 [ 180.081212][ T7551] ? rw_verify_area+0x118/0x360 [ 180.086062][ T7551] do_sendfile+0x597/0xd00 [ 180.090483][ T7551] ? do_compat_pwritev64+0x1c0/0x1c0 [ 180.095765][ T7551] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 180.102527][ T7551] ? put_timespec64+0xda/0x140 [ 180.107300][ T7551] __x64_sys_sendfile64+0x1dd/0x220 [ 180.112498][ T7551] ? __ia32_sys_sendfile+0x230/0x230 [ 180.117779][ T7551] ? do_syscall_64+0x26/0x610 [ 180.122454][ T7551] ? lockdep_hardirqs_on+0x418/0x5d0 [ 180.127737][ T7551] ? trace_hardirqs_on+0x67/0x230 [ 180.132765][ T7551] do_syscall_64+0x103/0x610 [ 180.137370][ T7551] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 180.143255][ T7551] RIP: 0033:0x457e29 [ 180.147148][ T7551] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 180.166749][ T7551] RSP: 002b:00007f00d6aa8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 180.175155][ T7551] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29 [ 180.183120][ T7551] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 180.191090][ T7551] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 180.199055][ T7551] R10: 0000000000080005 R11: 0000000000000246 R12: 00007f00d6aa96d4 [ 180.207021][ T7551] R13: 00000000004c4dce R14: 00000000004d8af8 R15: 00000000ffffffff [ 180.219487][ T7551] BUG: Bad page state in process syz-executor.3 pfn:752c0 [ 180.226745][ T7551] page:ffffea0001d4b000 count:0 mapcount:0 mapping:ffff8880911c4820 index:0x8 [ 180.235638][ T7551] shmem_aops [ 180.235644][ T7551] name:"memfd:}#*nodevem2N," [ 180.241142][ T7551] flags: 0x1fffc000008000c(uptodate|dirty|swapbacked) [ 180.252641][ T7551] raw: 01fffc000008000c dead000000000100 dead000000000200 ffff8880911c4820 [ 180.263447][ T7551] raw: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 180.273610][ T7551] page dumped because: non-NULL mapping [ 180.281371][ T7551] Modules linked in: [ 180.285313][ T7551] CPU: 0 PID: 7551 Comm: syz-executor.3 Tainted: G B 5.0.0-rc7-next-20190222 #41 [ 180.295725][ T7551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 180.305770][ T7551] Call Trace: [ 180.309060][ T7551] dump_stack+0x172/0x1f0 [ 180.313406][ T7551] bad_page.cold+0xda/0xff [ 180.317820][ T7551] ? si_mem_available+0x320/0x320 [ 180.322846][ T7551] ? trace_hardirqs_on+0x67/0x230 [ 180.327866][ T7551] ? kasan_check_read+0x11/0x20 [ 180.332718][ T7551] free_pages_check_bad+0x142/0x1a0 [ 180.337920][ T7551] free_unref_page+0x3c6/0x600 [ 180.342685][ T7551] __put_page+0x8d/0xd0 [ 180.346844][ T7551] page_cache_pipe_buf_release+0x12b/0x180 [ 180.352650][ T7551] iter_file_splice_write+0x7d1/0xbe0 [ 180.358021][ T7551] ? atime_needs_update+0x5f0/0x5f0 [ 180.363226][ T7551] ? page_cache_pipe_buf_confirm+0x2b0/0x2b0 [ 180.369215][ T7551] ? rw_verify_area+0x118/0x360 [ 180.374061][ T7551] ? page_cache_pipe_buf_confirm+0x2b0/0x2b0 [ 180.380042][ T7551] direct_splice_actor+0x126/0x1a0 [ 180.385156][ T7551] splice_direct_to_actor+0x369/0x970 [ 180.390526][ T7551] ? generic_pipe_buf_nosteal+0x10/0x10 [ 180.396071][ T7551] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 180.402306][ T7551] ? do_splice_to+0x190/0x190 [ 180.406998][ T7551] ? rw_verify_area+0x118/0x360 [ 180.411848][ T7551] do_splice_direct+0x1da/0x2a0 [ 180.416700][ T7551] ? splice_direct_to_actor+0x970/0x970 [ 180.422250][ T7551] ? rw_verify_area+0x118/0x360 [ 180.427098][ T7551] do_sendfile+0x597/0xd00 [ 180.431517][ T7551] ? do_compat_pwritev64+0x1c0/0x1c0 [ 180.436799][ T7551] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 180.443034][ T7551] ? put_timespec64+0xda/0x140 [ 180.447803][ T7551] __x64_sys_sendfile64+0x1dd/0x220 [ 180.453006][ T7551] ? __ia32_sys_sendfile+0x230/0x230 [ 180.458290][ T7551] ? do_syscall_64+0x26/0x610 [ 180.462982][ T7551] ? lockdep_hardirqs_on+0x418/0x5d0 [ 180.468264][ T7551] ? trace_hardirqs_on+0x67/0x230 [ 180.473291][ T7551] do_syscall_64+0x103/0x610 [ 180.477900][ T7551] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 180.483788][ T7551] RIP: 0033:0x457e29 [ 180.487682][ T7551] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 180.507283][ T7551] RSP: 002b:00007f00d6aa8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 180.515707][ T7551] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29 [ 180.523676][ T7551] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 180.531645][ T7551] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 180.539615][ T7551] R10: 0000000000080005 R11: 0000000000000246 R12: 00007f00d6aa96d4 [ 180.547930][ T7551] R13: 00000000004c4dce R14: 00000000004d8af8 R15: 00000000ffffffff [ 180.561035][ T7551] BUG: Bad page state in process syz-executor.3 pfn:752bf [ 180.568325][ T7551] page:ffffea0001d4afc0 count:0 mapcount:0 mapping:ffff8880911c4820 index:0x9 [ 180.579432][ T7551] shmem_aops [ 180.579439][ T7551] name:"memfd:}#*nodevem2N," [ 180.582768][ T7551] flags: 0x1fffc000008000c(uptodate|dirty|swapbacked) [ 180.598468][ T7551] raw: 01fffc000008000c dead000000000100 dead000000000200 ffff8880911c4820 [ 180.607107][ T7551] raw: 0000000000000009 0000000000000000 00000000ffffffff 0000000000000000 [ 180.615717][ T7551] page dumped because: non-NULL mapping [ 180.623510][ T7551] Modules linked in: [ 180.627485][ T7551] CPU: 0 PID: 7551 Comm: syz-executor.3 Tainted: G B 5.0.0-rc7-next-20190222 #41 [ 180.637888][ T7551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 180.647939][ T7551] Call Trace: [ 180.651229][ T7551] dump_stack+0x172/0x1f0 [ 180.655572][ T7551] bad_page.cold+0xda/0xff [ 180.659985][ T7551] ? si_mem_available+0x320/0x320 [ 180.665009][ T7551] ? trace_hardirqs_on+0x67/0x230 [ 180.670035][ T7551] ? kasan_check_read+0x11/0x20 [ 180.674888][ T7551] free_pages_check_bad+0x142/0x1a0 [ 180.680100][ T7551] free_unref_page+0x3c6/0x600 [ 180.684862][ T7551] __put_page+0x8d/0xd0 [ 180.689018][ T7551] page_cache_pipe_buf_release+0x12b/0x180 [ 180.694818][ T7551] iter_file_splice_write+0x7d1/0xbe0 [ 180.700189][ T7551] ? atime_needs_update+0x5f0/0x5f0 [ 180.705393][ T7551] ? page_cache_pipe_buf_confirm+0x2b0/0x2b0 [ 180.711377][ T7551] ? rw_verify_area+0x118/0x360 [ 180.716223][ T7551] ? page_cache_pipe_buf_confirm+0x2b0/0x2b0 [ 180.722200][ T7551] direct_splice_actor+0x126/0x1a0 [ 180.727321][ T7551] splice_direct_to_actor+0x369/0x970 [ 180.732688][ T7551] ? generic_pipe_buf_nosteal+0x10/0x10 [ 180.738237][ T7551] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 180.744471][ T7551] ? do_splice_to+0x190/0x190 [ 180.749147][ T7551] ? rw_verify_area+0x118/0x360 [ 180.753999][ T7551] do_splice_direct+0x1da/0x2a0 [ 180.758846][ T7551] ? splice_direct_to_actor+0x970/0x970 [ 180.764397][ T7551] ? rw_verify_area+0x118/0x360 [ 180.769248][ T7551] do_sendfile+0x597/0xd00 [ 180.773681][ T7551] ? do_compat_pwritev64+0x1c0/0x1c0 [ 180.778961][ T7551] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 180.785199][ T7551] ? put_timespec64+0xda/0x140 [ 180.789966][ T7551] __x64_sys_sendfile64+0x1dd/0x220 [ 180.795162][ T7551] ? __ia32_sys_sendfile+0x230/0x230 [ 180.800442][ T7551] ? do_syscall_64+0x26/0x610 [ 180.805119][ T7551] ? lockdep_hardirqs_on+0x418/0x5d0 [ 180.810405][ T7551] ? trace_hardirqs_on+0x67/0x230 [ 180.815430][ T7551] do_syscall_64+0x103/0x610 [ 180.820024][ T7551] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 180.825908][ T7551] RIP: 0033:0x457e29 [ 180.829804][ T7551] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 180.849400][ T7551] RSP: 002b:00007f00d6aa8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 180.857809][ T7551] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29 [ 180.865774][ T7551] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 180.873740][ T7551] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 180.881711][ T7551] R10: 0000000000080005 R11: 0000000000000246 R12: 00007f00d6aa96d4 [ 180.889681][ T7551] R13: 00000000004c4dce R14: 00000000004d8af8 R15: 00000000ffffffff [ 180.898780][ T7551] BUG: Bad page state in process syz-executor.3 pfn:752c3 [ 180.906325][ T7551] page:ffffea0001d4b0c0 count:0 mapcount:0 mapping:ffff8880911c4820 index:0xa [ 180.915177][ T7551] shmem_aops [ 180.915182][ T7551] name:"memfd:}#*nodevem2N," [ 180.918646][ T7551] flags: 0x1fffc000008000c(uptodate|dirty|swapbacked) [ 180.930255][ T7551] raw: 01fffc000008000c dead000000000100 dead000000000200 ffff8880911c4820 [ 180.939337][ T7551] raw: 000000000000000a 0000000000000000 00000000ffffffff 0000000000000000 [ 180.948094][ T7551] page dumped because: non-NULL mapping [ 180.953635][ T7551] Modules linked in: [ 180.957702][ T7551] CPU: 1 PID: 7551 Comm: syz-executor.3 Tainted: G B 5.0.0-rc7-next-20190222 #41 [ 180.968101][ T7551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 180.978147][ T7551] Call Trace: [ 180.981434][ T7551] dump_stack+0x172/0x1f0 [ 180.985766][ T7551] bad_page.cold+0xda/0xff [ 180.990194][ T7551] ? si_mem_available+0x320/0x320 [ 180.995217][ T7551] ? trace_hardirqs_on+0x67/0x230 [ 181.000239][ T7551] ? kasan_check_read+0x11/0x20 [ 181.005106][ T7551] free_pages_check_bad+0x142/0x1a0 [ 181.010311][ T7551] free_unref_page+0x3c6/0x600 [ 181.015072][ T7551] __put_page+0x8d/0xd0 [ 181.019224][ T7551] page_cache_pipe_buf_release+0x12b/0x180 [ 181.025042][ T7551] iter_file_splice_write+0x7d1/0xbe0 [ 181.030411][ T7551] ? atime_needs_update+0x5f0/0x5f0 [ 181.035611][ T7551] ? page_cache_pipe_buf_confirm+0x2b0/0x2b0 [ 181.041601][ T7551] ? rw_verify_area+0x118/0x360 [ 181.046446][ T7551] ? page_cache_pipe_buf_confirm+0x2b0/0x2b0 [ 181.052422][ T7551] direct_splice_actor+0x126/0x1a0 [ 181.057536][ T7551] splice_direct_to_actor+0x369/0x970 [ 181.062906][ T7551] ? generic_pipe_buf_nosteal+0x10/0x10 [ 181.068454][ T7551] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 181.074691][ T7551] ? do_splice_to+0x190/0x190 [ 181.079366][ T7551] ? rw_verify_area+0x118/0x360 [ 181.084217][ T7551] do_splice_direct+0x1da/0x2a0 [ 181.089081][ T7551] ? splice_direct_to_actor+0x970/0x970 [ 181.094631][ T7551] ? rw_verify_area+0x118/0x360 [ 181.099482][ T7551] do_sendfile+0x597/0xd00 [ 181.103902][ T7551] ? do_compat_pwritev64+0x1c0/0x1c0 [ 181.109186][ T7551] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 181.115424][ T7551] ? put_timespec64+0xda/0x140 [ 181.120193][ T7551] __x64_sys_sendfile64+0x1dd/0x220 [ 181.125388][ T7551] ? __ia32_sys_sendfile+0x230/0x230 [ 181.130669][ T7551] ? do_syscall_64+0x26/0x610 [ 181.135344][ T7551] ? lockdep_hardirqs_on+0x418/0x5d0 [ 181.140629][ T7551] ? trace_hardirqs_on+0x67/0x230 [ 181.145653][ T7551] do_syscall_64+0x103/0x610 [ 181.150266][ T7551] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 181.156155][ T7551] RIP: 0033:0x457e29 [ 181.160050][ T7551] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 181.179651][ T7551] RSP: 002b:00007f00d6aa8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 181.188057][ T7551] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29 [ 181.196022][ T7551] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 181.203988][ T7551] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 181.211960][ T7551] R10: 0000000000080005 R11: 0000000000000246 R12: 00007f00d6aa96d4 [ 181.219926][ T7551] R13: 00000000004c4dce R14: 00000000004d8af8 R15: 00000000ffffffff [ 181.229442][ T7551] BUG: Bad page state in process syz-executor.3 pfn:752e2 [ 181.236673][ T7551] page:ffffea0001d4b880 count:0 mapcount:0 mapping:ffff8880911c4820 index:0xb [ 181.245515][ T7551] shmem_aops [ 181.245520][ T7551] name:"memfd:}#*nodevem2N," [ 181.249059][ T7551] flags: 0x1fffc000008000c(uptodate|dirty|swapbacked) [ 181.260692][ T7551] raw: 01fffc000008000c dead000000000100 dead000000000200 ffff8880911c4820 [ 181.270010][ T7551] raw: 000000000000000b 0000000000000000 00000000ffffffff 0000000000000000 [ 181.278739][ T7551] page dumped because: non-NULL mapping [ 181.284277][ T7551] Modules linked in: [ 181.288360][ T7551] CPU: 1 PID: 7551 Comm: syz-executor.3 Tainted: G B 5.0.0-rc7-next-20190222 #41 [ 181.298764][ T7551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 181.308809][ T7551] Call Trace: [ 181.312100][ T7551] dump_stack+0x172/0x1f0 [ 181.316436][ T7551] bad_page.cold+0xda/0xff [ 181.320853][ T7551] ? si_mem_available+0x320/0x320 [ 181.325872][ T7551] ? trace_hardirqs_on+0x67/0x230 [ 181.330894][ T7551] ? kasan_check_read+0x11/0x20 [ 181.335745][ T7551] free_pages_check_bad+0x142/0x1a0 [ 181.340945][ T7551] free_unref_page+0x3c6/0x600 [ 181.345713][ T7551] __put_page+0x8d/0xd0 [ 181.349871][ T7551] page_cache_pipe_buf_release+0x12b/0x180 [ 181.355672][ T7551] iter_file_splice_write+0x7d1/0xbe0 [ 181.361038][ T7551] ? atime_needs_update+0x5f0/0x5f0 [ 181.366257][ T7551] ? page_cache_pipe_buf_confirm+0x2b0/0x2b0 [ 181.372263][ T7551] ? rw_verify_area+0x118/0x360 [ 181.377109][ T7551] ? page_cache_pipe_buf_confirm+0x2b0/0x2b0 [ 181.383085][ T7551] direct_splice_actor+0x126/0x1a0 [ 181.388196][ T7551] splice_direct_to_actor+0x369/0x970 [ 181.393581][ T7551] ? generic_pipe_buf_nosteal+0x10/0x10 [ 181.399127][ T7551] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 181.405363][ T7551] ? do_splice_to+0x190/0x190 [ 181.410038][ T7551] ? rw_verify_area+0x118/0x360 [ 181.414888][ T7551] do_splice_direct+0x1da/0x2a0 [ 181.419735][ T7551] ? splice_direct_to_actor+0x970/0x970 [ 181.425281][ T7551] ? rw_verify_area+0x118/0x360 [ 181.430133][ T7551] do_sendfile+0x597/0xd00 [ 181.434557][ T7551] ? do_compat_pwritev64+0x1c0/0x1c0 [ 181.439841][ T7551] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 181.446080][ T7551] ? put_timespec64+0xda/0x140 [ 181.450847][ T7551] __x64_sys_sendfile64+0x1dd/0x220 [ 181.456041][ T7551] ? __ia32_sys_sendfile+0x230/0x230 [ 181.461328][ T7551] ? do_syscall_64+0x26/0x610 [ 181.466003][ T7551] ? lockdep_hardirqs_on+0x418/0x5d0 [ 181.471298][ T7551] ? trace_hardirqs_on+0x67/0x230 [ 181.476321][ T7551] do_syscall_64+0x103/0x610 [ 181.480916][ T7551] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 181.486805][ T7551] RIP: 0033:0x457e29 [ 181.490700][ T7551] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 181.510303][ T7551] RSP: 002b:00007f00d6aa8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 181.518712][ T7551] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29 [ 181.526678][ T7551] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 181.534663][ T7551] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 181.542633][ T7551] R10: 0000000000080005 R11: 0000000000000246 R12: 00007f00d6aa96d4 [ 181.550599][ T7551] R13: 00000000004c4dce R14: 00000000004d8af8 R15: 00000000ffffffff [ 181.561718][ T7551] BUG: Bad page state in process syz-executor.3 pfn:752c6 [ 181.573738][ T7551] page:ffffea0001d4b180 count:0 mapcount:0 mapping:ffff8880911c4820 index:0xc [ 181.582793][ T7551] shmem_aops [ 181.582798][ T7551] name:"memfd:}#*nodevem2N," [ 181.588368][ T7551] flags: 0x1fffc000008000c(uptodate|dirty|swapbacked) [ 181.600009][ T7551] raw: 01fffc000008000c dead000000000100 dead000000000200 ffff8880911c4820 [ 181.610882][ T7551] raw: 000000000000000c 0000000000000000 00000000ffffffff 0000000000000000 [ 181.619613][ T7551] page dumped because: non-NULL mapping [ 181.625146][ T7551] Modules linked in: [ 181.631386][ T7551] CPU: 1 PID: 7551 Comm: syz-executor.3 Tainted: G B 5.0.0-rc7-next-20190222 #41 [ 181.641879][ T7551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 181.651925][ T7551] Call Trace: [ 181.655232][ T7551] dump_stack+0x172/0x1f0 [ 181.659566][ T7551] bad_page.cold+0xda/0xff [ 181.663983][ T7551] ? si_mem_available+0x320/0x320 [ 181.669006][ T7551] ? trace_hardirqs_on+0x67/0x230 [ 181.674029][ T7551] ? kasan_check_read+0x11/0x20 [ 181.678882][ T7551] free_pages_check_bad+0x142/0x1a0 [ 181.684080][ T7551] free_unref_page+0x3c6/0x600 [ 181.688841][ T7551] __put_page+0x8d/0xd0 [ 181.692995][ T7551] page_cache_pipe_buf_release+0x12b/0x180 [ 181.698801][ T7551] iter_file_splice_write+0x7d1/0xbe0 [ 181.704170][ T7551] ? atime_needs_update+0x5f0/0x5f0 [ 181.709393][ T7551] ? page_cache_pipe_buf_confirm+0x2b0/0x2b0 [ 181.715381][ T7551] ? rw_verify_area+0x118/0x360 [ 181.720243][ T7551] ? page_cache_pipe_buf_confirm+0x2b0/0x2b0 [ 181.726236][ T7551] direct_splice_actor+0x126/0x1a0 [ 181.731345][ T7551] splice_direct_to_actor+0x369/0x970 [ 181.736713][ T7551] ? generic_pipe_buf_nosteal+0x10/0x10 [ 181.742263][ T7551] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 181.748499][ T7551] ? do_splice_to+0x190/0x190 [ 181.753173][ T7551] ? rw_verify_area+0x118/0x360 [ 181.758036][ T7551] do_splice_direct+0x1da/0x2a0 [ 181.762888][ T7551] ? splice_direct_to_actor+0x970/0x970 [ 181.768435][ T7551] ? rw_verify_area+0x118/0x360 [ 181.773283][ T7551] do_sendfile+0x597/0xd00 [ 181.777704][ T7551] ? do_compat_pwritev64+0x1c0/0x1c0 [ 181.782987][ T7551] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 181.789246][ T7551] ? put_timespec64+0xda/0x140 [ 181.794014][ T7551] __x64_sys_sendfile64+0x1dd/0x220 [ 181.799223][ T7551] ? __ia32_sys_sendfile+0x230/0x230 [ 181.804505][ T7551] ? do_syscall_64+0x26/0x610 [ 181.809199][ T7551] ? lockdep_hardirqs_on+0x418/0x5d0 [ 181.814485][ T7551] ? trace_hardirqs_on+0x67/0x230 [ 181.819509][ T7551] do_syscall_64+0x103/0x610 [ 181.824106][ T7551] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 181.829999][ T7551] RIP: 0033:0x457e29 [ 181.833895][ T7551] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 181.853491][ T7551] RSP: 002b:00007f00d6aa8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 181.861897][ T7551] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29 [ 181.869861][ T7551] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 181.877828][ T7551] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 181.885793][ T7551] R10: 0000000000080005 R11: 0000000000000246 R12: 00007f00d6aa96d4 [ 181.893764][ T7551] R13: 00000000004c4dce R14: 00000000004d8af8 R15: 00000000ffffffff [ 181.907958][ T7551] BUG: Bad page state in process syz-executor.3 pfn:752cb [ 181.915163][ T7551] page:ffffea0001d4b2c0 count:0 mapcount:0 mapping:ffff8880911c4820 index:0xd [ 181.925668][ T7551] shmem_aops [ 181.925673][ T7551] name:"memfd:}#*nodevem2N," [ 181.929828][ T7551] flags: 0x1fffc000008000c(uptodate|dirty|swapbacked) [ 181.942846][ T7551] raw: 01fffc000008000c dead000000000100 dead000000000200 ffff8880911c4820 [ 181.952499][ T7551] raw: 000000000000000d 0000000000000000 00000000ffffffff 0000000000000000 [ 181.962670][ T7551] page dumped because: non-NULL mapping [ 181.968994][ T7551] Modules linked in: [ 181.972907][ T7551] CPU: 0 PID: 7551 Comm: syz-executor.3 Tainted: G B 5.0.0-rc7-next-20190222 #41 [ 181.983301][ T7551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 181.993346][ T7551] Call Trace: [ 181.996638][ T7551] dump_stack+0x172/0x1f0 [ 182.000967][ T7551] bad_page.cold+0xda/0xff [ 182.005383][ T7551] ? si_mem_available+0x320/0x320 [ 182.010404][ T7551] ? trace_hardirqs_on+0x67/0x230 [ 182.015435][ T7551] ? kasan_check_read+0x11/0x20 [ 182.020290][ T7551] free_pages_check_bad+0x142/0x1a0 [ 182.025487][ T7551] free_unref_page+0x3c6/0x600 [ 182.030255][ T7551] __put_page+0x8d/0xd0 [ 182.034409][ T7551] page_cache_pipe_buf_release+0x12b/0x180 [ 182.040219][ T7551] iter_file_splice_write+0x7d1/0xbe0 [ 182.045587][ T7551] ? atime_needs_update+0x5f0/0x5f0 [ 182.050793][ T7551] ? page_cache_pipe_buf_confirm+0x2b0/0x2b0 [ 182.056780][ T7551] ? rw_verify_area+0x118/0x360 [ 182.061628][ T7551] ? page_cache_pipe_buf_confirm+0x2b0/0x2b0 [ 182.067602][ T7551] direct_splice_actor+0x126/0x1a0 [ 182.072715][ T7551] splice_direct_to_actor+0x369/0x970 [ 182.078089][ T7551] ? generic_pipe_buf_nosteal+0x10/0x10 [ 182.083635][ T7551] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 182.089870][ T7551] ? do_splice_to+0x190/0x190 [ 182.094547][ T7551] ? rw_verify_area+0x118/0x360 [ 182.099904][ T7551] do_splice_direct+0x1da/0x2a0 [ 182.104752][ T7551] ? splice_direct_to_actor+0x970/0x970 [ 182.110304][ T7551] ? rw_verify_area+0x118/0x360 [ 182.115165][ T7551] do_sendfile+0x597/0xd00 [ 182.119590][ T7551] ? do_compat_pwritev64+0x1c0/0x1c0 [ 182.124879][ T7551] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 182.131118][ T7551] ? put_timespec64+0xda/0x140 [ 182.135900][ T7551] __x64_sys_sendfile64+0x1dd/0x220 [ 182.141096][ T7551] ? __ia32_sys_sendfile+0x230/0x230 [ 182.146378][ T7551] ? do_syscall_64+0x26/0x610 [ 182.151058][ T7551] ? lockdep_hardirqs_on+0x418/0x5d0 [ 182.156347][ T7551] ? trace_hardirqs_on+0x67/0x230 [ 182.161371][ T7551] do_syscall_64+0x103/0x610 [ 182.165964][ T7551] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 182.171854][ T7551] RIP: 0033:0x457e29 [ 182.175747][ T7551] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 182.195347][ T7551] RSP: 002b:00007f00d6aa8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 182.203757][ T7551] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29 [ 182.211722][ T7551] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 182.219693][ T7551] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 182.227669][ T7551] R10: 0000000000080005 R11: 0000000000000246 R12: 00007f00d6aa96d4 [ 182.235635][ T7551] R13: 00000000004c4dce R14: 00000000004d8af8 R15: 00000000ffffffff [ 182.247233][ T7551] BUG: Bad page state in process syz-executor.3 pfn:752c7 [ 182.254434][ T7551] page:ffffea0001d4b1c0 count:0 mapcount:0 mapping:ffff8880911c4820 index:0xe [ 182.265350][ T7551] shmem_aops [ 182.265355][ T7551] name:"memfd:}#*nodevem2N," [ 182.270718][ T7551] flags: 0x1fffc000008000c(uptodate|dirty|swapbacked) [ 182.284165][ T7551] raw: 01fffc000008000c dead000000000100 dead000000000200 ffff8880911c4820 [ 182.293291][ T7551] raw: 000000000000000e 0000000000000000 00000000ffffffff 0000000000000000 [ 182.303789][ T7551] page dumped because: non-NULL mapping [ 182.309852][ T7551] Modules linked in: [ 182.313757][ T7551] CPU: 0 PID: 7551 Comm: syz-executor.3 Tainted: G B 5.0.0-rc7-next-20190222 #41 [ 182.324169][ T7551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 182.334215][ T7551] Call Trace: [ 182.337506][ T7551] dump_stack+0x172/0x1f0 [ 182.341837][ T7551] bad_page.cold+0xda/0xff [ 182.346255][ T7551] ? si_mem_available+0x320/0x320 [ 182.351275][ T7551] ? trace_hardirqs_on+0x67/0x230 [ 182.356301][ T7551] ? kasan_check_read+0x11/0x20 [ 182.361166][ T7551] free_pages_check_bad+0x142/0x1a0 [ 182.366362][ T7551] free_unref_page+0x3c6/0x600 [ 182.371125][ T7551] __put_page+0x8d/0xd0 [ 182.375300][ T7551] page_cache_pipe_buf_release+0x12b/0x180 [ 182.381102][ T7551] iter_file_splice_write+0x7d1/0xbe0 [ 182.386490][ T7551] ? atime_needs_update+0x5f0/0x5f0 [ 182.391693][ T7551] ? page_cache_pipe_buf_confirm+0x2b0/0x2b0 [ 182.397683][ T7551] ? rw_verify_area+0x118/0x360 [ 182.402534][ T7551] ? page_cache_pipe_buf_confirm+0x2b0/0x2b0 [ 182.408512][ T7551] direct_splice_actor+0x126/0x1a0 [ 182.413625][ T7551] splice_direct_to_actor+0x369/0x970 [ 182.418997][ T7551] ? generic_pipe_buf_nosteal+0x10/0x10 [ 182.424541][ T7551] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 182.430775][ T7551] ? do_splice_to+0x190/0x190 [ 182.435454][ T7551] ? rw_verify_area+0x118/0x360 [ 182.440304][ T7551] do_splice_direct+0x1da/0x2a0 [ 182.445166][ T7551] ? splice_direct_to_actor+0x970/0x970 [ 182.450712][ T7551] ? rw_verify_area+0x118/0x360 [ 182.455562][ T7551] do_sendfile+0x597/0xd00 [ 182.459984][ T7551] ? do_compat_pwritev64+0x1c0/0x1c0 [ 182.465264][ T7551] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 182.471505][ T7551] ? put_timespec64+0xda/0x140 [ 182.476271][ T7551] __x64_sys_sendfile64+0x1dd/0x220 [ 182.481468][ T7551] ? __ia32_sys_sendfile+0x230/0x230 [ 182.486749][ T7551] ? do_syscall_64+0x26/0x610 [ 182.491424][ T7551] ? lockdep_hardirqs_on+0x418/0x5d0 [ 182.496710][ T7551] ? trace_hardirqs_on+0x67/0x230 [ 182.501735][ T7551] do_syscall_64+0x103/0x610 [ 182.506327][ T7551] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 182.512215][ T7551] RIP: 0033:0x457e29 [ 182.516108][ T7551] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 182.535724][ T7551] RSP: 002b:00007f00d6aa8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 182.544150][ T7551] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29 [ 182.552134][ T7551] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 182.560105][ T7551] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 182.568092][ T7551] R10: 0000000000080005 R11: 0000000000000246 R12: 00007f00d6aa96d4 [ 182.576074][ T7551] R13: 00000000004c4dce R14: 00000000004d8af8 R15: 00000000ffffffff [ 182.589487][ T7551] BUG: Bad page state in process syz-executor.3 pfn:752f4 [ 182.598150][ T7551] page:ffffea0001d4bd00 count:0 mapcount:0 mapping:ffff8880911c4820 index:0xf [ 182.607930][ T7551] shmem_aops [ 182.607935][ T7551] name:"memfd:}#*nodevem2N," [ 182.611225][ T7551] flags: 0x1fffc000008000c(uptodate|dirty|swapbacked) [ 182.624264][ T7551] raw: 01fffc000008000c dead000000000100 dead000000000200 ffff8880911c4820 [ 182.633727][ T7551] raw: 000000000000000f 0000000000000000 00000000ffffffff 0000000000000000 [ 182.643855][ T7551] page dumped because: non-NULL mapping [ 182.650299][ T7551] Modules linked in: [ 182.654203][ T7551] CPU: 0 PID: 7551 Comm: syz-executor.3 Tainted: G B 5.0.0-rc7-next-20190222 #41 [ 182.664598][ T7551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 182.674647][ T7551] Call Trace: [ 182.677935][ T7551] dump_stack+0x172/0x1f0 [ 182.682271][ T7551] bad_page.cold+0xda/0xff [ 182.686686][ T7551] ? si_mem_available+0x320/0x320 [ 182.691714][ T7551] ? trace_hardirqs_on+0x67/0x230 [ 182.696735][ T7551] ? kasan_check_read+0x11/0x20 [ 182.701583][ T7551] free_pages_check_bad+0x142/0x1a0 [ 182.706783][ T7551] free_unref_page+0x3c6/0x600 [ 182.711545][ T7551] __put_page+0x8d/0xd0 [ 182.715697][ T7551] page_cache_pipe_buf_release+0x12b/0x180 [ 182.721500][ T7551] iter_file_splice_write+0x7d1/0xbe0 [ 182.726872][ T7551] ? atime_needs_update+0x5f0/0x5f0 [ 182.732072][ T7551] ? page_cache_pipe_buf_confirm+0x2b0/0x2b0 [ 182.738070][ T7551] ? rw_verify_area+0x118/0x360 [ 182.742938][ T7551] ? page_cache_pipe_buf_confirm+0x2b0/0x2b0 [ 182.748914][ T7551] direct_splice_actor+0x126/0x1a0 [ 182.754024][ T7551] splice_direct_to_actor+0x369/0x970 [ 182.759398][ T7551] ? generic_pipe_buf_nosteal+0x10/0x10 [ 182.764946][ T7551] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 182.771183][ T7551] ? do_splice_to+0x190/0x190 [ 182.775859][ T7551] ? rw_verify_area+0x118/0x360 [ 182.780708][ T7551] do_splice_direct+0x1da/0x2a0 [ 182.785559][ T7551] ? splice_direct_to_actor+0x970/0x970 [ 182.791119][ T7551] ? rw_verify_area+0x118/0x360 [ 182.795972][ T7551] do_sendfile+0x597/0xd00 [ 182.800395][ T7551] ? do_compat_pwritev64+0x1c0/0x1c0 [ 182.805675][ T7551] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 182.811909][ T7551] ? put_timespec64+0xda/0x140 [ 182.816679][ T7551] __x64_sys_sendfile64+0x1dd/0x220 [ 182.821879][ T7551] ? __ia32_sys_sendfile+0x230/0x230 [ 182.827164][ T7551] ? do_syscall_64+0x26/0x610 [ 182.831837][ T7551] ? lockdep_hardirqs_on+0x418/0x5d0 [ 182.837128][ T7551] ? trace_hardirqs_on+0x67/0x230 [ 182.842170][ T7551] do_syscall_64+0x103/0x610 [ 182.846763][ T7551] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 182.852646][ T7551] RIP: 0033:0x457e29 [ 182.856536][ T7551] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 182.876132][ T7551] RSP: 002b:00007f00d6aa8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 182.884542][ T7551] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29 [ 182.892507][ T7551] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 182.900480][ T7551] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 182.908446][ T7551] R10: 0000000000080005 R11: 0000000000000246 R12: 00007f00d6aa96d4 [ 182.916413][ T7551] R13: 00000000004c4dce R14: 00000000004d8af8 R15: 00000000ffffffff