[ 34.181801][ T26] audit: type=1800 audit(1554675118.179:27): pid=7402 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 34.209345][ T26] audit: type=1800 audit(1554675118.179:28): pid=7402 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 35.002516][ T26] audit: type=1800 audit(1554675119.059:29): pid=7402 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 35.022767][ T26] audit: type=1800 audit(1554675119.059:30): pid=7402 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.42' (ECDSA) to the list of known hosts. 2019/04/07 22:12:14 fuzzer started 2019/04/07 22:12:17 dialing manager at 10.128.0.26:34543 2019/04/07 22:12:17 syscalls: 2408 2019/04/07 22:12:17 code coverage: enabled 2019/04/07 22:12:17 comparison tracing: enabled 2019/04/07 22:12:17 extra coverage: extra coverage is not supported by the kernel 2019/04/07 22:12:17 setuid sandbox: enabled 2019/04/07 22:12:17 namespace sandbox: enabled 2019/04/07 22:12:17 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/07 22:12:17 fault injection: enabled 2019/04/07 22:12:17 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/07 22:12:17 net packet injection: enabled 2019/04/07 22:12:17 net device setup: enabled 22:14:19 executing program 0: syzkaller login: [ 175.652606][ T7569] IPVS: ftp: loaded support on port[0] = 21 22:14:19 executing program 1: [ 175.754589][ T7569] chnl_net:caif_netlink_parms(): no params data found [ 175.825068][ T7569] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.847258][ T7569] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.867627][ T7569] device bridge_slave_0 entered promiscuous mode [ 175.888017][ T7569] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.895233][ T7569] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.907999][ T7569] device bridge_slave_1 entered promiscuous mode [ 175.932024][ T7573] IPVS: ftp: loaded support on port[0] = 21 [ 175.948762][ T7569] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 175.960570][ T7569] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 175.988380][ T7569] team0: Port device team_slave_0 added 22:14:20 executing program 2: [ 175.998871][ T7569] team0: Port device team_slave_1 added [ 176.080621][ T7569] device hsr_slave_0 entered promiscuous mode 22:14:20 executing program 3: [ 176.157397][ T7569] device hsr_slave_1 entered promiscuous mode [ 176.223091][ T7575] IPVS: ftp: loaded support on port[0] = 21 [ 176.253729][ T7569] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.262318][ T7569] bridge0: port 2(bridge_slave_1) entered forwarding state [ 176.270913][ T7569] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.278033][ T7569] bridge0: port 1(bridge_slave_0) entered forwarding state [ 176.359113][ T7573] chnl_net:caif_netlink_parms(): no params data found [ 176.385661][ T7579] IPVS: ftp: loaded support on port[0] = 21 [ 176.496844][ T7569] 8021q: adding VLAN 0 to HW filter on device bond0 [ 176.505881][ T7573] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.514893][ T7573] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.524878][ T7573] device bridge_slave_0 entered promiscuous mode 22:14:20 executing program 4: [ 176.569568][ T7569] 8021q: adding VLAN 0 to HW filter on device team0 [ 176.585529][ T7573] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.603226][ T7573] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.613980][ T7573] device bridge_slave_1 entered promiscuous mode [ 176.625561][ T7577] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 176.650108][ T7577] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.669829][ T7577] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.698534][ T7577] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 176.730899][ T7575] chnl_net:caif_netlink_parms(): no params data found [ 176.758948][ T7583] IPVS: ftp: loaded support on port[0] = 21 [ 176.782696][ T7577] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 176.795380][ T7577] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.818098][ T7577] bridge0: port 1(bridge_slave_0) entered forwarding state 22:14:20 executing program 5: [ 176.835462][ T7577] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 176.850994][ T7577] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.859341][ T7577] bridge0: port 2(bridge_slave_1) entered forwarding state [ 176.905820][ T7579] chnl_net:caif_netlink_parms(): no params data found [ 176.931602][ T7573] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 176.950021][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 176.961887][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 176.973057][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 176.982761][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 176.991826][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 177.000561][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 177.010280][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 177.018907][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 177.028835][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 177.056315][ T7573] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 177.083338][ T7569] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 177.112435][ T7573] team0: Port device team_slave_0 added [ 177.121121][ T7573] team0: Port device team_slave_1 added [ 177.143056][ T7575] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.150905][ T7575] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.159686][ T7575] device bridge_slave_0 entered promiscuous mode [ 177.173234][ T7575] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.180421][ T7575] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.188423][ T7575] device bridge_slave_1 entered promiscuous mode [ 177.221656][ T7586] IPVS: ftp: loaded support on port[0] = 21 [ 177.237224][ T7579] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.244511][ T7579] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.253039][ T7579] device bridge_slave_0 entered promiscuous mode [ 177.265236][ T7575] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 177.279578][ T7575] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 177.340128][ T7573] device hsr_slave_0 entered promiscuous mode [ 177.387301][ T7573] device hsr_slave_1 entered promiscuous mode [ 177.443872][ T7579] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.451307][ T7579] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.461168][ T7579] device bridge_slave_1 entered promiscuous mode [ 177.481891][ T7579] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 177.520203][ T7583] chnl_net:caif_netlink_parms(): no params data found [ 177.540034][ T7579] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 177.563282][ T7579] team0: Port device team_slave_0 added [ 177.575859][ T7575] team0: Port device team_slave_0 added [ 177.585007][ T7569] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 177.602208][ T7579] team0: Port device team_slave_1 added [ 177.614832][ T7575] team0: Port device team_slave_1 added [ 177.719298][ T7579] device hsr_slave_0 entered promiscuous mode [ 177.787566][ T7579] device hsr_slave_1 entered promiscuous mode 22:14:21 executing program 0: 22:14:21 executing program 0: 22:14:22 executing program 0: 22:14:22 executing program 0: [ 177.929870][ T7575] device hsr_slave_0 entered promiscuous mode [ 177.961399][ T7575] device hsr_slave_1 entered promiscuous mode 22:14:22 executing program 0: 22:14:22 executing program 0: [ 178.018158][ T7583] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.031599][ T7583] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.052855][ T7583] device bridge_slave_0 entered promiscuous mode 22:14:22 executing program 0: [ 178.125809][ T7583] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.140346][ T7583] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.158243][ T7583] device bridge_slave_1 entered promiscuous mode [ 178.194865][ T7583] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 178.253725][ T7583] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 178.287553][ T7573] 8021q: adding VLAN 0 to HW filter on device bond0 [ 178.344174][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 178.359956][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 178.372597][ T7583] team0: Port device team_slave_0 added [ 178.382995][ T7573] 8021q: adding VLAN 0 to HW filter on device team0 [ 178.397734][ T7586] chnl_net:caif_netlink_parms(): no params data found [ 178.430306][ T7583] team0: Port device team_slave_1 added [ 178.519991][ T7583] device hsr_slave_0 entered promiscuous mode [ 178.567385][ T7583] device hsr_slave_1 entered promiscuous mode [ 178.634527][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 178.647477][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 178.655812][ T3000] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.662913][ T3000] bridge0: port 1(bridge_slave_0) entered forwarding state [ 178.671121][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 178.680078][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 178.689436][ T3000] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.696480][ T3000] bridge0: port 2(bridge_slave_1) entered forwarding state [ 178.704274][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 178.713422][ T7586] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.722119][ T7586] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.731542][ T7586] device bridge_slave_0 entered promiscuous mode [ 178.739650][ T7586] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.746695][ T7586] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.754812][ T7586] device bridge_slave_1 entered promiscuous mode [ 178.772653][ T7586] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 178.784579][ T7575] 8021q: adding VLAN 0 to HW filter on device bond0 [ 178.791946][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 178.801735][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 178.828334][ T7586] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 178.839596][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 178.848742][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 178.863725][ T7573] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 178.875017][ T7573] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 178.891079][ T7579] 8021q: adding VLAN 0 to HW filter on device bond0 [ 178.905166][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 178.913230][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 178.923216][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 178.931871][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 178.940621][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 178.949902][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 178.958722][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 178.967923][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 178.994858][ T7579] 8021q: adding VLAN 0 to HW filter on device team0 [ 179.005280][ T7586] team0: Port device team_slave_0 added [ 179.011790][ T7572] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 179.019874][ T7572] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 179.028020][ T7572] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 179.035725][ T7572] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 179.051806][ T7575] 8021q: adding VLAN 0 to HW filter on device team0 [ 179.060963][ T7586] team0: Port device team_slave_1 added [ 179.128873][ T7586] device hsr_slave_0 entered promiscuous mode [ 179.187385][ T7586] device hsr_slave_1 entered promiscuous mode [ 179.239164][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 179.248184][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 179.256529][ T23] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.263640][ T23] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.272849][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 179.285428][ T7573] 8021q: adding VLAN 0 to HW filter on device batadv0 22:14:23 executing program 1: [ 179.318834][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 179.335363][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 179.354466][ T3000] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.361628][ T3000] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.374850][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 179.398118][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 179.406544][ T3000] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.413740][ T3000] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.421970][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 179.434594][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 179.443223][ T3000] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.450287][ T3000] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.458437][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 179.467847][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 179.494837][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 179.503619][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 179.531089][ T7583] 8021q: adding VLAN 0 to HW filter on device bond0 [ 179.545443][ T7575] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 179.557762][ T7575] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 179.569456][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 179.578471][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 179.587017][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 179.595394][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 179.604343][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 179.613130][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 179.621508][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 179.629726][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 179.638545][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 179.647178][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 179.655921][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 179.664752][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 179.673686][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 179.682165][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 179.690520][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 179.699192][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 179.707123][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 179.714924][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 179.740536][ T7579] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 179.752143][ T7579] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 179.760477][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 179.768493][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 179.776110][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 179.784890][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 179.807370][ T7575] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 179.820691][ T7583] 8021q: adding VLAN 0 to HW filter on device team0 [ 179.838313][ T7586] 8021q: adding VLAN 0 to HW filter on device bond0 22:14:23 executing program 2: [ 179.886407][ T7586] 8021q: adding VLAN 0 to HW filter on device team0 [ 179.900146][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 179.910032][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 179.920829][ T23] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.927974][ T23] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.947768][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 179.956582][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 179.965291][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 179.974336][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 179.983114][ T23] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.990259][ T23] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.998461][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 180.009419][ T7579] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 180.017503][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 180.044516][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 180.054510][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 180.065984][ T3000] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.073114][ T3000] bridge0: port 1(bridge_slave_0) entered forwarding state [ 180.081605][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 180.090304][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 180.099058][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 180.107460][ T3000] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.114539][ T3000] bridge0: port 2(bridge_slave_1) entered forwarding state [ 180.122458][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 180.131042][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 180.139845][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 180.148609][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 180.157476][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 180.172114][ T7583] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 180.182893][ T7583] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network 22:14:24 executing program 3: [ 180.200614][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 180.218198][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 180.238270][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 180.256607][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 180.268973][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 180.278633][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 180.287511][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 180.297848][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 180.315734][ T7583] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 180.334198][ T7587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 180.342920][ T7587] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 180.352065][ T7587] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 180.361459][ T7587] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 180.370405][ T7587] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 180.383664][ T7586] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 180.394712][ T7586] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 180.418442][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 180.432873][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 180.441756][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 180.453382][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 180.462319][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 22:14:24 executing program 4: [ 180.505073][ T7586] 8021q: adding VLAN 0 to HW filter on device batadv0 22:14:24 executing program 5: 22:14:24 executing program 0: 22:14:24 executing program 1: 22:14:24 executing program 2: 22:14:24 executing program 3: 22:14:24 executing program 4: 22:14:24 executing program 0: 22:14:24 executing program 2: 22:14:24 executing program 1: 22:14:24 executing program 4: 22:14:24 executing program 3: 22:14:24 executing program 5: 22:14:24 executing program 0: 22:14:24 executing program 1: 22:14:24 executing program 3: 22:14:24 executing program 5: 22:14:24 executing program 2: 22:14:24 executing program 0: 22:14:24 executing program 4: 22:14:25 executing program 5: 22:14:25 executing program 3: 22:14:25 executing program 1: 22:14:25 executing program 2: 22:14:25 executing program 4: 22:14:25 executing program 0: 22:14:25 executing program 1: 22:14:25 executing program 5: 22:14:25 executing program 3: 22:14:25 executing program 2: 22:14:25 executing program 4: 22:14:25 executing program 0: 22:14:25 executing program 3: 22:14:25 executing program 1: 22:14:25 executing program 5: 22:14:25 executing program 2: 22:14:25 executing program 3: 22:14:25 executing program 0: 22:14:25 executing program 4: 22:14:25 executing program 5: 22:14:25 executing program 1: 22:14:25 executing program 3: 22:14:25 executing program 4: 22:14:25 executing program 0: 22:14:25 executing program 2: 22:14:25 executing program 1: 22:14:25 executing program 3: 22:14:25 executing program 5: 22:14:25 executing program 0: 22:14:25 executing program 4: 22:14:25 executing program 2: 22:14:25 executing program 5: 22:14:25 executing program 0: 22:14:25 executing program 1: 22:14:25 executing program 3: 22:14:25 executing program 4: 22:14:25 executing program 5: 22:14:26 executing program 0: 22:14:26 executing program 2: 22:14:26 executing program 1: 22:14:26 executing program 5: 22:14:26 executing program 4: 22:14:26 executing program 0: 22:14:26 executing program 3: 22:14:26 executing program 2: 22:14:26 executing program 1: 22:14:26 executing program 5: 22:14:26 executing program 4: 22:14:26 executing program 3: 22:14:26 executing program 0: 22:14:26 executing program 2: 22:14:26 executing program 1: 22:14:26 executing program 4: 22:14:26 executing program 5: 22:14:26 executing program 3: 22:14:26 executing program 0: 22:14:26 executing program 2: 22:14:26 executing program 1: 22:14:26 executing program 3: 22:14:26 executing program 4: 22:14:26 executing program 5: 22:14:26 executing program 0: 22:14:26 executing program 1: 22:14:26 executing program 4: 22:14:26 executing program 2: 22:14:26 executing program 5: 22:14:26 executing program 3: 22:14:26 executing program 0: 22:14:26 executing program 1: 22:14:26 executing program 4: 22:14:26 executing program 2: 22:14:26 executing program 5: 22:14:26 executing program 3: 22:14:26 executing program 1: 22:14:26 executing program 0: 22:14:27 executing program 3: 22:14:27 executing program 2: 22:14:27 executing program 4: 22:14:27 executing program 1: 22:14:27 executing program 5: 22:14:27 executing program 0: 22:14:27 executing program 3: 22:14:27 executing program 4: 22:14:27 executing program 2: 22:14:27 executing program 1: 22:14:27 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_pid(r1, &(0x7f0000000000), 0xfffffea6) 22:14:27 executing program 3: socketpair$unix(0x1, 0x1000100000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r3, 0x0, 0x8ec3, 0x0) close(r2) fcntl$setpipe(r2, 0x407, 0x0) dup2(r1, r3) write$binfmt_elf64(r3, &(0x7f0000000180)=ANY=[@ANYBLOB="c5a44dc8fb8bfa89255acf6bf4140ad3317416bdde32d1c51a09b300a9e4d21a90a8990de2c00a3f4dd2a08768308f0713044133ac6ebbc6d7bd7f06a51b5b78dc574919f090b02ebfae4669cef772b5040c698702f6b4c2ff3e7d5e1699a66a616c099868a57b223d31d10c54883b964ae943fe5c8b9265f3b89ba753"], 0x7d) 22:14:27 executing program 0: 22:14:27 executing program 1: 22:14:27 executing program 4: 22:14:27 executing program 2: 22:14:27 executing program 0: 22:14:27 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0xe) ppoll(&(0x7f0000000180)=[{r0}], 0x1, &(0x7f00000001c0)={0x0, 0x989680}, 0x0, 0x0) 22:14:27 executing program 0: mlockall(0x3) clone(0x1080002, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit(0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x1) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x0) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0xed) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) 22:14:27 executing program 3: syz_mount_image$msdos(&(0x7f0000000780)='msdos\x00', &(0x7f00000007c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 22:14:27 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getresuid(0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$VIDIOC_G_MODULATOR(0xffffffffffffffff, 0xc0445636, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat$cachefiles(0xffffffffffffff9c, 0x0, 0x101082, 0x0) getuid() 22:14:27 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat$cachefiles(0xffffffffffffff9c, 0x0, 0x0, 0x0) getuid() [ 183.612617][ T7861] FAT-fs (loop3): bogus number of reserved sectors [ 183.623718][ T7866] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 183.641084][ T7861] FAT-fs (loop3): Can't find a valid FAT filesystem 22:14:27 executing program 5: r0 = socket$pppoe(0x18, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f00000000c0)=@ethtool_ringparam={0x10}}) 22:14:27 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000000)={0x79, 0x0, [0x80000000]}) [ 183.732406][ T7861] FAT-fs (loop3): bogus number of reserved sectors [ 183.763407][ T7861] FAT-fs (loop3): Can't find a valid FAT filesystem [ 183.816382][ C0] hrtimer: interrupt took 24812 ns 22:14:28 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000000), 0x4) clone(0x400a300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_tcp_int(r1, 0x6, 0x80000000000016, &(0x7f0000000140), 0xf6) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x26) setsockopt$inet6_opts(r0, 0x29, 0x3b, 0x0, 0x0) 22:14:28 executing program 1: r0 = socket$kcm(0xa, 0x2, 0x11) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffff9c, 0x84, 0x71, 0x0, 0x0) ioctl$VIDIOC_SUBDEV_G_EDID(0xffffffffffffffff, 0xc0285628, &(0x7f0000000140)={0x0, 0x100000001, 0x0, [], 0x0}) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000001c0)={0x7fff, 0x0, 0x8000, 0xf2, 0x0, 0x8001}, 0x0) setsockopt$sock_attach_bpf(r0, 0x88, 0x67, 0x0, 0x0) setsockopt$inet_sctp_SCTP_HMAC_IDENT(0xffffffffffffffff, 0x84, 0x16, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sigaltstack(&(0x7f0000fff000/0x1000)=nil, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x1, 0x0, 0x1, 0x2000000000002) syz_open_dev$amidi(0x0, 0x0, 0x0) 22:14:28 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000008c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000300)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x7fffffff, 0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x9}]}}) 22:14:28 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='\x00\x00\x00\x00\x00egy\xc5\x8e\xcb\x1c\xf8\x8f\xca;\xa3?\xad\xae\x0f\xb5\x97ao3\xab\xcdY\x9a\xe3\xe5\xe1\xf4\x87\xac\xad\x80\xa3P\x8c\xea\x9c\xc7\x00\xeb\xedX#\xe34\x80O]\x87\xdd\x894\xdal;w\xf8\xf8\v?v\xf0\xb8\xda=|\xa4\xba\xbbiq!\xd8g\xb7I\x12\x80') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) write$smack_current(r0, &(0x7f0000000080)='^\'\x00', 0x3) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400203) chdir(0x0) symlink(0x0, &(0x7f0000000540)='./file0\x00') mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x20000, 0x0) mount(&(0x7f0000000780)=ANY=[@ANYBLOB], 0x0, 0x0, 0x5010, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x7, 0x0) link(&(0x7f00000001c0)='./file0/file0/file0\x00', &(0x7f0000000100)='./file0/file0\x00') perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0) lseek(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, 0x0) ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0) r3 = socket$inet6(0xa, 0x400000000001, 0x0) r4 = getpid() process_vm_writev(r4, &(0x7f0000001780)=[{&(0x7f0000000240)=""/232, 0xe8}, {&(0x7f0000000340)=""/233, 0xe9}, {0x0}, {0x0}, {0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x6, &(0x7f00000018c0)=[{&(0x7f0000000140)=""/38, 0x26}, {0x0}, {&(0x7f0000001800)=""/139, 0x8b}], 0x3, 0x0) r5 = dup(r3) ioctl$TIOCMBIC(r1, 0x5417, &(0x7f0000000180)=0x6) setsockopt$inet6_tcp_int(r5, 0x6, 0xa, &(0x7f00007b1000)=0x81, 0x4) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c) sendto$inet6(r3, 0x0, 0x0, 0x20000005, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r6 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x7fff) setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x4) sendfile(r5, r6, 0x0, 0x8000dffffffe) [ 184.297657][ T7900] mmap: syz-executor.1 (7900) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 184.321531][ T7899] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 184.414713][ T7899] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7899 [ 184.424560][ T7899] caller is ip6_finish_output+0x335/0xdc0 [ 184.430611][ T7899] CPU: 0 PID: 7899 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 184.439661][ T7899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 184.449749][ T7899] Call Trace: [ 184.453041][ T7899] dump_stack+0x172/0x1f0 [ 184.457379][ T7899] __this_cpu_preempt_check+0x246/0x270 [ 184.462919][ T7899] ip6_finish_output+0x335/0xdc0 [ 184.467841][ T7899] ip6_output+0x235/0x7f0 [ 184.472157][ T7899] ? ip6_finish_output+0xdc0/0xdc0 [ 184.477254][ T7899] ? retint_kernel+0x2d/0x2d [ 184.481839][ T7899] ? ip6_fragment+0x3980/0x3980 [ 184.486710][ T7899] ip6_xmit+0xe41/0x20c0 [ 184.490943][ T7899] ? ip6_finish_output2+0x2550/0x2550 [ 184.496298][ T7899] ? mark_held_locks+0xf0/0xf0 [ 184.501048][ T7899] ? ip6_setup_cork+0x1870/0x1870 [ 184.506068][ T7899] inet6_csk_xmit+0x2fb/0x5d0 [ 184.510730][ T7899] ? inet6_csk_update_pmtu+0x190/0x190 [ 184.516177][ T7899] ? csum_ipv6_magic+0x20/0x80 [ 184.520935][ T7899] __tcp_transmit_skb+0x1a32/0x3750 [ 184.526125][ T7899] ? __tcp_select_window+0x8b0/0x8b0 [ 184.531415][ T7899] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 184.537654][ T7899] ? tcp_fastopen_no_cookie+0xe0/0x190 [ 184.543092][ T7899] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 184.549314][ T7899] tcp_connect+0x1e47/0x4280 [ 184.553894][ T7899] ? tcp_push_one+0x110/0x110 [ 184.558553][ T7899] ? retint_kernel+0x2d/0x2d [ 184.563135][ T7899] tcp_v6_connect+0x150b/0x20a0 [ 184.567973][ T7899] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 184.573355][ T7899] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 184.578622][ T7899] ? retint_kernel+0x2d/0x2d [ 184.583211][ T7899] ? trace_hardirqs_on_caller+0x6a/0x220 [ 184.588838][ T7899] ? find_held_lock+0x35/0x130 [ 184.593587][ T7899] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 184.599222][ T7899] __inet_stream_connect+0x83f/0xea0 [ 184.604495][ T7899] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 184.609863][ T7899] ? __inet_stream_connect+0x83f/0xea0 [ 184.615325][ T7899] ? inet_dgram_connect+0x2e0/0x2e0 [ 184.620507][ T7899] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 184.625862][ T7899] ? rcu_read_lock_sched_held+0x110/0x130 [ 184.631568][ T7899] ? kmem_cache_alloc_trace+0x354/0x760 [ 184.637110][ T7899] tcp_sendmsg_locked+0x231f/0x37f0 [ 184.642298][ T7899] ? mark_held_locks+0xf0/0xf0 [ 184.647049][ T7899] ? mark_held_locks+0xa4/0xf0 [ 184.651799][ T7899] ? tcp_sendpage+0x60/0x60 [ 184.656295][ T7899] ? lock_sock_nested+0x9a/0x120 [ 184.661215][ T7899] ? trace_hardirqs_on+0x67/0x230 [ 184.666802][ T7899] ? lock_sock_nested+0x9a/0x120 [ 184.671733][ T7899] ? __local_bh_enable_ip+0x15a/0x270 [ 184.677104][ T7899] tcp_sendmsg+0x30/0x50 [ 184.681329][ T7899] inet_sendmsg+0x147/0x5e0 [ 184.685834][ T7899] ? ipip_gro_receive+0x100/0x100 [ 184.690863][ T7899] sock_sendmsg+0xdd/0x130 [ 184.695269][ T7899] __sys_sendto+0x262/0x380 [ 184.699775][ T7899] ? __ia32_sys_getpeername+0xb0/0xb0 [ 184.705153][ T7899] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 184.710606][ T7899] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 184.716068][ T7899] ? retint_kernel+0x2d/0x2d [ 184.720669][ T7899] __x64_sys_sendto+0xe1/0x1a0 [ 184.725429][ T7899] do_syscall_64+0x103/0x610 [ 184.730011][ T7899] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 184.735888][ T7899] RIP: 0033:0x4582b9 [ 184.739773][ T7899] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 184.759361][ T7899] RSP: 002b:00007f2cb2dc4c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 184.767759][ T7899] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 184.775723][ T7899] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 184.783680][ T7899] RBP: 000000000073bf00 R08: 00000000208d4fe4 R09: 000000000000001c [ 184.791645][ T7899] R10: 0000000020000005 R11: 0000000000000246 R12: 00007f2cb2dc56d4 [ 184.799601][ T7899] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 185.012438][ T7899] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7899 [ 185.022063][ T7899] caller is ip6_finish_output+0x335/0xdc0 [ 185.028284][ T7899] CPU: 1 PID: 7899 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 185.037318][ T7899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 185.047399][ T7899] Call Trace: [ 185.051014][ T7899] dump_stack+0x172/0x1f0 [ 185.055396][ T7899] __this_cpu_preempt_check+0x246/0x270 [ 185.060989][ T7899] ip6_finish_output+0x335/0xdc0 [ 185.065964][ T7899] ip6_output+0x235/0x7f0 [ 185.070307][ T7899] ? ip6_finish_output+0xdc0/0xdc0 [ 185.075444][ T7899] ? ip6_fragment+0x3980/0x3980 [ 185.080312][ T7899] ip6_xmit+0xe41/0x20c0 [ 185.084556][ T7899] ? ip6_finish_output2+0x2550/0x2550 [ 185.089916][ T7899] ? retint_kernel+0x2d/0x2d [ 185.094491][ T7899] ? ip6_setup_cork+0x1870/0x1870 [ 185.099501][ T7899] ? lock_is_held_type+0x272/0x320 [ 185.104609][ T7899] inet6_csk_xmit+0x2fb/0x5d0 [ 185.109273][ T7899] ? inet6_csk_update_pmtu+0x190/0x190 [ 185.114731][ T7899] __tcp_transmit_skb+0x1a32/0x3750 [ 185.119932][ T7899] ? memcpy+0x46/0x50 [ 185.123903][ T7899] ? __tcp_select_window+0x8b0/0x8b0 [ 185.129171][ T7899] ? retint_kernel+0x2d/0x2d [ 185.133747][ T7899] ? tcp_rbtree_insert+0x188/0x200 [ 185.138843][ T7899] tcp_send_synack+0x4b0/0x15b0 [ 185.143683][ T7899] ? calibrate_delay.cold+0x3ce/0x4a7 [ 185.149049][ T7899] ? tcp_send_active_reset+0x8e0/0x8e0 [ 185.154503][ T7899] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 185.162191][ T7899] ? tcp_sync_mss+0x2ee/0xa30 [ 185.166859][ T7899] tcp_rcv_state_process+0x225d/0x4d93 [ 185.172310][ T7899] ? tcp_finish_connect+0x510/0x510 [ 185.177491][ T7899] ? mark_held_locks+0xa4/0xf0 [ 185.182241][ T7899] ? __release_sock+0xca/0x3a0 [ 185.186986][ T7899] ? find_held_lock+0x35/0x130 [ 185.191744][ T7899] ? mark_held_locks+0xa4/0xf0 [ 185.196501][ T7899] ? __local_bh_enable_ip+0x15a/0x270 [ 185.201859][ T7899] ? _raw_spin_unlock_bh+0x31/0x40 [ 185.206949][ T7899] ? __local_bh_enable_ip+0x15a/0x270 [ 185.212314][ T7899] tcp_v6_do_rcv+0x7da/0x12c0 [ 185.216973][ T7899] ? tcp_v6_do_rcv+0x7da/0x12c0 [ 185.221815][ T7899] __release_sock+0x12e/0x3a0 [ 185.226481][ T7899] release_sock+0x59/0x1c0 [ 185.230888][ T7899] __inet_stream_connect+0x59f/0xea0 [ 185.236162][ T7899] ? inet_dgram_connect+0x2e0/0x2e0 [ 185.241346][ T7899] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 185.246714][ T7899] ? do_wait_intr_irq+0x2b0/0x2b0 [ 185.251740][ T7899] tcp_sendmsg_locked+0x231f/0x37f0 [ 185.256927][ T7899] ? mark_held_locks+0xf0/0xf0 [ 185.261676][ T7899] ? mark_held_locks+0xa4/0xf0 [ 185.266424][ T7899] ? tcp_sendpage+0x60/0x60 [ 185.270926][ T7899] ? lock_sock_nested+0x9a/0x120 [ 185.275866][ T7899] ? trace_hardirqs_on+0x67/0x230 [ 185.280876][ T7899] ? lock_sock_nested+0x9a/0x120 [ 185.285888][ T7899] ? __local_bh_enable_ip+0x15a/0x270 [ 185.291247][ T7899] tcp_sendmsg+0x30/0x50 [ 185.300606][ T7899] inet_sendmsg+0x147/0x5e0 [ 185.305091][ T7899] ? ipip_gro_receive+0x100/0x100 [ 185.310124][ T7899] sock_sendmsg+0xdd/0x130 [ 185.314527][ T7899] __sys_sendto+0x262/0x380 [ 185.319015][ T7899] ? __ia32_sys_getpeername+0xb0/0xb0 [ 185.324374][ T7899] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 185.331801][ T7899] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 185.337258][ T7899] ? retint_kernel+0x2d/0x2d [ 185.341854][ T7899] __x64_sys_sendto+0xe1/0x1a0 [ 185.346609][ T7899] do_syscall_64+0x103/0x610 [ 185.351187][ T7899] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 185.357067][ T7899] RIP: 0033:0x4582b9 [ 185.360950][ T7899] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 185.380536][ T7899] RSP: 002b:00007f2cb2dc4c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 185.388939][ T7899] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 185.396899][ T7899] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 185.405044][ T7899] RBP: 000000000073bf00 R08: 00000000208d4fe4 R09: 000000000000001c 22:14:29 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat$cachefiles(0xffffffffffffff9c, 0x0, 0x0, 0x0) getuid() [ 185.413000][ T7899] R10: 0000000020000005 R11: 0000000000000246 R12: 00007f2cb2dc56d4 [ 185.420953][ T7899] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 185.445764][ T7891] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7891 [ 185.455209][ T7891] caller is ip6_finish_output+0x335/0xdc0 [ 185.461001][ T7891] CPU: 0 PID: 7891 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 185.470015][ T7891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 185.480080][ T7891] Call Trace: [ 185.483378][ T7891] dump_stack+0x172/0x1f0 [ 185.487730][ T7891] __this_cpu_preempt_check+0x246/0x270 [ 185.493290][ T7891] ip6_finish_output+0x335/0xdc0 [ 185.498217][ T7891] ip6_output+0x235/0x7f0 [ 185.502536][ T7891] ? ip6_finish_output+0xdc0/0xdc0 [ 185.507639][ T7891] ? ip6_fragment+0x3980/0x3980 [ 185.512479][ T7891] ip6_xmit+0xe41/0x20c0 [ 185.516711][ T7891] ? ip6_finish_output2+0x2550/0x2550 [ 185.522068][ T7891] ? mark_held_locks+0xf0/0xf0 [ 185.526819][ T7891] ? ip6_setup_cork+0x1870/0x1870 [ 185.531830][ T7891] ? inet6_csk_route_socket+0x715/0xf40 [ 185.537542][ T7891] inet6_csk_xmit+0x2fb/0x5d0 [ 185.542208][ T7891] ? inet6_csk_update_pmtu+0x190/0x190 [ 185.547659][ T7891] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 185.553890][ T7891] ? csum_ipv6_magic+0x20/0x80 [ 185.558729][ T7891] __tcp_transmit_skb+0x1a32/0x3750 [ 185.564004][ T7891] ? __tcp_select_window+0x8b0/0x8b0 [ 185.569278][ T7891] ? trace_hardirqs_on+0x67/0x230 [ 185.574287][ T7891] tcp_xmit_probe_skb+0x2d6/0x380 [ 185.579300][ T7891] tcp_send_window_probe+0x145/0x1a0 [ 185.584574][ T7891] ? ns_capable+0x20/0x30 [ 185.588890][ T7891] do_tcp_setsockopt.isra.0+0x1e19/0x23f0 [ 185.594693][ T7891] ? tcp_peek_len+0x2d0/0x2d0 [ 185.599356][ T7891] ? __might_sleep+0x95/0x190 [ 185.604193][ T7891] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 185.609812][ T7891] ? aa_sk_perm+0x288/0x880 [ 185.614306][ T7891] tcp_setsockopt+0xc4/0xf0 [ 185.618817][ T7891] sock_common_setsockopt+0x9a/0xe0 [ 185.624024][ T7891] __sys_setsockopt+0x180/0x280 [ 185.628872][ T7891] ? kernel_accept+0x310/0x310 [ 185.633627][ T7891] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 185.639068][ T7891] ? do_syscall_64+0x26/0x610 [ 185.643740][ T7891] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 185.649786][ T7891] ? do_syscall_64+0x26/0x610 [ 185.654448][ T7891] __x64_sys_setsockopt+0xbe/0x150 [ 185.659542][ T7891] do_syscall_64+0x103/0x610 [ 185.664230][ T7891] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 185.670193][ T7891] RIP: 0033:0x4582b9 [ 185.674077][ T7891] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 185.693672][ T7891] RSP: 002b:00007fdd13d91c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 185.702074][ T7891] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004582b9 [ 185.710024][ T7891] RDX: 0000000000000013 RSI: 0000000000000006 RDI: 0000000000000003 [ 185.717982][ T7891] RBP: 000000000073bfa0 R08: 0000000000000004 R09: 0000000000000000 [ 185.726032][ T7891] R10: 0000000020000000 R11: 0000000000000246 R12: 00007fdd13d926d4 [ 185.734129][ T7891] R13: 00000000004cc908 R14: 00000000004da928 R15: 00000000ffffffff [ 185.834533][ T7911] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7911 [ 185.844207][ T7911] caller is ip6_finish_output+0x335/0xdc0 [ 185.850035][ T7911] CPU: 0 PID: 7911 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 185.859057][ T7911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 185.869108][ T7911] Call Trace: [ 185.872409][ T7911] dump_stack+0x172/0x1f0 [ 185.876734][ T7911] __this_cpu_preempt_check+0x246/0x270 [ 185.882296][ T7911] ip6_finish_output+0x335/0xdc0 [ 185.887266][ T7911] ip6_output+0x235/0x7f0 [ 185.891584][ T7911] ? ip6_finish_output+0xdc0/0xdc0 [ 185.896685][ T7911] ? ip6_fragment+0x3980/0x3980 [ 185.901549][ T7911] ip6_xmit+0xe41/0x20c0 [ 185.905800][ T7911] ? ip6_finish_output2+0x2550/0x2550 [ 185.911168][ T7911] ? mark_held_locks+0xf0/0xf0 [ 185.915929][ T7911] ? ip6_setup_cork+0x1870/0x1870 [ 185.920964][ T7911] inet6_csk_xmit+0x2fb/0x5d0 [ 185.925630][ T7911] ? inet6_csk_update_pmtu+0x190/0x190 [ 185.931074][ T7911] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 185.937310][ T7911] ? csum_ipv6_magic+0x20/0x80 [ 185.942069][ T7911] __tcp_transmit_skb+0x1a32/0x3750 [ 185.947270][ T7911] ? __tcp_select_window+0x8b0/0x8b0 [ 185.952566][ T7911] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 185.958790][ T7911] ? tcp_fastopen_no_cookie+0xe0/0x190 [ 185.964241][ T7911] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 185.970475][ T7911] tcp_connect+0x1e47/0x4280 [ 185.975059][ T7911] ? tcp_push_one+0x110/0x110 [ 185.979728][ T7911] ? secure_tcpv6_ts_off+0x24f/0x360 [ 185.984998][ T7911] ? secure_dccpv6_sequence_number+0x280/0x280 [ 185.991140][ T7911] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 185.997371][ T7911] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 186.003599][ T7911] ? prandom_u32_state+0x13/0x180 [ 186.008610][ T7911] tcp_v6_connect+0x150b/0x20a0 [ 186.013446][ T7911] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 186.018823][ T7911] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 186.024108][ T7911] ? __switch_to_asm+0x34/0x70 [ 186.028874][ T7911] ? __switch_to_asm+0x40/0x70 [ 186.033636][ T7911] ? find_held_lock+0x35/0x130 [ 186.038384][ T7911] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 186.044014][ T7911] __inet_stream_connect+0x83f/0xea0 [ 186.049284][ T7911] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 186.054565][ T7911] ? __inet_stream_connect+0x83f/0xea0 [ 186.060016][ T7911] ? inet_dgram_connect+0x2e0/0x2e0 [ 186.065212][ T7911] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 186.070594][ T7911] ? rcu_read_lock_sched_held+0x110/0x130 [ 186.076316][ T7911] ? kmem_cache_alloc_trace+0x354/0x760 [ 186.081843][ T7911] ? __lock_acquire+0x548/0x3fb0 [ 186.086775][ T7911] tcp_sendmsg_locked+0x231f/0x37f0 [ 186.091965][ T7911] ? mark_held_locks+0xf0/0xf0 [ 186.096723][ T7911] ? mark_held_locks+0xa4/0xf0 [ 186.101471][ T7911] ? tcp_sendpage+0x60/0x60 [ 186.105968][ T7911] ? lock_sock_nested+0x9a/0x120 [ 186.110928][ T7911] ? trace_hardirqs_on+0x67/0x230 [ 186.115947][ T7911] ? lock_sock_nested+0x9a/0x120 [ 186.120876][ T7911] ? __local_bh_enable_ip+0x15a/0x270 [ 186.126255][ T7911] tcp_sendmsg+0x30/0x50 [ 186.130491][ T7911] inet_sendmsg+0x147/0x5e0 [ 186.134992][ T7911] ? ipip_gro_receive+0x100/0x100 [ 186.140017][ T7911] sock_sendmsg+0xdd/0x130 [ 186.144429][ T7911] __sys_sendto+0x262/0x380 [ 186.148926][ T7911] ? __ia32_sys_getpeername+0xb0/0xb0 [ 186.154309][ T7911] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 186.160910][ T7911] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.166358][ T7911] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.171814][ T7911] ? do_syscall_64+0x26/0x610 [ 186.176478][ T7911] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 186.182555][ T7911] __x64_sys_sendto+0xe1/0x1a0 [ 186.187307][ T7911] do_syscall_64+0x103/0x610 [ 186.191902][ T7911] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 186.197776][ T7911] RIP: 0033:0x4582b9 [ 186.201658][ T7911] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 186.221246][ T7911] RSP: 002b:00007f2cb2d61c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 186.229638][ T7911] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 186.237593][ T7911] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000f [ 186.245555][ T7911] RBP: 000000000073c0e0 R08: 00000000208d4fe4 R09: 000000000000001c [ 186.253509][ T7911] R10: 0000000020000005 R11: 0000000000000246 R12: 00007f2cb2d626d4 [ 186.261477][ T7911] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 186.285627][ T7899] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7899 [ 186.295759][ T7899] caller is ip6_finish_output+0x335/0xdc0 [ 186.301721][ T7899] CPU: 1 PID: 7899 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 186.310758][ T7899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 186.320823][ T7899] Call Trace: [ 186.324131][ T7899] dump_stack+0x172/0x1f0 [ 186.328476][ T7899] __this_cpu_preempt_check+0x246/0x270 [ 186.334134][ T7899] ip6_finish_output+0x335/0xdc0 [ 186.339258][ T7899] ip6_output+0x235/0x7f0 [ 186.343592][ T7899] ? ip6_finish_output+0xdc0/0xdc0 [ 186.348709][ T7899] ? ip6_fragment+0x3980/0x3980 [ 186.353569][ T7899] ip6_xmit+0xe41/0x20c0 [ 186.357826][ T7899] ? ip6_finish_output2+0x2550/0x2550 [ 186.363204][ T7899] ? mark_held_locks+0xf0/0xf0 [ 186.367982][ T7899] ? ip6_setup_cork+0x1870/0x1870 [ 186.373035][ T7899] inet6_csk_xmit+0x2fb/0x5d0 [ 186.377718][ T7899] ? inet6_csk_update_pmtu+0x190/0x190 [ 186.383213][ T7899] ? __tcp_transmit_skb+0x1854/0x3750 [ 186.388595][ T7899] __tcp_transmit_skb+0x1a32/0x3750 [ 186.393818][ T7899] ? __tcp_select_window+0x8b0/0x8b0 [ 186.399117][ T7899] ? retint_kernel+0x2d/0x2d [ 186.403714][ T7899] ? __tcp_send_ack.part.0+0x1a2/0x5b0 [ 186.409179][ T7899] __tcp_send_ack.part.0+0x3c6/0x5b0 [ 186.414474][ T7899] tcp_send_ack+0x88/0xa0 [ 186.418903][ T7899] tcp_send_challenge_ack.isra.0+0x250/0x300 [ 186.424886][ T7899] tcp_validate_incoming+0x55e/0x1660 [ 186.430271][ T7899] tcp_rcv_state_process+0xb6b/0x4d93 [ 186.435748][ T7899] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.441213][ T7899] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.446677][ T7899] ? lockdep_hardirqs_on+0x3c2/0x5d0 [ 186.451969][ T7899] ? tcp_finish_connect+0x510/0x510 [ 186.457181][ T7899] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.462657][ T7899] ? retint_kernel+0x2d/0x2d [ 186.467264][ T7899] ? __release_sock+0xca/0x3a0 [ 186.472042][ T7899] tcp_v6_do_rcv+0x7da/0x12c0 [ 186.477105][ T7899] ? tcp_v6_do_rcv+0x7da/0x12c0 [ 186.481964][ T7899] __release_sock+0x12e/0x3a0 [ 186.486651][ T7899] release_sock+0x59/0x1c0 [ 186.491986][ T7899] __inet_stream_connect+0x59f/0xea0 [ 186.497286][ T7899] ? inet_dgram_connect+0x2e0/0x2e0 [ 186.502486][ T7899] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 186.507867][ T7899] ? do_wait_intr_irq+0x2b0/0x2b0 [ 186.512906][ T7899] tcp_sendmsg_locked+0x231f/0x37f0 [ 186.518116][ T7899] ? mark_held_locks+0xf0/0xf0 [ 186.522893][ T7899] ? mark_held_locks+0xa4/0xf0 [ 186.527678][ T7899] ? tcp_sendpage+0x60/0x60 [ 186.532185][ T7899] ? lock_sock_nested+0x9a/0x120 [ 186.537138][ T7899] ? trace_hardirqs_on+0x67/0x230 [ 186.542252][ T7899] ? lock_sock_nested+0x9a/0x120 [ 186.547210][ T7899] ? __local_bh_enable_ip+0x15a/0x270 [ 186.552594][ T7899] tcp_sendmsg+0x30/0x50 [ 186.556841][ T7899] inet_sendmsg+0x147/0x5e0 [ 186.561355][ T7899] ? ipip_gro_receive+0x100/0x100 [ 186.566387][ T7899] sock_sendmsg+0xdd/0x130 [ 186.570806][ T7899] __sys_sendto+0x262/0x380 [ 186.575315][ T7899] ? __ia32_sys_getpeername+0xb0/0xb0 [ 186.580713][ T7899] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.586234][ T7899] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 186.591821][ T7899] ? retint_kernel+0x2d/0x2d [ 186.596450][ T7899] __x64_sys_sendto+0xe1/0x1a0 [ 186.601247][ T7899] do_syscall_64+0x103/0x610 [ 186.605855][ T7899] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 186.611754][ T7899] RIP: 0033:0x4582b9 [ 186.615661][ T7899] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 22:14:30 executing program 1: openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600)) r1 = syz_open_pts(r0, 0x0) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)) [ 186.635366][ T7899] RSP: 002b:00007f2cb2dc4c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 186.643808][ T7899] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 186.651804][ T7899] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 186.659801][ T7899] RBP: 000000000073bf00 R08: 00000000208d4fe4 R09: 000000000000001c [ 186.667788][ T7899] R10: 0000000020000005 R11: 0000000000000246 R12: 00007f2cb2dc56d4 [ 186.675975][ T7899] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 186.826702][ T7907] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7907 [ 186.836219][ T7907] caller is ip6_finish_output+0x335/0xdc0 [ 186.842121][ T7907] CPU: 0 PID: 7907 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 186.851324][ T7907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 186.861768][ T7907] Call Trace: [ 186.865088][ T7907] dump_stack+0x172/0x1f0 [ 186.869445][ T7907] __this_cpu_preempt_check+0x246/0x270 [ 186.875883][ T7907] ip6_finish_output+0x335/0xdc0 [ 186.880848][ T7907] ip6_output+0x235/0x7f0 [ 186.885193][ T7907] ? ip6_finish_output+0xdc0/0xdc0 [ 186.890314][ T7907] ? ip6_fragment+0x3980/0x3980 [ 186.895277][ T7907] ip6_xmit+0xe41/0x20c0 [ 186.899552][ T7907] ? ip6_finish_output2+0x2550/0x2550 [ 186.905798][ T7907] ? mark_held_locks+0xf0/0xf0 [ 186.910669][ T7907] ? ip6_setup_cork+0x1870/0x1870 [ 186.915917][ T7907] inet6_csk_xmit+0x2fb/0x5d0 [ 186.920602][ T7907] ? inet6_csk_update_pmtu+0x190/0x190 [ 186.926072][ T7907] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 186.932337][ T7907] ? csum_ipv6_magic+0x20/0x80 [ 186.937105][ T7907] __tcp_transmit_skb+0x1a32/0x3750 [ 186.942307][ T7907] ? __tcp_select_window+0x8b0/0x8b0 [ 186.947577][ T7907] ? lockdep_hardirqs_on+0x418/0x5d0 [ 186.952846][ T7907] ? trace_hardirqs_on+0x67/0x230 [ 186.958055][ T7907] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 186.964196][ T7907] tcp_write_xmit+0xe39/0x5660 [ 186.969394][ T7907] ? tcp_current_mss+0x239/0x390 [ 186.974329][ T7907] tcp_push_one+0xd7/0x110 [ 186.978736][ T7907] do_tcp_sendpages+0x115b/0x1b80 [ 186.983765][ T7907] ? sk_stream_alloc_skb+0xd10/0xd10 [ 186.989123][ T7907] ? __local_bh_enable_ip+0x15a/0x270 [ 186.994506][ T7907] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 187.000211][ T7907] tcp_sendpage_locked+0x84/0xd0 [ 187.005141][ T7907] tcp_sendpage+0x3f/0x60 [ 187.009454][ T7907] ? tcp_sendpage_locked+0xd0/0xd0 [ 187.014555][ T7907] inet_sendpage+0x16b/0x630 [ 187.019222][ T7907] kernel_sendpage+0x95/0xf0 [ 187.023794][ T7907] ? inet_sendmsg+0x5e0/0x5e0 [ 187.028458][ T7907] sock_sendpage+0x8b/0xc0 [ 187.032878][ T7907] pipe_to_sendpage+0x299/0x370 [ 187.037717][ T7907] ? kernel_sendpage+0xf0/0xf0 [ 187.042643][ T7907] ? direct_splice_actor+0x1a0/0x1a0 [ 187.047917][ T7907] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 187.054595][ T7907] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 187.060643][ T7907] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 187.067306][ T7907] __splice_from_pipe+0x395/0x7d0 [ 187.072316][ T7907] ? direct_splice_actor+0x1a0/0x1a0 [ 187.077600][ T7907] ? direct_splice_actor+0x1a0/0x1a0 [ 187.082953][ T7907] splice_from_pipe+0x108/0x170 [ 187.088428][ T7907] ? splice_shrink_spd+0xd0/0xd0 [ 187.093356][ T7907] generic_splice_sendpage+0x3c/0x50 [ 187.098628][ T7907] ? splice_from_pipe+0x170/0x170 [ 187.103635][ T7907] direct_splice_actor+0x126/0x1a0 [ 187.108728][ T7907] splice_direct_to_actor+0x369/0x970 [ 187.114344][ T7907] ? generic_pipe_buf_nosteal+0x10/0x10 [ 187.119960][ T7907] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 187.126192][ T7907] ? do_splice_to+0x190/0x190 [ 187.130962][ T7907] ? rw_verify_area+0x118/0x360 [ 187.135797][ T7907] do_splice_direct+0x1da/0x2a0 [ 187.140641][ T7907] ? splice_direct_to_actor+0x970/0x970 [ 187.146176][ T7907] ? rw_verify_area+0x118/0x360 [ 187.151024][ T7907] do_sendfile+0x597/0xd00 [ 187.155433][ T7907] ? do_compat_pwritev64+0x1c0/0x1c0 [ 187.162259][ T7907] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 187.168499][ T7907] ? put_timespec64+0xda/0x140 [ 187.173260][ T7907] __x64_sys_sendfile64+0x1dd/0x220 [ 187.178447][ T7907] ? __ia32_sys_sendfile+0x230/0x230 [ 187.183898][ T7907] ? do_syscall_64+0x26/0x610 [ 187.188558][ T7907] ? lockdep_hardirqs_on+0x418/0x5d0 [ 187.193828][ T7907] ? trace_hardirqs_on+0x67/0x230 [ 187.198846][ T7907] do_syscall_64+0x103/0x610 [ 187.203427][ T7907] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 187.209307][ T7907] RIP: 0033:0x4582b9 [ 187.213185][ T7907] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 187.232768][ T7907] RSP: 002b:00007f2cb2d82c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 187.241168][ T7907] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 187.249129][ T7907] RDX: 0000000000000000 RSI: 000000000000000b RDI: 000000000000000a [ 187.257089][ T7907] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 187.265050][ T7907] R10: 00008000dffffffe R11: 0000000000000246 R12: 00007f2cb2d836d4 [ 187.273003][ T7907] R13: 00000000004c5227 R14: 00000000004d9368 R15: 00000000ffffffff [ 187.285647][ T7907] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7907 [ 187.295409][ T7907] caller is ip6_finish_output+0x335/0xdc0 [ 187.301244][ T7907] CPU: 0 PID: 7907 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 187.310278][ T7907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 187.320350][ T7907] Call Trace: [ 187.323662][ T7907] dump_stack+0x172/0x1f0 [ 187.329800][ T7907] __this_cpu_preempt_check+0x246/0x270 [ 187.335358][ T7907] ip6_finish_output+0x335/0xdc0 [ 187.340404][ T7907] ip6_output+0x235/0x7f0 [ 187.344740][ T7907] ? ip6_finish_output+0xdc0/0xdc0 [ 187.349968][ T7907] ? ip6_fragment+0x3980/0x3980 [ 187.354824][ T7907] ip6_xmit+0xe41/0x20c0 [ 187.359084][ T7907] ? ip6_finish_output2+0x2550/0x2550 [ 187.364470][ T7907] ? mark_held_locks+0xf0/0xf0 [ 187.369246][ T7907] ? ip6_setup_cork+0x1870/0x1870 [ 187.374271][ T7907] ? inet6_csk_route_socket+0x715/0xf40 [ 187.379931][ T7907] inet6_csk_xmit+0x2fb/0x5d0 [ 187.384619][ T7907] ? inet6_csk_update_pmtu+0x190/0x190 [ 187.390086][ T7907] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 187.396340][ T7907] ? csum_ipv6_magic+0x20/0x80 [ 187.401124][ T7907] __tcp_transmit_skb+0x1a32/0x3750 [ 187.406427][ T7907] ? __tcp_select_window+0x8b0/0x8b0 [ 187.411737][ T7907] ? lockdep_hardirqs_on+0x418/0x5d0 [ 187.417029][ T7907] ? trace_hardirqs_on+0x67/0x230 [ 187.422061][ T7907] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 187.427792][ T7907] tcp_write_xmit+0xe39/0x5660 [ 187.432581][ T7907] __tcp_push_pending_frames+0xb4/0x350 [ 187.438157][ T7907] do_tcp_sendpages+0x167b/0x1b80 [ 187.443199][ T7907] ? sk_stream_alloc_skb+0xd10/0xd10 [ 187.448487][ T7907] ? __local_bh_enable_ip+0x15a/0x270 [ 187.453872][ T7907] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 187.459597][ T7907] tcp_sendpage_locked+0x84/0xd0 [ 187.464539][ T7907] tcp_sendpage+0x3f/0x60 [ 187.468872][ T7907] ? tcp_sendpage_locked+0xd0/0xd0 [ 187.473997][ T7907] inet_sendpage+0x16b/0x630 [ 187.478609][ T7907] kernel_sendpage+0x95/0xf0 [ 187.483205][ T7907] ? inet_sendmsg+0x5e0/0x5e0 [ 187.487920][ T7907] sock_sendpage+0x8b/0xc0 [ 187.492341][ T7907] pipe_to_sendpage+0x299/0x370 [ 187.497284][ T7907] ? kernel_sendpage+0xf0/0xf0 [ 187.502044][ T7907] ? direct_splice_actor+0x1a0/0x1a0 [ 187.507331][ T7907] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 187.513703][ T7907] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 187.519767][ T7907] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 187.526008][ T7907] __splice_from_pipe+0x395/0x7d0 [ 187.531124][ T7907] ? direct_splice_actor+0x1a0/0x1a0 [ 187.536412][ T7907] ? direct_splice_actor+0x1a0/0x1a0 [ 187.541707][ T7907] splice_from_pipe+0x108/0x170 [ 187.546560][ T7907] ? splice_shrink_spd+0xd0/0xd0 [ 187.551517][ T7907] generic_splice_sendpage+0x3c/0x50 [ 187.556801][ T7907] ? splice_from_pipe+0x170/0x170 [ 187.561910][ T7907] direct_splice_actor+0x126/0x1a0 [ 187.567025][ T7907] splice_direct_to_actor+0x369/0x970 [ 187.572403][ T7907] ? generic_pipe_buf_nosteal+0x10/0x10 [ 187.577967][ T7907] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 187.584203][ T7907] ? do_splice_to+0x190/0x190 [ 187.588883][ T7907] ? rw_verify_area+0x118/0x360 [ 187.593731][ T7907] do_splice_direct+0x1da/0x2a0 [ 187.598584][ T7907] ? splice_direct_to_actor+0x970/0x970 [ 187.604257][ T7907] ? rw_verify_area+0x118/0x360 [ 187.609137][ T7907] do_sendfile+0x597/0xd00 [ 187.613564][ T7907] ? do_compat_pwritev64+0x1c0/0x1c0 [ 187.618855][ T7907] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 187.625105][ T7907] ? put_timespec64+0xda/0x140 [ 187.629997][ T7907] __x64_sys_sendfile64+0x1dd/0x220 [ 187.635204][ T7907] ? __ia32_sys_sendfile+0x230/0x230 [ 187.640512][ T7907] ? do_syscall_64+0x26/0x610 [ 187.645195][ T7907] ? lockdep_hardirqs_on+0x418/0x5d0 [ 187.650485][ T7907] ? trace_hardirqs_on+0x67/0x230 [ 187.655523][ T7907] do_syscall_64+0x103/0x610 [ 187.660117][ T7907] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 187.666020][ T7907] RIP: 0033:0x4582b9 [ 187.669907][ T7907] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 187.669914][ T7907] RSP: 002b:00007f2cb2d82c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 187.669926][ T7907] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 187.669932][ T7907] RDX: 0000000000000000 RSI: 000000000000000b RDI: 000000000000000a [ 187.669938][ T7907] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 187.669945][ T7907] R10: 00008000dffffffe R11: 0000000000000246 R12: 00007f2cb2d836d4 22:14:31 executing program 0: mlockall(0x3) clone(0x1080002, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit(0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x1) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x0) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0xed) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) 22:14:31 executing program 1: syz_mount_image$vfat(&(0x7f00000000c0)='vfat\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 22:14:31 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat$cachefiles(0xffffffffffffff9c, 0x0, 0x0, 0x0) getuid() 22:14:31 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001480)=ANY=[@ANYBLOB='sys_immutable,nocase']) 22:14:31 executing program 5: creat(0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='fdinfo/3\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000237, 0x0) [ 187.669952][ T7907] R13: 00000000004c5227 R14: 00000000004d9368 R15: 00000000ffffffff [ 187.679984][ T7907] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7907 [ 187.706494][ T7907] caller is ip6_finish_output+0x335/0xdc0 [ 187.706517][ T7907] CPU: 0 PID: 7907 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 187.762496][ T7907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 187.772558][ T7907] Call Trace: [ 187.772594][ T7907] dump_stack+0x172/0x1f0 [ 187.772625][ T7907] __this_cpu_preempt_check+0x246/0x270 [ 187.772648][ T7907] ip6_finish_output+0x335/0xdc0 [ 187.780376][ T7907] ip6_output+0x235/0x7f0 [ 187.780395][ T7907] ? ip6_finish_output+0xdc0/0xdc0 [ 187.780412][ T7907] ? ip6_fragment+0x3980/0x3980 [ 187.780449][ T7907] ip6_xmit+0xe41/0x20c0 [ 187.780475][ T7907] ? ip6_finish_output2+0x2550/0x2550 [ 187.780492][ T7907] ? mark_held_locks+0xf0/0xf0 [ 187.780509][ T7907] ? ip6_setup_cork+0x1870/0x1870 [ 187.780534][ T7907] ? inet6_csk_route_socket+0x715/0xf40 [ 187.815147][ T7907] inet6_csk_xmit+0x2fb/0x5d0 [ 187.815167][ T7907] ? inet6_csk_update_pmtu+0x190/0x190 [ 187.815182][ T7907] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 187.815203][ T7907] ? csum_ipv6_magic+0x20/0x80 [ 187.815224][ T7907] __tcp_transmit_skb+0x1a32/0x3750 [ 187.815243][ T7907] ? __tcp_select_window+0x8b0/0x8b0 [ 187.815259][ T7907] ? mark_lock+0x1340/0x1380 [ 187.815271][ T7907] ? ktime_get+0x105/0x300 [ 187.815280][ T7907] ? tcp_mstamp_refresh+0x16/0xa0 [ 187.815290][ T7907] ? ktime_get+0x105/0x300 [ 187.840883][ T7907] __tcp_send_ack.part.0+0x3c6/0x5b0 [ 187.840905][ T7907] tcp_send_ack+0x88/0xa0 [ 187.840921][ T7907] __tcp_ack_snd_check+0x165/0x8d0 [ 187.840941][ T7907] tcp_rcv_established+0x175d/0x1fb0 [ 187.840964][ T7907] ? tcp_data_queue+0x4840/0x4840 [ 187.905974][ T7907] ? __local_bh_enable_ip+0x100/0x270 [ 187.911376][ T7907] ? _raw_spin_unlock_bh+0x31/0x40 [ 187.916520][ T7907] ? __local_bh_enable_ip+0x15a/0x270 [ 187.921910][ T7907] ? lockdep_hardirqs_on+0x418/0x5d0 [ 187.927217][ T7907] tcp_v6_do_rcv+0x421/0x12c0 [ 187.931922][ T7907] __release_sock+0x12e/0x3a0 [ 187.936634][ T7907] release_sock+0x59/0x1c0 [ 187.941080][ T7907] tcp_sendpage+0x4a/0x60 [ 187.945446][ T7907] ? tcp_sendpage_locked+0xd0/0xd0 [ 187.950576][ T7907] inet_sendpage+0x16b/0x630 [ 187.955190][ T7907] kernel_sendpage+0x95/0xf0 [ 187.959798][ T7907] ? inet_sendmsg+0x5e0/0x5e0 [ 187.964499][ T7907] sock_sendpage+0x8b/0xc0 [ 187.968935][ T7907] pipe_to_sendpage+0x299/0x370 [ 187.973816][ T7907] ? kernel_sendpage+0xf0/0xf0 22:14:32 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat$cachefiles(0xffffffffffffff9c, 0x0, 0x0, 0x0) getuid() [ 187.978593][ T7907] ? direct_splice_actor+0x1a0/0x1a0 [ 187.983889][ T7907] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 187.990154][ T7907] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 187.996258][ T7907] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 188.002524][ T7907] __splice_from_pipe+0x395/0x7d0 [ 188.007576][ T7907] ? direct_splice_actor+0x1a0/0x1a0 [ 188.012880][ T7907] ? direct_splice_actor+0x1a0/0x1a0 [ 188.018525][ T7907] splice_from_pipe+0x108/0x170 [ 188.023383][ T7907] ? splice_shrink_spd+0xd0/0xd0 [ 188.028355][ T7907] generic_splice_sendpage+0x3c/0x50 [ 188.033647][ T7907] ? splice_from_pipe+0x170/0x170 [ 188.038682][ T7907] direct_splice_actor+0x126/0x1a0 [ 188.043824][ T7907] splice_direct_to_actor+0x369/0x970 [ 188.049223][ T7907] ? generic_pipe_buf_nosteal+0x10/0x10 [ 188.054803][ T7907] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 188.061068][ T7907] ? do_splice_to+0x190/0x190 [ 188.065771][ T7907] ? rw_verify_area+0x118/0x360 [ 188.070653][ T7907] do_splice_direct+0x1da/0x2a0 [ 188.075606][ T7907] ? splice_direct_to_actor+0x970/0x970 22:14:32 executing program 5: r0 = syz_open_dev$sndpcmp(&(0x7f0000000800)='/dev/snd/pcmC#D#p\x00', 0x100000000, 0x80) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/rtc0\x00', 0x0, 0x0) r2 = syz_open_dev$mice(0x0, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @remote, 0xa}, 0x1c) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$alg(r2, &(0x7f0000000780)={0x26, 'hash\x00', 0x0, 0x0, 'wp256\x00'}, 0x58) r3 = socket(0xa, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000080)={0x100000011, @multicast2, 0x8800, 0x0, 'lblc\x00'}, 0x2c) semget$private(0x0, 0x3, 0x8) semctl$GETPID(0x0, 0x2, 0xb, 0x0) r4 = socket(0xa, 0x1, 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r4, 0x84, 0x1, &(0x7f0000000180)={0x0, 0x10001, 0x626, 0x8, 0x10046, 0x2}, &(0x7f00000001c0)=0xfffffffffffffec8) ioctl$TUNSETVNETBE(r0, 0x400454de, &(0x7f0000000240)) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r4, 0x84, 0x18, &(0x7f0000000200)={r5, 0x9}, 0x8) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000000)={0x11, @dev, 0x0, 0x0, 'lblcr\x00'}, 0x2c) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, 0x0, 0x0) ioctl$RTC_WKALM_SET(r0, 0x4028700f, 0x0) r6 = msgget(0x1, 0x664) getgroups(0x0, 0x0) geteuid() lstat(&(0x7f0000000540)='./file0\x00', &(0x7f00000005c0)) fcntl$getownex(r4, 0x10, &(0x7f00000004c0)) msgctl$IPC_STAT(r6, 0x2, &(0x7f00000000c0)=""/169) ioctl$NBD_SET_SOCK(r2, 0xab00, r4) sendmmsg(0xffffffffffffffff, &(0x7f0000005fc0), 0x0, 0x0) ioctl$RTC_WKALM_SET(r1, 0x4028700f, &(0x7f0000000400)={0x1, 0x0, {0x0, 0x0, 0x0, 0x12, 0x0, 0xff}}) syz_genetlink_get_family_id$tipc(&(0x7f0000000580)='TIPC\x00') getsockopt$inet6_buf(r4, 0x29, 0x32, &(0x7f0000000280)=""/64, &(0x7f00000002c0)=0x40) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvfrom$llc(r3, &(0x7f0000000300)=""/28, 0x1c, 0x101, &(0x7f0000000340)={0x1a, 0x305, 0x9bd, 0xec94, 0x1f, 0x6, @broadcast}, 0x10) [ 188.081169][ T7907] ? rw_verify_area+0x118/0x360 [ 188.086040][ T7907] do_sendfile+0x597/0xd00 [ 188.090655][ T7907] ? do_compat_pwritev64+0x1c0/0x1c0 [ 188.095969][ T7907] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 188.102228][ T7907] ? put_timespec64+0xda/0x140 [ 188.107019][ T7907] __x64_sys_sendfile64+0x1dd/0x220 [ 188.112228][ T7907] ? __ia32_sys_sendfile+0x230/0x230 [ 188.117516][ T7907] ? do_syscall_64+0x26/0x610 [ 188.117536][ T7907] ? lockdep_hardirqs_on+0x418/0x5d0 [ 188.117555][ T7907] ? trace_hardirqs_on+0x67/0x230 [ 188.117570][ T7907] do_syscall_64+0x103/0x610 [ 188.117589][ T7907] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 188.117601][ T7907] RIP: 0033:0x4582b9 [ 188.117615][ T7907] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 188.117622][ T7907] RSP: 002b:00007f2cb2d82c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 188.117635][ T7907] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 188.117642][ T7907] RDX: 0000000000000000 RSI: 000000000000000b RDI: 000000000000000a [ 188.117650][ T7907] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 188.117659][ T7907] R10: 00008000dffffffe R11: 0000000000000246 R12: 00007f2cb2d836d4 [ 188.117674][ T7907] R13: 00000000004c5227 R14: 00000000004d9368 R15: 00000000ffffffff [ 188.180787][ T7907] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7907 [ 188.225175][ T7907] caller is ip6_finish_output+0x335/0xdc0 [ 188.231100][ T7907] CPU: 0 PID: 7907 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 188.240134][ T7907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 188.250229][ T7907] Call Trace: [ 188.253563][ T7907] dump_stack+0x172/0x1f0 [ 188.257968][ T7907] __this_cpu_preempt_check+0x246/0x270 [ 188.263537][ T7907] ip6_finish_output+0x335/0xdc0 [ 188.268486][ T7907] ip6_output+0x235/0x7f0 [ 188.268502][ T7907] ? ip6_finish_output+0xdc0/0xdc0 [ 188.268518][ T7907] ? ip6_fragment+0x3980/0x3980 [ 188.268535][ T7907] ip6_xmit+0xe41/0x20c0 [ 188.268555][ T7907] ? ip6_finish_output2+0x2550/0x2550 [ 188.268573][ T7907] ? mark_held_locks+0xf0/0xf0 [ 188.268594][ T7907] ? ip6_setup_cork+0x1870/0x1870 [ 188.280099][ T7928] FAT-fs (loop1): bogus number of reserved sectors [ 188.283158][ T7907] inet6_csk_xmit+0x2fb/0x5d0 [ 188.283181][ T7907] ? inet6_csk_update_pmtu+0x190/0x190 [ 188.294178][ T7927] FAT-fs (loop2): bogus number of reserved sectors [ 188.297698][ T7907] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 188.297723][ T7907] ? csum_ipv6_magic+0x20/0x80 [ 188.297747][ T7907] __tcp_transmit_skb+0x1a32/0x3750 [ 188.297771][ T7907] ? __tcp_select_window+0x8b0/0x8b0 [ 188.347318][ T7907] ? lockdep_hardirqs_on+0x418/0x5d0 [ 188.352592][ T7907] ? trace_hardirqs_on+0x67/0x230 [ 188.357617][ T7907] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 188.363322][ T7907] tcp_write_xmit+0xe39/0x5660 [ 188.368078][ T7907] ? tcp_established_options+0x29d/0x4d0 [ 188.373706][ T7907] __tcp_push_pending_frames+0xb4/0x350 [ 188.379233][ T7907] tcp_rcv_established+0x1974/0x1fb0 [ 188.384592][ T7907] ? tcp_data_queue+0x4840/0x4840 [ 188.389617][ T7907] ? __local_bh_enable_ip+0x15a/0x270 [ 188.394970][ T7907] ? _raw_spin_unlock_bh+0x31/0x40 [ 188.400078][ T7907] ? __local_bh_enable_ip+0x15a/0x270 [ 188.405518][ T7907] ? lockdep_hardirqs_on+0x418/0x5d0 [ 188.411660][ T7907] tcp_v6_do_rcv+0x421/0x12c0 [ 188.416325][ T7907] __release_sock+0x12e/0x3a0 [ 188.420987][ T7907] release_sock+0x59/0x1c0 [ 188.425412][ T7907] tcp_sendpage+0x4a/0x60 [ 188.429725][ T7907] ? tcp_sendpage_locked+0xd0/0xd0 [ 188.434830][ T7907] inet_sendpage+0x16b/0x630 [ 188.439418][ T7907] kernel_sendpage+0x95/0xf0 [ 188.443989][ T7907] ? inet_sendmsg+0x5e0/0x5e0 [ 188.448651][ T7907] sock_sendpage+0x8b/0xc0 [ 188.453053][ T7907] pipe_to_sendpage+0x299/0x370 [ 188.457975][ T7907] ? kernel_sendpage+0xf0/0xf0 [ 188.462731][ T7907] ? direct_splice_actor+0x1a0/0x1a0 [ 188.468016][ T7907] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 188.474240][ T7907] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 188.480382][ T7907] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 188.486616][ T7907] __splice_from_pipe+0x395/0x7d0 [ 188.491621][ T7907] ? direct_splice_actor+0x1a0/0x1a0 [ 188.496896][ T7907] ? direct_splice_actor+0x1a0/0x1a0 [ 188.502166][ T7907] splice_from_pipe+0x108/0x170 [ 188.507090][ T7907] ? splice_shrink_spd+0xd0/0xd0 [ 188.512019][ T7907] generic_splice_sendpage+0x3c/0x50 [ 188.517283][ T7907] ? splice_from_pipe+0x170/0x170 [ 188.522289][ T7907] direct_splice_actor+0x126/0x1a0 [ 188.527404][ T7907] splice_direct_to_actor+0x369/0x970 [ 188.532758][ T7907] ? generic_pipe_buf_nosteal+0x10/0x10 [ 188.538306][ T7907] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 188.544539][ T7907] ? do_splice_to+0x190/0x190 [ 188.549204][ T7907] ? rw_verify_area+0x118/0x360 [ 188.554052][ T7907] do_splice_direct+0x1da/0x2a0 [ 188.558895][ T7907] ? splice_direct_to_actor+0x970/0x970 [ 188.564441][ T7907] ? rw_verify_area+0x118/0x360 [ 188.569365][ T7907] do_sendfile+0x597/0xd00 [ 188.573781][ T7907] ? do_compat_pwritev64+0x1c0/0x1c0 [ 188.579071][ T7907] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 188.585297][ T7907] ? put_timespec64+0xda/0x140 [ 188.590052][ T7907] __x64_sys_sendfile64+0x1dd/0x220 [ 188.595234][ T7907] ? __ia32_sys_sendfile+0x230/0x230 [ 188.600503][ T7907] ? do_syscall_64+0x26/0x610 [ 188.605168][ T7907] ? lockdep_hardirqs_on+0x418/0x5d0 [ 188.610438][ T7907] ? trace_hardirqs_on+0x67/0x230 [ 188.615452][ T7907] do_syscall_64+0x103/0x610 [ 188.620055][ T7907] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 188.625929][ T7907] RIP: 0033:0x4582b9 [ 188.629807][ T7907] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 188.649398][ T7907] RSP: 002b:00007f2cb2d82c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 188.657799][ T7907] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 188.665756][ T7907] RDX: 0000000000000000 RSI: 000000000000000b RDI: 000000000000000a [ 188.673724][ T7907] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 188.681681][ T7907] R10: 00008000dffffffe R11: 0000000000000246 R12: 00007f2cb2d836d4 [ 188.689638][ T7907] R13: 00000000004c5227 R14: 00000000004d9368 R15: 00000000ffffffff [ 188.700137][ T7927] FAT-fs (loop2): Can't find a valid FAT filesystem [ 188.706995][ T7928] FAT-fs (loop1): Can't find a valid FAT filesystem [ 188.715240][ T7944] rtc_cmos 00:00: Alarms can be up to one day in the future [ 188.755773][ T7907] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7907 [ 188.765326][ T7907] caller is ip6_finish_output+0x335/0xdc0 [ 188.771406][ T7907] CPU: 0 PID: 7907 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 188.780454][ T7907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 188.790523][ T7907] Call Trace: [ 188.793849][ T7907] dump_stack+0x172/0x1f0 [ 188.798214][ T7907] __this_cpu_preempt_check+0x246/0x270 [ 188.803788][ T7907] ip6_finish_output+0x335/0xdc0 [ 188.804823][ T7944] rtc_cmos 00:00: Alarms can be up to one day in the future [ 188.808755][ T7907] ip6_output+0x235/0x7f0 [ 188.808774][ T7907] ? ip6_finish_output+0xdc0/0xdc0 [ 188.808789][ T7907] ? ip6_fragment+0x3980/0x3980 [ 188.808807][ T7907] ip6_xmit+0xe41/0x20c0 [ 188.808828][ T7907] ? ip6_finish_output2+0x2550/0x2550 [ 188.808849][ T7907] ? mark_held_locks+0xf0/0xf0 [ 188.808870][ T7907] ? ip6_setup_cork+0x1870/0x1870 [ 188.808908][ T7907] inet6_csk_xmit+0x2fb/0x5d0 22:14:32 executing program 5: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000400)={0x0, 0x0, {0x0, 0x0, 0x0, 0x12, 0x0, 0xff}}) [ 188.808925][ T7907] ? inet6_csk_update_pmtu+0x190/0x190 [ 188.808941][ T7907] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 188.808968][ T7907] ? csum_ipv6_magic+0x20/0x80 [ 188.808994][ T7907] __tcp_transmit_skb+0x1a32/0x3750 [ 188.809021][ T7907] ? __tcp_select_window+0x8b0/0x8b0 [ 188.809034][ T7907] ? lockdep_hardirqs_on+0x418/0x5d0 [ 188.809051][ T7907] ? trace_hardirqs_on+0x67/0x230 [ 188.809069][ T7907] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 188.809086][ T7907] tcp_write_xmit+0xe39/0x5660 [ 188.809099][ T7907] ? tcp_established_options+0x29d/0x4d0 [ 188.809128][ T7907] __tcp_push_pending_frames+0xb4/0x350 [ 188.809147][ T7907] tcp_rcv_established+0x16fe/0x1fb0 [ 188.809167][ T7907] ? tcp_data_queue+0x4840/0x4840 [ 188.809185][ T7907] ? __local_bh_enable_ip+0x100/0x270 [ 188.809200][ T7907] ? _raw_spin_unlock_bh+0x31/0x40 [ 188.809219][ T7907] ? __local_bh_enable_ip+0x15a/0x270 [ 188.939910][ T7907] ? lockdep_hardirqs_on+0x418/0x5d0 [ 188.945222][ T7907] tcp_v6_do_rcv+0x421/0x12c0 [ 188.949918][ T7907] __release_sock+0x12e/0x3a0 [ 188.954603][ T7907] release_sock+0x59/0x1c0 [ 188.959034][ T7907] tcp_sendpage+0x4a/0x60 [ 188.963377][ T7907] ? tcp_sendpage_locked+0xd0/0xd0 [ 188.968513][ T7907] inet_sendpage+0x16b/0x630 [ 188.973111][ T7907] kernel_sendpage+0x95/0xf0 [ 188.977706][ T7907] ? inet_sendmsg+0x5e0/0x5e0 [ 188.982567][ T7907] sock_sendpage+0x8b/0xc0 [ 188.986999][ T7907] pipe_to_sendpage+0x299/0x370 [ 188.991859][ T7907] ? kernel_sendpage+0xf0/0xf0 [ 188.996631][ T7907] ? direct_splice_actor+0x1a0/0x1a0 [ 189.002030][ T7907] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 189.008280][ T7907] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 189.014362][ T7907] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 189.020616][ T7907] __splice_from_pipe+0x395/0x7d0 [ 189.025654][ T7907] ? direct_splice_actor+0x1a0/0x1a0 [ 189.030946][ T7907] ? direct_splice_actor+0x1a0/0x1a0 [ 189.036232][ T7907] splice_from_pipe+0x108/0x170 [ 189.041095][ T7907] ? splice_shrink_spd+0xd0/0xd0 [ 189.046056][ T7907] generic_splice_sendpage+0x3c/0x50 [ 189.051364][ T7907] ? splice_from_pipe+0x170/0x170 [ 189.056478][ T7907] direct_splice_actor+0x126/0x1a0 [ 189.061592][ T7907] splice_direct_to_actor+0x369/0x970 [ 189.066974][ T7907] ? generic_pipe_buf_nosteal+0x10/0x10 [ 189.072530][ T7907] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 189.078772][ T7907] ? do_splice_to+0x190/0x190 [ 189.083453][ T7907] ? rw_verify_area+0x118/0x360 [ 189.088319][ T7907] do_splice_direct+0x1da/0x2a0 [ 189.093286][ T7907] ? splice_direct_to_actor+0x970/0x970 [ 189.102230][ T7907] ? rw_verify_area+0x118/0x360 [ 189.107878][ T7907] do_sendfile+0x597/0xd00 [ 189.112500][ T7907] ? do_compat_pwritev64+0x1c0/0x1c0 [ 189.119984][ T7907] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 189.126236][ T7907] ? put_timespec64+0xda/0x140 [ 189.131037][ T7907] __x64_sys_sendfile64+0x1dd/0x220 [ 189.136266][ T7907] ? __ia32_sys_sendfile+0x230/0x230 [ 189.141578][ T7907] ? do_syscall_64+0x26/0x610 [ 189.146291][ T7907] ? lockdep_hardirqs_on+0x418/0x5d0 [ 189.151631][ T7907] ? trace_hardirqs_on+0x67/0x230 [ 189.156704][ T7907] do_syscall_64+0x103/0x610 [ 189.162804][ T7907] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 189.168712][ T7907] RIP: 0033:0x4582b9 [ 189.172628][ T7907] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 189.172638][ T7907] RSP: 002b:00007f2cb2d82c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 22:14:33 executing program 4: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x0, 0x0) 22:14:33 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) lstat(&(0x7f0000000240)='./file0\x00', 0x0) read$FUSE(r0, &(0x7f0000000480), 0x1000) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, 0x1, {0x7, 0x8}}, 0x50) [ 189.172653][ T7907] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 189.172661][ T7907] RDX: 0000000000000000 RSI: 000000000000000b RDI: 000000000000000a [ 189.172670][ T7907] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 189.172679][ T7907] R10: 00008000dffffffe R11: 0000000000000246 R12: 00007f2cb2d836d4 [ 189.172686][ T7907] R13: 00000000004c5227 R14: 00000000004d9368 R15: 00000000ffffffff 22:14:33 executing program 5: getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffff9c, 0x84, 0x71, 0x0, 0x0) ioctl$VIDIOC_SUBDEV_G_EDID(0xffffffffffffffff, 0xc0285628, &(0x7f0000000140)={0x0, 0x100000001, 0x7, [], 0x0}) ioctl$BLKDISCARD(0xffffffffffffffff, 0x1277, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x88, 0x67, 0x0, 0x0) setsockopt$inet_sctp_SCTP_HMAC_IDENT(0xffffffffffffffff, 0x84, 0x16, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sigaltstack(&(0x7f0000fff000/0x1000)=nil, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) remap_file_pages(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x1, 0x0, 0x1, 0x2000000000002) syz_open_dev$amidi(0x0, 0x0, 0x0) 22:14:33 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sysfs$2(0x2, 0x0, 0x0) 22:14:33 executing program 0: mlockall(0x3) clone(0x1080002, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit(0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x1) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x0) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0xed) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) 22:14:33 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/fib_triestat\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000237, 0x0) getresgid(&(0x7f0000000500), &(0x7f0000000540), &(0x7f0000000580)) 22:14:33 executing program 4: syz_mount_image$xfs(&(0x7f0000000000)='xfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x4001, &(0x7f00000005c0)={[{@biosize={'biosize'}}]}) 22:14:33 executing program 2: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='fdinfo/3\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000237, 0x0) getsockopt$IP6T_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x29, 0x45, 0x0, 0x0) [ 189.628992][ T7982] XFS (loop4): invalid log iosize: 255 [not 12-30] [ 189.687598][ T7982] XFS (loop4): invalid log iosize: 255 [not 12-30] 22:14:33 executing program 2: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='fdinfo/3\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000237, 0x0) getsockopt$IP6T_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x29, 0x45, 0x0, 0x0) 22:14:33 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/fib_triestat\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000237, 0x0) 22:14:34 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000700)={@ipv4={[], [], @empty}, @mcast1, @ipv4={[], [], @broadcast}, 0x0, 0x136}) 22:14:34 executing program 2: mlockall(0x1) fdatasync(0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) 22:14:34 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") getsockopt$sock_buf(r0, 0x1, 0x0, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, 0x0, 0x0) listen(0xffffffffffffffff, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20004004, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, 0x0, 0x0) accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000200)) accept4$x25(0xffffffffffffff9c, 0x0, &(0x7f0000000140), 0x80800) 22:14:34 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001480)=ANY=[@ANYBLOB='sys_immutable,nocase,nfs=nostale_ro,gid=', @ANYRESHEX=0x0]) [ 190.371911][ T8014] check_preemption_disabled: 61 callbacks suppressed [ 190.371925][ T8014] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/8014 [ 190.388167][ T8014] caller is ip6_finish_output+0x335/0xdc0 [ 190.393916][ T8014] CPU: 0 PID: 8014 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 190.402958][ T8014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 190.413045][ T8014] Call Trace: [ 190.416393][ T8014] dump_stack+0x172/0x1f0 [ 190.420763][ T8014] __this_cpu_preempt_check+0x246/0x270 [ 190.426434][ T8014] ip6_finish_output+0x335/0xdc0 [ 190.431408][ T8014] ip6_output+0x235/0x7f0 [ 190.435766][ T8014] ? ip6_finish_output+0xdc0/0xdc0 [ 190.440952][ T8014] ? ip6_fragment+0x3980/0x3980 [ 190.445829][ T8014] ip6_xmit+0xe41/0x20c0 [ 190.450105][ T8014] ? ip6_finish_output2+0x2550/0x2550 [ 190.455492][ T8014] ? mark_held_locks+0xf0/0xf0 [ 190.460295][ T8014] ? ip6_setup_cork+0x1870/0x1870 [ 190.465354][ T8014] inet6_csk_xmit+0x2fb/0x5d0 [ 190.470059][ T8014] ? inet6_csk_update_pmtu+0x190/0x190 [ 190.475539][ T8014] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 190.481813][ T8014] ? csum_ipv6_magic+0x20/0x80 [ 190.486618][ T8014] __tcp_transmit_skb+0x1a32/0x3750 [ 190.491852][ T8014] ? __tcp_select_window+0x8b0/0x8b0 [ 190.497185][ T8014] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 190.503464][ T8014] ? tcp_fastopen_no_cookie+0xe0/0x190 [ 190.509038][ T8014] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 190.515345][ T8014] tcp_connect+0x1e47/0x4280 [ 190.519976][ T8014] ? tcp_push_one+0x110/0x110 [ 190.524677][ T8014] ? secure_tcpv6_ts_off+0x24f/0x360 [ 190.530762][ T8014] ? secure_dccpv6_sequence_number+0x280/0x280 [ 190.536963][ T8014] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 190.543213][ T8014] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 190.549447][ T8014] ? prandom_u32_state+0x13/0x180 [ 190.554467][ T8014] tcp_v6_connect+0x150b/0x20a0 [ 190.559331][ T8014] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 190.564706][ T8014] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 190.569977][ T8014] ? __switch_to_asm+0x34/0x70 [ 190.574807][ T8014] ? __switch_to_asm+0x40/0x70 [ 190.579574][ T8014] ? find_held_lock+0x35/0x130 [ 190.584325][ T8014] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 190.589947][ T8014] __inet_stream_connect+0x83f/0xea0 [ 190.595225][ T8014] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 190.600516][ T8014] ? __inet_stream_connect+0x83f/0xea0 [ 190.605979][ T8014] ? inet_dgram_connect+0x2e0/0x2e0 [ 190.611170][ T8014] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 190.616529][ T8014] ? rcu_read_lock_sched_held+0x110/0x130 [ 190.622241][ T8014] ? kmem_cache_alloc_trace+0x354/0x760 [ 190.627788][ T8014] ? __lock_acquire+0x548/0x3fb0 [ 190.632729][ T8014] tcp_sendmsg_locked+0x231f/0x37f0 [ 190.637930][ T8014] ? mark_held_locks+0xf0/0xf0 [ 190.642687][ T8014] ? mark_held_locks+0xa4/0xf0 [ 190.647442][ T8014] ? tcp_sendpage+0x60/0x60 [ 190.651950][ T8014] ? lock_sock_nested+0x9a/0x120 [ 190.656885][ T8014] ? trace_hardirqs_on+0x67/0x230 [ 190.661901][ T8014] ? lock_sock_nested+0x9a/0x120 [ 190.666828][ T8014] ? __local_bh_enable_ip+0x15a/0x270 [ 190.672194][ T8014] tcp_sendmsg+0x30/0x50 [ 190.676436][ T8014] inet_sendmsg+0x147/0x5e0 [ 190.681015][ T8014] ? ipip_gro_receive+0x100/0x100 [ 190.686035][ T8014] sock_sendmsg+0xdd/0x130 [ 190.690447][ T8014] __sys_sendto+0x262/0x380 [ 190.694935][ T8014] ? __ia32_sys_getpeername+0xb0/0xb0 [ 190.700308][ T8014] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 190.706560][ T8014] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 190.712004][ T8014] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 190.717460][ T8014] ? do_syscall_64+0x26/0x610 [ 190.722133][ T8014] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 190.728190][ T8014] __x64_sys_sendto+0xe1/0x1a0 [ 190.732944][ T8014] do_syscall_64+0x103/0x610 [ 190.737524][ T8014] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 190.743402][ T8014] RIP: 0033:0x4582b9 [ 190.747287][ T8014] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 190.766876][ T8014] RSP: 002b:00007f2cb2dc4c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 190.775286][ T8014] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 190.783264][ T8014] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 190.791239][ T8014] RBP: 000000000073bf00 R08: 0000000020000040 R09: 000000000000001c [ 190.799233][ T8014] R10: 0000000020004004 R11: 0000000000000246 R12: 00007f2cb2dc56d4 [ 190.807198][ T8014] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 190.841304][ T8017] FAT-fs (loop1): bogus number of reserved sectors [ 190.852867][ T8017] FAT-fs (loop1): Can't find a valid FAT filesystem [ 190.923298][ T8014] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/8014 [ 190.933000][ T8014] caller is ip6_finish_output+0x335/0xdc0 [ 190.938852][ T8014] CPU: 1 PID: 8014 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 190.947887][ T8014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 190.957970][ T8014] Call Trace: [ 190.961292][ T8014] dump_stack+0x172/0x1f0 [ 190.965652][ T8014] __this_cpu_preempt_check+0x246/0x270 [ 190.971233][ T8014] ip6_finish_output+0x335/0xdc0 [ 190.976186][ T8014] ip6_output+0x235/0x7f0 [ 190.980541][ T8014] ? ip6_finish_output+0xdc0/0xdc0 [ 190.985673][ T8014] ? ip6_fragment+0x3980/0x3980 [ 190.990537][ T8014] ip6_xmit+0xe41/0x20c0 [ 190.994802][ T8014] ? ip6_finish_output2+0x2550/0x2550 [ 191.000179][ T8014] ? mark_held_locks+0xf0/0xf0 [ 191.004981][ T8014] ? ip6_setup_cork+0x1870/0x1870 [ 191.010025][ T8014] inet6_csk_xmit+0x2fb/0x5d0 [ 191.014710][ T8014] ? inet6_csk_update_pmtu+0x190/0x190 [ 191.020273][ T8014] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 191.026528][ T8014] ? csum_ipv6_magic+0x20/0x80 [ 191.031312][ T8014] __tcp_transmit_skb+0x1a32/0x3750 [ 191.036527][ T8014] ? __tcp_select_window+0x8b0/0x8b0 [ 191.041827][ T8014] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 191.048077][ T8014] ? tcp_fastopen_no_cookie+0xe0/0x190 [ 191.053541][ T8014] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 191.059799][ T8014] tcp_connect+0x1e47/0x4280 [ 191.064425][ T8014] ? tcp_push_one+0x110/0x110 [ 191.069118][ T8014] ? secure_tcpv6_ts_off+0x24f/0x360 [ 191.074415][ T8014] ? secure_dccpv6_sequence_number+0x280/0x280 [ 191.080618][ T8014] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 191.086883][ T8014] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 191.103237][ T8014] ? prandom_u32_state+0x13/0x180 [ 191.108316][ T8014] tcp_v6_connect+0x150b/0x20a0 [ 191.113181][ T8014] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 191.118626][ T8014] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 191.123917][ T8014] ? __switch_to_asm+0x34/0x70 [ 191.128685][ T8014] ? __switch_to_asm+0x40/0x70 [ 191.133469][ T8014] ? find_held_lock+0x35/0x130 [ 191.138351][ T8014] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 191.143995][ T8014] __inet_stream_connect+0x83f/0xea0 [ 191.149521][ T8014] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 191.154812][ T8014] ? __inet_stream_connect+0x83f/0xea0 [ 191.162082][ T8014] ? inet_dgram_connect+0x2e0/0x2e0 [ 191.167377][ T8014] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 191.172754][ T8014] ? rcu_read_lock_sched_held+0x110/0x130 [ 191.178484][ T8014] ? kmem_cache_alloc_trace+0x354/0x760 [ 191.184131][ T8014] ? __lock_acquire+0x548/0x3fb0 [ 191.189093][ T8014] tcp_sendmsg_locked+0x231f/0x37f0 [ 191.194319][ T8014] ? mark_held_locks+0xf0/0xf0 [ 191.199097][ T8014] ? mark_held_locks+0xa4/0xf0 [ 191.203955][ T8014] ? tcp_sendpage+0x60/0x60 [ 191.208463][ T8014] ? lock_sock_nested+0x9a/0x120 [ 191.213406][ T8014] ? trace_hardirqs_on+0x67/0x230 [ 191.218458][ T8014] ? lock_sock_nested+0x9a/0x120 [ 191.223410][ T8014] ? __local_bh_enable_ip+0x15a/0x270 [ 191.228818][ T8014] tcp_sendmsg+0x30/0x50 [ 191.233085][ T8014] inet_sendmsg+0x147/0x5e0 [ 191.237595][ T8014] ? ipip_gro_receive+0x100/0x100 [ 191.242635][ T8014] sock_sendmsg+0xdd/0x130 [ 191.247069][ T8014] __sys_sendto+0x262/0x380 [ 191.251606][ T8014] ? __ia32_sys_getpeername+0xb0/0xb0 [ 191.257013][ T8014] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 191.263275][ T8014] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 191.268762][ T8014] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 191.274286][ T8014] ? do_syscall_64+0x26/0x610 [ 191.278997][ T8014] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 191.285087][ T8014] __x64_sys_sendto+0xe1/0x1a0 [ 191.290311][ T8014] do_syscall_64+0x103/0x610 [ 191.294922][ T8014] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 191.300837][ T8014] RIP: 0033:0x4582b9 [ 191.304745][ T8014] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 191.327788][ T8014] RSP: 002b:00007f2cb2dc4c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 191.336281][ T8014] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 191.344286][ T8014] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 191.352293][ T8014] RBP: 000000000073bf00 R08: 0000000020000040 R09: 000000000000001c [ 191.360302][ T8014] R10: 0000000020004004 R11: 0000000000000246 R12: 00007f2cb2dc56d4 [ 191.368381][ T8014] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 191.606672][ T8027] FAT-fs (loop1): bogus number of reserved sectors [ 191.625295][ T8027] FAT-fs (loop1): Can't find a valid FAT filesystem 22:14:36 executing program 5: getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffff9c, 0x84, 0x71, 0x0, 0x0) ioctl$VIDIOC_SUBDEV_G_EDID(0xffffffffffffffff, 0xc0285628, &(0x7f0000000140)={0x0, 0x100000001, 0x7, [], 0x0}) ioctl$BLKDISCARD(0xffffffffffffffff, 0x1277, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x88, 0x67, 0x0, 0x0) setsockopt$inet_sctp_SCTP_HMAC_IDENT(0xffffffffffffffff, 0x84, 0x16, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sigaltstack(&(0x7f0000fff000/0x1000)=nil, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) remap_file_pages(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x1, 0x0, 0x1, 0x2000000000002) syz_open_dev$amidi(0x0, 0x0, 0x0) 22:14:36 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/fib_triestat\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000237, 0x0) 22:14:36 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, 0x0) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc\x00', 0x0, 0x0) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ioctl$RTC_AIE_OFF(r0, 0x7002) 22:14:36 executing program 1: r0 = creat(&(0x7f00000000c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x200000000000013, &(0x7f0000000080)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000100), 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) syz_execute_func(&(0x7f00000002c0)="410f01f964ff0941c3c4e2c99758423e46d8731266420fe2e33e0f1110c442019dcc6f") clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000180)=[@window={0x3, 0x0, 0x7f}, @sack_perm], 0x20000000000000d0) write$P9_RLCREATE(r2, &(0x7f0000000040)={0x18, 0xf, 0x0, {{0x40}, 0x7}}, 0x18) 22:14:36 executing program 2: mlockall(0x1) fdatasync(0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) 22:14:36 executing program 0: mlockall(0x3) clone(0x1080002, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit(0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x1) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x0) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0xed) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) 22:14:36 executing program 3: syz_open_dev$sndpcmp(&(0x7f0000000800)='/dev/snd/pcmC#D#p\x00', 0x0, 0x80) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/rtc0\x00', 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000780)={0x26, 'hash\x00', 0x0, 0x0, 'wp256\x00'}, 0x58) socket(0x0, 0x0, 0x0) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0) semctl$GETPID(0x0, 0x2, 0xb, 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000180)={0x0, 0x10001, 0x0, 0x8, 0x10046, 0x2}, 0x0) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000200)={r1}, 0x8) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, 0x0, 0x0) ioctl$RTC_WKALM_SET(0xffffffffffffffff, 0x4028700f, 0x0) msgget(0xffffffffffffffff, 0x664) getgroups(0x0, 0x0) geteuid() lstat(&(0x7f0000000540)='./file0\x00', 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000400)={0x0, 0x0, {0x0, 0x0, 0x0, 0x12, 0x0, 0xff}}) syz_genetlink_get_family_id$tipc(0x0) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f00000002c0)) recvfrom$llc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) 22:14:37 executing program 3: r0 = socket(0x8000000010, 0x2, 0x0) write(r0, &(0x7f0000000100)="fc0000001c005b05ab092506010007000cab087a0200000002006093210001c000000000000000000300000000039815fa2c1ec28656aaa79bb9d95662070000bc000c00f0036cdf0d11512fd633d440000000000720d3d5bbc91a3e2e80772c05dafd5a32e273fc83ab82d718f70cec18444ef90d475ef8b29d3ef3d92c83170e5bba4a463ae4f5df77bc4cb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd0734babc7c3f2eeb57d43dffe5f5aa1dd1890058a10000c880ac801fe4af3d0041f0d48f6f0000080548deac279cc4848e3825924509260e33429fbe11017d180703050efaddd3254395c500df0000000000000000", 0xfc) 22:14:37 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/fib_triestat\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000237, 0x0) [ 193.115252][ T8073] netlink: 'syz-executor.3': attribute type 12 has an invalid length. 22:14:37 executing program 3: r0 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x80000000005, 0x1000000000000001) ioctl$FS_IOC_FSGETXATTR(r0, 0x802c550a, &(0x7f0000000040)={0x8002, 0x0, 0x0, 0x740000, 0xfff7ffff7ff0bdbe}) 22:14:37 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x80001, 0x84) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10) sendmsg(r0, &(0x7f000001afc8)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)='*', 0x1}], 0x1}, 0x0) [ 193.467835][ T8083] vhci_hcd: invalid port number 255 22:14:37 executing program 5: getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffff9c, 0x84, 0x71, 0x0, 0x0) ioctl$VIDIOC_SUBDEV_G_EDID(0xffffffffffffffff, 0xc0285628, &(0x7f0000000140)={0x0, 0x100000001, 0x7, [], 0x0}) ioctl$BLKDISCARD(0xffffffffffffffff, 0x1277, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x88, 0x67, 0x0, 0x0) setsockopt$inet_sctp_SCTP_HMAC_IDENT(0xffffffffffffffff, 0x84, 0x16, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sigaltstack(&(0x7f0000fff000/0x1000)=nil, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) remap_file_pages(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x1, 0x0, 0x1, 0x2000000000002) syz_open_dev$amidi(0x0, 0x0, 0x0) [ 193.499394][ T8083] vhci_hcd: default hub control req: feff vffff i00ff l65535 22:14:37 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x80001, 0x84) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10) sendmsg(r0, &(0x7f000001afc8)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)='*', 0x1}], 0x1}, 0x0) 22:14:37 executing program 3: r0 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x80000000005, 0x1000000000000001) ioctl$FS_IOC_FSGETXATTR(r0, 0x802c550a, &(0x7f0000000040)={0x8002, 0x0, 0x0, 0x740000, 0xfff7ffff7ff0bdbe}) 22:14:37 executing program 1: mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) r0 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) lseek(r0, 0x0, 0x1) [ 193.686390][ T8091] vhci_hcd: invalid port number 255 [ 193.748087][ T8091] vhci_hcd: default hub control req: feff vffff i00ff l65535 22:14:37 executing program 3: r0 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x80000000005, 0x1000000000000001) ioctl$FS_IOC_FSGETXATTR(r0, 0x802c550a, &(0x7f0000000040)={0x8002, 0x0, 0x0, 0x740000, 0xfff7ffff7ff0bdbe}) 22:14:37 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg(r0, &(0x7f0000007e00), 0x26e, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r0, &(0x7f000000ac80), 0x400000000000302, 0x4008800) [ 193.957681][ T8102] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/8102 [ 193.967373][ T8102] caller is ip6_finish_output+0x335/0xdc0 [ 193.973132][ T8102] CPU: 1 PID: 8102 Comm: syz-executor.2 Not tainted 5.1.0-rc3-next-20190405 #19 [ 193.982161][ T8102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 193.992231][ T8102] Call Trace: [ 193.995572][ T8102] dump_stack+0x172/0x1f0 [ 193.999936][ T8102] __this_cpu_preempt_check+0x246/0x270 [ 194.005511][ T8102] ip6_finish_output+0x335/0xdc0 [ 194.010489][ T8102] ip6_output+0x235/0x7f0 [ 194.014835][ T8102] ? ip6_finish_output+0xdc0/0xdc0 [ 194.019963][ T8102] ? ip6_fragment+0x3980/0x3980 [ 194.024817][ T8102] ? ip_reply_glue_bits+0xc0/0xc0 [ 194.029846][ T8102] ip6_local_out+0xc4/0x1b0 [ 194.034352][ T8102] ip6_send_skb+0xbb/0x350 [ 194.038775][ T8102] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 194.044323][ T8102] ? __sanitizer_cov_trace_cmp1+0x10/0x20 [ 194.050065][ T8102] udpv6_sendmsg+0x21e3/0x28d0 [ 194.054847][ T8102] ? ip_reply_glue_bits+0xc0/0xc0 [ 194.059881][ T8102] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 194.065875][ T8102] ? aa_profile_af_perm+0x320/0x320 [ 194.071181][ T8102] ? __might_fault+0x12b/0x1e0 [ 194.075961][ T8102] ? find_held_lock+0x35/0x130 [ 194.080737][ T8102] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 194.087029][ T8102] ? rw_copy_check_uvector+0x2a6/0x330 [ 194.092533][ T8102] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 194.103734][ T8102] inet_sendmsg+0x147/0x5e0 [ 194.108288][ T8102] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 194.114273][ T8102] ? inet_sendmsg+0x147/0x5e0 [ 194.118972][ T8102] ? ipip_gro_receive+0x100/0x100 [ 194.123996][ T8102] sock_sendmsg+0xdd/0x130 [ 194.128854][ T8102] ___sys_sendmsg+0x3e2/0x930 [ 194.133518][ T8102] ? copy_msghdr_from_user+0x430/0x430 [ 194.138968][ T8102] ? lock_downgrade+0x880/0x880 [ 194.143799][ T8102] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.150032][ T8102] ? kasan_check_read+0x11/0x20 [ 194.154955][ T8102] ? __fget+0x381/0x550 [ 194.159098][ T8102] ? ksys_dup3+0x3e0/0x3e0 [ 194.163500][ T8102] ? __fget_light+0x1a9/0x230 [ 194.168167][ T8102] ? __fdget+0x1b/0x20 [ 194.172220][ T8102] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 194.178453][ T8102] ? sockfd_lookup_light+0xcb/0x180 [ 194.183637][ T8102] __sys_sendmmsg+0x1bf/0x4d0 [ 194.188310][ T8102] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 194.193325][ T8102] ? _copy_to_user+0xc9/0x120 [ 194.197989][ T8102] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 194.204306][ T8102] ? put_timespec64+0xda/0x140 [ 194.209058][ T8102] ? nsecs_to_jiffies+0x30/0x30 [ 194.213894][ T8102] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 194.219332][ T8102] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 194.224772][ T8102] ? do_syscall_64+0x26/0x610 [ 194.229444][ T8102] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.235488][ T8102] ? do_syscall_64+0x26/0x610 [ 194.240146][ T8102] __x64_sys_sendmmsg+0x9d/0x100 [ 194.245096][ T8102] do_syscall_64+0x103/0x610 [ 194.249670][ T8102] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.255542][ T8102] RIP: 0033:0x4582b9 [ 194.259418][ T8102] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 194.279091][ T8102] RSP: 002b:00007fdb3d2d6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 194.287579][ T8102] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 194.295534][ T8102] RDX: 000000000000026e RSI: 0000000020007e00 RDI: 0000000000000003 22:14:38 executing program 0: mlockall(0x3) clone(0x1080002, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit(0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x1) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x0) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0xed) 22:14:38 executing program 1: r0 = socket$kcm(0xa, 0x2, 0x11) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffff9c, 0x84, 0x71, 0x0, 0x0) ioctl$VIDIOC_SUBDEV_G_EDID(r1, 0xc0285628, &(0x7f0000000140)={0x0, 0x100000001, 0x7, [], 0x0}) ioctl$BLKDISCARD(0xffffffffffffffff, 0x1277, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f00000001c0)={0x7fff, 0x0, 0x8000, 0xf2, 0x0, 0x8001, 0x0, 0xfffffffffffffffb}, 0x0) setsockopt$sock_attach_bpf(r0, 0x88, 0x67, 0x0, 0x0) setsockopt$inet_sctp_SCTP_HMAC_IDENT(0xffffffffffffffff, 0x84, 0x16, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sigaltstack(&(0x7f0000fff000/0x1000)=nil, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x1, 0x0, 0x1, 0x2000000000002) [ 194.303488][ T8102] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 194.311454][ T8102] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdb3d2d76d4 [ 194.319406][ T8102] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 194.358649][ T8107] vhci_hcd: invalid port number 255 [ 194.367037][ T8107] vhci_hcd: default hub control req: feff vffff i00ff l65535