Warning: Permanently added '10.128.0.57' (ECDSA) to the list of known hosts. [ 41.771501] random: sshd: uninitialized urandom read (32 bytes read) 2019/09/17 12:11:47 fuzzer started [ 41.971092] audit: type=1400 audit(1568722307.499:36): avc: denied { map } for pid=7095 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 42.852774] random: cc1: uninitialized urandom read (8 bytes read) 2019/09/17 12:11:49 dialing manager at 10.128.0.105:35967 2019/09/17 12:11:49 syscalls: 2466 2019/09/17 12:11:49 code coverage: enabled 2019/09/17 12:11:49 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/09/17 12:11:49 extra coverage: extra coverage is not supported by the kernel 2019/09/17 12:11:49 setuid sandbox: enabled 2019/09/17 12:11:49 namespace sandbox: enabled 2019/09/17 12:11:49 Android sandbox: /sys/fs/selinux/policy does not exist 2019/09/17 12:11:49 fault injection: enabled 2019/09/17 12:11:49 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/09/17 12:11:49 net packet injection: enabled 2019/09/17 12:11:49 net device setup: enabled [ 44.875978] random: crng init done 12:12:49 executing program 5: perf_event_open(&(0x7f0000000780)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5801, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x80, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 12:12:49 executing program 0: semop(0x0, &(0x7f0000000000)=[{}], 0x1) r0 = semget$private(0x0, 0x207, 0x0) semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000040)) 12:12:49 executing program 3: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000240)='.^\x00', 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000140)='!', 0x1}], 0x1, 0x81805) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, 0x0, 0x24000000) 12:12:49 executing program 1: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000000)={0x0, 0x1, 0x6, @broadcast}, 0x10) 12:12:49 executing program 2: shmget$private(0x0, 0x4000, 0x49b691b53cc8b9ac, &(0x7f0000ffc000/0x4000)=nil) 12:12:49 executing program 4: getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000000100)) mlock(&(0x7f0000001000/0x4000)=nil, 0x4000) mlock(&(0x7f0000000000/0xe000)=nil, 0xe000) [ 103.710709] audit: type=1400 audit(1568722369.239:37): avc: denied { map } for pid=7095 comm="syz-fuzzer" path="/root/syzkaller-shm911103408" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 103.790149] audit: type=1400 audit(1568722369.249:38): avc: denied { map } for pid=7112 comm="syz-executor.5" path="/sys/kernel/debug/kcov" dev="debugfs" ino=1123 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 103.952100] IPVS: ftp: loaded support on port[0] = 21 [ 104.752234] IPVS: ftp: loaded support on port[0] = 21 [ 104.759121] chnl_net:caif_netlink_parms(): no params data found [ 104.817796] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.825001] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.832239] device bridge_slave_0 entered promiscuous mode [ 104.839372] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.845936] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.853130] device bridge_slave_1 entered promiscuous mode [ 104.853476] IPVS: ftp: loaded support on port[0] = 21 [ 104.876170] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 104.886200] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 104.909255] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 104.916966] team0: Port device team_slave_0 added [ 104.924576] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 104.931736] team0: Port device team_slave_1 added [ 104.939762] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 104.948705] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 105.042374] device hsr_slave_0 entered promiscuous mode [ 105.110388] device hsr_slave_1 entered promiscuous mode [ 105.164180] chnl_net:caif_netlink_parms(): no params data found [ 105.172738] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 105.188497] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 105.232373] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.238880] bridge0: port 2(bridge_slave_1) entered forwarding state [ 105.245940] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.246990] IPVS: ftp: loaded support on port[0] = 21 [ 105.252336] bridge0: port 1(bridge_slave_0) entered forwarding state [ 105.266533] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.274016] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.281336] device bridge_slave_0 entered promiscuous mode [ 105.295868] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.302906] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.311363] device bridge_slave_1 entered promiscuous mode [ 105.329904] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 105.351546] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 105.406946] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 105.415122] team0: Port device team_slave_0 added [ 105.422984] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 105.430098] team0: Port device team_slave_1 added [ 105.437480] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 105.445013] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 105.463441] chnl_net:caif_netlink_parms(): no params data found [ 105.481913] IPVS: ftp: loaded support on port[0] = 21 [ 105.522527] device hsr_slave_0 entered promiscuous mode [ 105.560380] device hsr_slave_1 entered promiscuous mode [ 105.628845] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 105.636694] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 105.699053] chnl_net:caif_netlink_parms(): no params data found [ 105.729102] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.736538] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.743502] device bridge_slave_0 entered promiscuous mode [ 105.760487] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 105.766662] 8021q: adding VLAN 0 to HW filter on device bond0 [ 105.780623] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.787484] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.794564] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 105.803461] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.809797] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.818745] device bridge_slave_1 entered promiscuous mode [ 105.838065] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 105.855337] IPVS: ftp: loaded support on port[0] = 21 [ 105.871477] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 105.881104] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 105.892535] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 105.899705] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.906455] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.913563] device bridge_slave_0 entered promiscuous mode [ 105.924959] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.932475] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.939342] device bridge_slave_1 entered promiscuous mode [ 105.967182] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 105.974862] team0: Port device team_slave_0 added [ 105.985322] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 105.998931] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 106.005087] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.013607] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 106.021044] team0: Port device team_slave_1 added [ 106.027160] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 106.037212] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 106.044432] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 106.088822] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 106.096235] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 106.104597] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 106.130528] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 106.153773] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 106.161769] team0: Port device team_slave_0 added [ 106.169157] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 106.176620] team0: Port device team_slave_1 added [ 106.183977] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 106.191789] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 106.199852] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 106.207668] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.214162] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.224128] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 106.283405] device hsr_slave_0 entered promiscuous mode [ 106.320455] device hsr_slave_1 entered promiscuous mode [ 106.360995] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 106.368472] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 106.376126] chnl_net:caif_netlink_parms(): no params data found [ 106.385598] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 106.393267] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 106.401630] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 106.409321] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.416090] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.425106] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 106.446675] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 106.493592] device hsr_slave_0 entered promiscuous mode [ 106.540429] device hsr_slave_1 entered promiscuous mode [ 106.580821] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 106.587948] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 106.624283] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 106.647073] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 106.659413] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.666846] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.674620] device bridge_slave_0 entered promiscuous mode [ 106.723162] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 106.733882] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 106.742205] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.748561] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.756949] device bridge_slave_1 entered promiscuous mode [ 106.776714] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 106.784533] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 106.792636] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 106.806247] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 106.815834] chnl_net:caif_netlink_parms(): no params data found [ 106.825691] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 106.835204] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 106.845173] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 106.867163] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 106.877270] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 106.885894] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 106.899401] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.914760] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 106.923090] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 106.932767] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 106.941166] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 106.948212] team0: Port device team_slave_0 added [ 106.958422] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 106.966450] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 106.974103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 106.983692] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 106.989701] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 107.004656] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 107.011796] team0: Port device team_slave_1 added [ 107.017343] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 107.035048] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 107.047471] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 107.059979] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 107.074322] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.081780] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.088758] device bridge_slave_0 entered promiscuous mode [ 107.099992] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.107992] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.114955] device bridge_slave_1 entered promiscuous mode [ 107.121452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 107.128459] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 107.137795] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 107.144375] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.202885] device hsr_slave_0 entered promiscuous mode [ 107.250543] device hsr_slave_1 entered promiscuous mode [ 107.303649] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 107.319070] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 107.327766] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.336987] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 107.348458] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 107.363716] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.373715] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 107.392144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 107.401713] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 107.409278] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.415797] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.423330] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 107.437175] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 107.446219] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 107.457788] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 107.465459] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 107.473071] team0: Port device team_slave_0 added [ 107.478175] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 107.486210] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 107.494250] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.500664] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.507493] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 107.514593] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 107.525021] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 107.536874] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 107.548189] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 107.554366] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.562431] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 107.569563] team0: Port device team_slave_1 added [ 107.576456] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.585289] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 107.592054] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 107.599728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 107.613682] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 107.625626] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 107.633202] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 107.641520] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 107.652549] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 107.660760] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 107.670930] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 107.688385] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 107.697998] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 107.705590] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 107.713843] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 107.721622] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 107.729803] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 107.737980] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.744388] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.760433] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 107.769653] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready 12:12:53 executing program 5: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 107.804681] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 107.824430] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 107.831665] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.844879] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 107.852351] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 107.860238] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 107.867966] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.874353] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.881676] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 107.889323] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 107.896510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 107.964359] device hsr_slave_0 entered promiscuous mode [ 108.000378] device hsr_slave_1 entered promiscuous mode [ 108.041163] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 108.049460] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 108.063924] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 108.076566] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'. 12:12:53 executing program 5: syz_emit_ethernet(0x3e, &(0x7f00000001c0)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "50a09c", 0x8, 0x0, 0x0, @remote, @local, {[], @udp={0x0, 0x0, 0x8}}}}}}, 0x0) 12:12:53 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x144802) ioctl$BLKSECDISCARD(r0, 0x127d, &(0x7f0000000280)) [ 108.086186] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 108.098542] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 108.113984] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 108.122391] syz-executor.5 (7153) used greatest stack depth: 24064 bytes left 12:12:53 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x144802) ioctl$BLKSECDISCARD(r0, 0x127d, &(0x7f0000000280)) [ 108.139168] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 108.148918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 108.162818] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 108.172122] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.182138] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 108.191502] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 108.209814] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 108.216515] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 108.225607] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 12:12:53 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x144802) ioctl$BLKSECDISCARD(r0, 0x127d, &(0x7f0000000280)) [ 108.237118] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 108.253620] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 108.263169] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 108.271730] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 108.284087] bridge0: port 1(bridge_slave_0) entered blocking state 12:12:53 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x144802) ioctl$BLKSECDISCARD(r0, 0x127d, &(0x7f0000000280)) [ 108.290489] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.291131] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 108.308990] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 108.319544] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 108.331940] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 108.347028] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 108.356367] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 108.368834] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 108.379406] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready 12:12:53 executing program 5: ioctl$BLKSECDISCARD(0xffffffffffffffff, 0x127d, &(0x7f0000000280)) [ 108.391968] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 108.407853] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 108.422784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 108.431557] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 108.439186] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.445581] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.457220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 108.465110] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 108.472523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 108.483554] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 108.495304] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 108.506760] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 108.514508] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 108.522022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 108.532242] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 108.540724] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 108.551630] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 108.557652] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 108.567039] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 108.574721] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 108.584227] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 108.598898] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 108.608774] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 108.616337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 108.626660] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 108.634800] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 108.642495] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 108.650640] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 108.658838] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 108.665097] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.674282] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 108.683284] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 108.700413] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 108.708322] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 108.716825] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.723396] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.731340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 108.738859] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 108.746763] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 108.762725] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 108.770421] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 108.778032] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 108.787493] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 108.795237] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 108.805818] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 108.815385] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 108.823437] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 108.832742] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.839080] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.848621] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 108.860733] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 108.882329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 108.896429] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 108.905531] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 108.916900] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 108.928728] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 108.941191] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 108.949764] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 108.966119] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 108.974590] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 108.982558] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 108.990516] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 108.998122] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 109.009472] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.023953] 8021q: adding VLAN 0 to HW filter on device bond0 [ 109.038455] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 109.046941] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 109.055685] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 109.065797] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 109.079754] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 109.098806] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 109.114845] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 109.123753] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 109.139483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 109.152530] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 109.168153] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 109.175368] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 109.184797] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 109.196649] 8021q: adding VLAN 0 to HW filter on device team0 [ 109.217154] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 109.228724] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 109.244520] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready 12:12:54 executing program 0: semop(0x0, &(0x7f0000000000)=[{}], 0x1) r0 = semget$private(0x0, 0x207, 0x0) semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000040)) [ 109.263535] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.269965] bridge0: port 1(bridge_slave_0) entered forwarding state [ 109.282490] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 109.292092] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 109.303616] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready 12:12:54 executing program 5: ioctl$BLKSECDISCARD(0xffffffffffffffff, 0x127d, &(0x7f0000000280)) [ 109.317926] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 109.328304] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 109.357228] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.363663] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.391028] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 109.400374] protocol 88fb is buggy, dev hsr_slave_0 [ 109.404552] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.405612] protocol 88fb is buggy, dev hsr_slave_1 [ 109.425732] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready 12:12:55 executing program 3: r0 = socket(0x10, 0x80003, 0x0) sendto(r0, &(0x7f0000000bc0)="120000001200e7ef007b0000f4afd7030a7c", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000080), 0x800000000000171, 0x40002122, 0x0) [ 109.450425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 109.458277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 109.479470] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 109.492689] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 109.503560] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 109.519768] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 109.527364] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 109.534700] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 109.542762] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 109.556655] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 109.564595] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 109.572603] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 109.586949] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 109.595666] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 109.609118] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 109.619517] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 109.626862] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 109.639197] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 109.653550] 8021q: adding VLAN 0 to HW filter on device batadv0 12:12:55 executing program 2: r0 = socket$inet_tcp(0x2, 0x3, 0x6) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x23) sendmmsg$inet(r0, &(0x7f0000000140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 12:12:56 executing program 4: getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000000100)) mlock(&(0x7f0000001000/0x4000)=nil, 0x4000) mlock(&(0x7f0000000000/0xe000)=nil, 0xe000) 12:12:56 executing program 5: ioctl$BLKSECDISCARD(0xffffffffffffffff, 0x127d, &(0x7f0000000280)) 12:12:56 executing program 1: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000000)={0x0, 0x1, 0x6, @broadcast}, 0x10) 12:12:56 executing program 0: futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x6, 0x0, 0x0, 0x0, 0x0) 12:12:56 executing program 3: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x144802) r1 = socket$inet(0x10, 0x3, 0x0) sendfile(r1, r0, 0x0, 0x7) 12:12:56 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) fadvise64(r0, 0x0, 0x0, 0x1) 12:12:56 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) fadvise64(r0, 0x0, 0x0, 0x1) 12:12:56 executing program 4: getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000000100)) mlock(&(0x7f0000001000/0x4000)=nil, 0x4000) mlock(&(0x7f0000000000/0xe000)=nil, 0xe000) 12:12:56 executing program 5: r0 = syz_open_dev$loop(0x0, 0x0, 0x144802) ioctl$BLKSECDISCARD(r0, 0x127d, &(0x7f0000000280)) 12:12:56 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x144802) ioctl$BLKSECDISCARD(r0, 0x127d, 0x0) 12:12:56 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffbfffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3800001, 0x5c831, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='stat\x00') 12:12:56 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) fadvise64(r0, 0x0, 0x0, 0x1) 12:12:56 executing program 1: perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 12:12:56 executing program 4: getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000000100)) mlock(&(0x7f0000001000/0x4000)=nil, 0x4000) mlock(&(0x7f0000000000/0xe000)=nil, 0xe000) 12:12:56 executing program 5: r0 = syz_open_dev$loop(0x0, 0x0, 0x144802) ioctl$BLKSECDISCARD(r0, 0x127d, &(0x7f0000000280)) [ 111.239592] audit: type=1400 audit(1568722376.759:39): avc: denied { map } for pid=7276 comm="syz-executor.3" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=26445 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:hugetlbfs_t:s0 tclass=file permissive=1 12:12:57 executing program 0: prlimit64(0x0, 0xb, &(0x7f0000000140), 0x0) timer_create(0x0, 0x0, 0x0) 12:12:57 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) fadvise64(r0, 0x0, 0x0, 0x1) 12:12:57 executing program 4: getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000000100)) mlock(&(0x7f0000000000/0xe000)=nil, 0xe000) 12:12:57 executing program 5: r0 = syz_open_dev$loop(0x0, 0x0, 0x144802) ioctl$BLKSECDISCARD(r0, 0x127d, &(0x7f0000000280)) 12:12:57 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x2d, &(0x7f0000000140)={0x0, {{0x2, 0x0, @multicast1}}}, 0x84) 12:12:57 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f00000000c0)="120000001600e70d017b00000000008e1584", 0x12, 0x0, 0x0, 0x0) 12:12:57 executing program 2: fadvise64(0xffffffffffffffff, 0x0, 0x0, 0x1) 12:12:57 executing program 1: futex(&(0x7f000000cffc), 0x0, 0x4, 0x0, 0x0, 0x0) 12:12:57 executing program 3: syz_emit_ethernet(0x7a, &(0x7f00000006c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6035266800442f00fe800000010000000000000000000004fe8000000000000000000000000000aa382088beffff00000000080000000000000088be0000000010000000015aff0000000000080022eb0000000020000000020000000000000000004cc3f2cb99fad649df5d000008006558000000000c87e39bc016d8a915e319c5153b45bb47e43ecdc067faf5eab1aa9123b691884c2233f422a775c078cd804f5c8c3b53bc4b22e4900dd18d28caca8edd52c4f3948cbf8b0d7e2883de483ed9cfa2439f6e97459b88cc9e39aaaf75c204ef81eb7c213fa61109000000000000007415fb5dec525a1f77a4ce427caa50d07dc28029024507b9cc31b8a017a6b912be0e90376c04ba000000773dfdc61510efda7e73116905b5cfe13ae03e99775bdb8b687e3605c7bf3e4b1f3934d6d2d24923f0f5e9da7ab1f72fdaa404006e66f22cae235c3b1b1d8e121d3b161db814cdc0a2fc6fd17eb788cb91f0b52e8044d6540621fb13d5df7ba62714f70bd41174495050d1b23e1f762651196ef6f68e390f641c73967e499d3cf519ad8a9181632946810cb35fd648b9770f6937723db54bfaca59d0151bfc9cdbad9c0caad439726303000000000000000b199a66c7c6488e6098d854b3b200b36fde5155e5dc726af4a20fef9ed6ced24d66946b42b39aa05b2b22ac2b4f9bee2f86da18b7c2d8852fa7b127e1c4e9945992788f818eb5f8e91c5a5ff2363e1900c6a1244c1d47f5489e4e9f5042ddcf0c95cde4f26f087ca84313cfeaa1b88bdc89ca4e9478349c"], &(0x7f00000000c0)) 12:12:57 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKSECDISCARD(r0, 0x127d, &(0x7f0000000280)) 12:12:57 executing program 2: fadvise64(0xffffffffffffffff, 0x0, 0x0, 0x1) 12:12:57 executing program 4: getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000000100)) mlock(&(0x7f0000000000/0xe000)=nil, 0xe000) 12:12:57 executing program 0: msgrcv(0x0, &(0x7f0000000200)=ANY=[], 0x0, 0x3, 0x1001) msgsnd(0x0, 0x0, 0x0, 0x0) 12:12:57 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x800000000000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000000300)) 12:12:57 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKSECDISCARD(r0, 0x127d, &(0x7f0000000280)) 12:12:57 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) recvmsg(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x2060) 12:12:57 executing program 2: fadvise64(0xffffffffffffffff, 0x0, 0x0, 0x1) 12:12:57 executing program 0: mknod$loop(&(0x7f0000000240)='./file0\x00', 0x0, 0xffffffffffffffff) chown(&(0x7f0000000080)='./file0\x00', 0xee01, 0x0) 12:12:57 executing program 2: r0 = syz_open_dev$loop(0x0, 0x0, 0x0) fadvise64(r0, 0x0, 0x0, 0x1) 12:12:57 executing program 4: getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000000100)) mlock(&(0x7f0000000000/0xe000)=nil, 0xe000) 12:12:57 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKSECDISCARD(r0, 0x127d, &(0x7f0000000280)) 12:12:57 executing program 2: r0 = syz_open_dev$loop(0x0, 0x0, 0x0) fadvise64(r0, 0x0, 0x0, 0x1) 12:12:57 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) recvmsg(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x2060) 12:12:57 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/rt_cache\x00') read(r0, &(0x7f0000000000)=""/17, 0xfffffcd6) 12:12:57 executing program 4: mlock(&(0x7f0000001000/0x4000)=nil, 0x4000) mlock(&(0x7f0000000000/0xe000)=nil, 0xe000) 12:12:57 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) recvmsg(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x2060) 12:12:57 executing program 2: r0 = syz_open_dev$loop(0x0, 0x0, 0x0) fadvise64(r0, 0x0, 0x0, 0x1) 12:12:57 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000000)={'mangle\x00'}, &(0x7f00000001c0)=0x54) 12:12:57 executing program 5: syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x144802) ioctl$BLKSECDISCARD(0xffffffffffffffff, 0x127d, &(0x7f0000000280)) 12:12:57 executing program 2: syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) fadvise64(0xffffffffffffffff, 0x0, 0x0, 0x1) 12:12:57 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) recvmsg(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x2060) 12:12:57 executing program 4: mlock(&(0x7f0000001000/0x4000)=nil, 0x4000) mlock(&(0x7f0000000000/0xe000)=nil, 0xe000) 12:12:57 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_GET_THP_DISABLE(0x2a) 12:12:57 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) 12:12:57 executing program 5: syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x144802) ioctl$BLKSECDISCARD(0xffffffffffffffff, 0x127d, &(0x7f0000000280)) 12:12:58 executing program 4: mlock(&(0x7f0000001000/0x4000)=nil, 0x4000) mlock(&(0x7f0000000000/0xe000)=nil, 0xe000) 12:12:58 executing program 2: syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) fadvise64(0xffffffffffffffff, 0x0, 0x0, 0x1) 12:12:58 executing program 3: recvmsg(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x2060) 12:12:58 executing program 4: getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) mlock(&(0x7f0000001000/0x4000)=nil, 0x4000) mlock(&(0x7f0000000000/0xe000)=nil, 0xe000) 12:12:58 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendto$inet(r1, &(0x7f00000000c0)="ec92", 0x2, 0x0, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) 12:12:58 executing program 2: syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) fadvise64(0xffffffffffffffff, 0x0, 0x0, 0x1) 12:12:58 executing program 5: syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x144802) ioctl$BLKSECDISCARD(0xffffffffffffffff, 0x127d, &(0x7f0000000280)) 12:12:58 executing program 1: r0 = socket$unix(0x1, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002cc0)=[{{0x0, 0xfffffffffffffe22, 0x0}}], 0x1ece87a4671555d, 0x42, 0x0) 12:12:58 executing program 3: recvmsg(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x2060) 12:12:58 executing program 4: getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) mlock(&(0x7f0000001000/0x4000)=nil, 0x4000) mlock(&(0x7f0000000000/0xe000)=nil, 0xe000) 12:12:58 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x144802) ioctl$BLKSECDISCARD(r0, 0x127d, 0x0) 12:12:58 executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f0000001300), 0x40000a2, 0x0, &(0x7f00000013c0)={0x0, 0x1c9c380}) 12:12:58 executing program 3: recvmsg(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x2060) 12:12:58 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) fadvise64(r0, 0x0, 0x0, 0x0) 12:12:58 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x144802) ioctl$BLKSECDISCARD(r0, 0x127d, 0x0) 12:12:58 executing program 4: getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) mlock(&(0x7f0000001000/0x4000)=nil, 0x4000) mlock(&(0x7f0000000000/0xe000)=nil, 0xe000) 12:12:58 executing program 0: r0 = socket$inet6_dccp(0xa, 0x6, 0x0) getsockopt$inet6_mreq(r0, 0x29, 0x3a, 0x0, &(0x7f0000000040)) 12:12:58 executing program 3: r0 = socket$inet(0x2, 0x0, 0x0) recvmsg(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x2060) 12:12:58 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x144802) ioctl$BLKSECDISCARD(r0, 0x127d, 0x0) 12:12:58 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) fadvise64(r0, 0x0, 0x0, 0x0) 12:12:58 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="11dca50d5e0bdfe47bf070") socket(0x8, 0x0, 0x0) 12:12:58 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000400)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(cast5)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="a5d7552003", 0x5) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000006cc0)=[{{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000840)=""/4096, 0x915}], 0x1}}], 0x5d, 0x0, 0x0) 12:12:58 executing program 5: r0 = socket$inet6_dccp(0xa, 0x6, 0x0) getsockopt$inet6_mreq(r0, 0x29, 0x33, 0x0, &(0x7f0000000040)) 12:12:58 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) fadvise64(r0, 0x0, 0x0, 0x0) 12:12:58 executing program 0: r0 = socket$inet6_dccp(0xa, 0x6, 0x0) getsockopt$inet6_mreq(r0, 0x29, 0x48, 0x0, &(0x7f0000000040)) 12:12:58 executing program 3: r0 = socket$inet(0x2, 0x0, 0x0) recvmsg(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x2060) 12:12:58 executing program 4: socket$inet_sctp(0x2, 0x0, 0x84) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x7c774aac) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) ioctl$FIGETBSZ(0xffffffffffffffff, 0x2, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) socket$inet6_sctp(0xa, 0x0, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, 0x0, 0x0) 12:12:58 executing program 5: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xb, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @loopback}}}, &(0x7f0000000240)=0x98) 12:12:58 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(serpent)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x306) 12:12:58 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="11dca50d5e0b38e47bf070") setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x5bc) setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) socket(0x0, 0x0, 0x0) sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) sendto$inet6(r2, 0x0, 0x0, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c) setsockopt$RDS_FREE_MR(0xffffffffffffffff, 0x114, 0x3, 0x0, 0x0) recvfrom$inet6(r2, &(0x7f00000001c0)=""/31, 0x10000021d, 0x100, &(0x7f0000000040), 0xfffffffffffffe67) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='nv\x00', 0xdfd8e18b4a1465b9) setsockopt$IP_VS_SO_SET_ZERO(0xffffffffffffffff, 0x0, 0x48f, 0x0, 0xffffffffffffff86) socketpair(0x0, 0x0, 0x0, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) sendmsg$TIPC_CMD_GET_REMOTE_MNG(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, 0x0) shutdown(r2, 0x1) r3 = accept4(r0, 0x0, 0x0, 0x0) sendto$inet6(r3, &(0x7f00000000c0), 0xfffffdda, 0x0, 0x0, 0x0) 12:12:58 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x400001000008912, &(0x7f0000000140)="11dca50d5e0bcfe47bf070") pread64(0xffffffffffffffff, 0x0, 0xffffffffffffff08, 0xfffffffffffffffe) 12:12:58 executing program 5: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xb, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @loopback}}}, &(0x7f0000000240)=0x98) 12:12:58 executing program 3: r0 = socket$inet(0x2, 0x0, 0x0) recvmsg(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x2060) 12:12:58 executing program 5: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xb, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @loopback}}}, &(0x7f0000000240)=0x98) 12:12:58 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x400001000008912, &(0x7f0000000140)="11dca50d5e0bcfe47bf070") pread64(0xffffffffffffffff, 0x0, 0xffffffffffffff08, 0xfffffffffffffffe) [ 113.309236] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 12:12:58 executing program 1: r0 = socket$inet6_dccp(0xa, 0x6, 0x0) getsockopt$inet6_mreq(r0, 0x29, 0x11, 0x0, &(0x7f0000000040)) 12:12:58 executing program 3: socket$inet(0x2, 0x4000000000000001, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x2060) 12:12:59 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") socket$netlink(0x9, 0x3, 0x0) [ 113.427912] audit: type=1400 audit(1568722378.949:40): avc: denied { create } for pid=7495 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 113.568680] audit: type=1400 audit(1568722378.949:41): avc: denied { write } for pid=7495 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 113.658959] audit: type=1400 audit(1568722379.049:42): avc: denied { read } for pid=7495 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 113.695170] kasan: CONFIG_KASAN_INLINE enabled [ 113.704537] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 113.712249] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 113.718637] Modules linked in: [ 113.721862] CPU: 0 PID: 7532 Comm: syz-executor.0 Not tainted 4.14.144 #0 [ 113.728981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 113.738354] task: ffff88806634c6c0 task.stack: ffff888066350000 [ 113.744424] RIP: 0010:tcp_push+0xe9/0x610 [ 113.748565] RSP: 0018:ffff888066357a48 EFLAGS: 00010202 [ 113.753924] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc9000807e000 [ 113.761189] RDX: 0000000000000007 RSI: ffffffff85231b30 RDI: 0000000000000038 [ 113.768452] RBP: ffff888066357a98 R08: ffff888076ad295c R09: ffff88806634cf60 [ 113.775810] R10: 0000000000000000 R11: 0000000000000000 R12: ffff888076ad20c0 [ 113.783076] R13: 0000000000000000 R14: ffff888076ad2954 R15: 0000000000000000 [ 113.789293] kasan: CONFIG_KASAN_INLINE enabled [ 113.790337] FS: 00007fe30abcc700(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000 [ 113.790342] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.790346] CR2: 0000000021000000 CR3: 00000000a7142000 CR4: 00000000001406f0 [ 113.790355] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 113.790359] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 113.790362] Call Trace: [ 113.790381] tcp_sendmsg_locked+0x2307/0x3200 [ 113.790396] ? tcp_sendpage+0x60/0x60 [ 113.794960] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 113.803277] ? trace_hardirqs_on_caller+0x400/0x590 [ 113.803284] ? trace_hardirqs_on+0xd/0x10 [ 113.803293] tcp_sendmsg+0x30/0x50 [ 113.803302] inet_sendmsg+0x122/0x500 [ 113.803312] ? inet_recvmsg+0x500/0x500 [ 113.869684] sock_sendmsg+0xce/0x110 [ 113.873384] SYSC_sendto+0x206/0x310 [ 113.877084] ? SYSC_connect+0x2d0/0x2d0 [ 113.881062] ? kasan_check_read+0x11/0x20 [ 113.885206] ? _copy_to_user+0x87/0xd0 [ 113.889077] ? put_timespec64+0xb4/0x100 [ 113.893123] ? nsecs_to_jiffies+0x30/0x30 [ 113.897391] ? SyS_clock_gettime+0xf8/0x180 [ 113.901708] SyS_sendto+0x40/0x50 [ 113.905165] ? SyS_getpeername+0x30/0x30 [ 113.909215] do_syscall_64+0x1e8/0x640 [ 113.913086] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 113.917914] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 113.923087] RIP: 0033:0x4598e9 [ 113.926257] RSP: 002b:00007fe30abcbc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 113.933944] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004598e9 [ 113.941208] RDX: 00000000fffffdda RSI: 00000000200000c0 RDI: 0000000000000008 [ 113.948558] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 113.955813] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe30abcc6d4 [ 113.963062] R13: 00000000004c7880 R14: 00000000004dd188 R15: 00000000ffffffff [ 113.970335] Code: 00 4d 8d 84 24 9c 08 00 00 4c 89 45 b8 e8 c0 c7 39 fc 48 8d 7b 38 4c 8b 45 b8 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 06 0f 8e 1e 04 00 00 48 b8 00 00 00 00 00 [ 113.989548] RIP: tcp_push+0xe9/0x610 RSP: ffff888066357a48 [ 113.995178] general protection fault: 0000 [#2] PREEMPT SMP KASAN [ 114.001414] Modules linked in: [ 114.001719] ---[ end trace 6d2171a57257d4ba ]--- [ 114.004607] CPU: 1 PID: 7520 Comm: syz-executor.4 Tainted: G D 4.14.144 #0 [ 114.004611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 114.004617] task: ffff8880a1dc6380 task.stack: ffff888066098000 [ 114.004631] RIP: 0010:rb_erase+0x29/0x1c10 [ 114.004638] RSP: 0018:ffff88806609f9d0 EFLAGS: 00010282 [ 114.011660] Kernel panic - not syncing: Fatal exception [ 114.047765] RAX: dffffc0000000000 RBX: ffff88808932e630 RCX: ffffc9000caa3000 [ 114.055016] RDX: 0000000000000001 RSI: ffffffff8924d940 RDI: 0000000000000008 [ 114.062289] RBP: ffff88806609fa18 R08: 0000000000000001 R09: 0000000000000000 [ 114.069546] R10: 0000000000000000 R11: ffff8880a1dc6380 R12: 0000000000000000 [ 114.076797] R13: ffff88808930a6f0 R14: 0000000000000000 R15: ffffffff867a3540 [ 114.084753] FS: 00007effa0625700(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000 [ 114.092959] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 114.098824] CR2: 000000002100003f CR3: 00000000a8429000 CR4: 00000000001406e0 [ 114.106091] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 114.113367] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 114.120624] Call Trace: [ 114.123211] integrity_inode_free+0x126/0x320 [ 114.127689] security_inode_free+0x19/0x90 [ 114.131911] __destroy_inode+0x1ef/0x4e0 [ 114.135954] destroy_inode+0x50/0x120 [ 114.139745] evict+0x3e6/0x630 [ 114.142923] iput+0x471/0x900 [ 114.146013] ? ext4_nfs_commit_metadata+0x2f0/0x2f0 [ 114.151014] ext4_ioctl+0x16b0/0x3920 [ 114.154798] ? avc_ss_reset+0x110/0x110 [ 114.158754] ? ext4_ioctl_check_immutable+0x1c0/0x1c0 [ 114.163935] ? trace_hardirqs_on+0x10/0x10 [ 114.168160] ? __might_fault+0x110/0x1d0 [ 114.172205] ? __might_sleep+0x93/0xb0 [ 114.176074] ? __fget+0x210/0x370 [ 114.179516] ? ext4_ioctl_check_immutable+0x1c0/0x1c0 [ 114.184689] do_vfs_ioctl+0x7ae/0x1060 [ 114.188563] ? selinux_file_mprotect+0x5d0/0x5d0 [ 114.193302] ? lock_downgrade+0x6e0/0x6e0 [ 114.197461] ? ioctl_preallocate+0x1c0/0x1c0 [ 114.201850] ? __fget+0x237/0x370 [ 114.205290] ? security_file_ioctl+0x89/0xb0 [ 114.209691] SyS_ioctl+0x8f/0xc0 [ 114.213040] ? do_vfs_ioctl+0x1060/0x1060 [ 114.217174] do_syscall_64+0x1e8/0x640 [ 114.221042] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 114.225958] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 114.231133] RIP: 0033:0x4598e9 [ 114.234306] RSP: 002b:00007effa0624c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 114.241997] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00000000004598e9 [ 114.249251] RDX: 0000000000000000 RSI: 0000000000006611 RDI: 0000000000000003 [ 114.256502] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 114.263762] R10: 0000000000000000 R11: 0000000000000246 R12: 00007effa06256d4 [ 114.271113] R13: 00000000004c1cdf R14: 00000000004d50e8 R15: 00000000ffffffff [ 114.278371] Code: 00 00 48 b8 00 00 00 00 00 fc ff df 55 48 89 e5 41 57 41 56 49 89 fe 48 83 c7 08 48 89 fa 41 55 48 c1 ea 03 41 54 53 48 83 ec 20 <80> 3c 02 00 0f 85 0c 11 00 00 49 8d 7e 10 4d 8b 7e 08 48 b8 00 [ 114.297522] RIP: rb_erase+0x29/0x1c10 RSP: ffff88806609f9d0 [ 114.304898] Kernel Offset: disabled [ 114.308541] Rebooting in 86400 seconds..