[ 65.119518][ T26] audit: type=1800 audit(1564571225.618:27): pid=9950 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 65.157668][ T26] audit: type=1800 audit(1564571225.618:28): pid=9950 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 66.006472][ T26] audit: type=1800 audit(1564571226.578:29): pid=9950 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 66.027510][ T26] audit: type=1800 audit(1564571226.578:30): pid=9950 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.62' (ECDSA) to the list of known hosts. 2019/07/31 11:07:17 fuzzer started 2019/07/31 11:07:21 dialing manager at 10.128.0.26:36235 2019/07/31 11:07:21 syscalls: 2484 2019/07/31 11:07:21 code coverage: enabled 2019/07/31 11:07:21 comparison tracing: enabled 2019/07/31 11:07:21 extra coverage: extra coverage is not supported by the kernel 2019/07/31 11:07:21 setuid sandbox: enabled 2019/07/31 11:07:21 namespace sandbox: enabled 2019/07/31 11:07:21 Android sandbox: /sys/fs/selinux/policy does not exist 2019/07/31 11:07:21 fault injection: enabled 2019/07/31 11:07:21 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/07/31 11:07:21 net packet injection: enabled 2019/07/31 11:07:21 net device setup: enabled 11:08:38 executing program 0: 11:08:38 executing program 1: syzkaller login: [ 158.359695][T10120] IPVS: ftp: loaded support on port[0] = 21 [ 158.474773][T10122] IPVS: ftp: loaded support on port[0] = 21 [ 158.533670][T10120] chnl_net:caif_netlink_parms(): no params data found 11:08:39 executing program 2: [ 158.594046][T10120] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.604935][T10120] bridge0: port 1(bridge_slave_0) entered disabled state [ 158.613289][T10120] device bridge_slave_0 entered promiscuous mode [ 158.654921][T10120] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.676473][T10120] bridge0: port 2(bridge_slave_1) entered disabled state [ 158.684340][T10120] device bridge_slave_1 entered promiscuous mode [ 158.727687][T10120] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 158.737743][T10122] chnl_net:caif_netlink_parms(): no params data found [ 158.748770][T10120] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 158.776514][T10126] IPVS: ftp: loaded support on port[0] = 21 11:08:39 executing program 3: [ 158.808118][T10120] team0: Port device team_slave_0 added [ 158.815057][T10120] team0: Port device team_slave_1 added [ 158.824519][T10122] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.832756][T10122] bridge0: port 1(bridge_slave_0) entered disabled state [ 158.841811][T10122] device bridge_slave_0 entered promiscuous mode [ 158.874215][T10122] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.884015][T10122] bridge0: port 2(bridge_slave_1) entered disabled state [ 158.892343][T10122] device bridge_slave_1 entered promiscuous mode [ 158.939246][T10120] device hsr_slave_0 entered promiscuous mode 11:08:39 executing program 4: [ 159.006232][T10120] device hsr_slave_1 entered promiscuous mode [ 159.095240][T10122] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 159.127633][T10122] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 159.184292][T10128] IPVS: ftp: loaded support on port[0] = 21 [ 159.194613][T10130] IPVS: ftp: loaded support on port[0] = 21 [ 159.206193][T10122] team0: Port device team_slave_0 added [ 159.219674][T10120] bridge0: port 2(bridge_slave_1) entered blocking state [ 159.226827][T10120] bridge0: port 2(bridge_slave_1) entered forwarding state 11:08:39 executing program 5: [ 159.234299][T10120] bridge0: port 1(bridge_slave_0) entered blocking state [ 159.241427][T10120] bridge0: port 1(bridge_slave_0) entered forwarding state [ 159.262649][T10122] team0: Port device team_slave_1 added [ 159.417866][T10122] device hsr_slave_0 entered promiscuous mode [ 159.486151][T10122] device hsr_slave_1 entered promiscuous mode [ 159.536019][T10122] debugfs: Directory 'hsr0' with parent '/' already present! [ 159.548354][ T2828] bridge0: port 1(bridge_slave_0) entered disabled state [ 159.566288][ T2828] bridge0: port 2(bridge_slave_1) entered disabled state [ 159.611823][T10126] chnl_net:caif_netlink_parms(): no params data found [ 159.640071][T10133] IPVS: ftp: loaded support on port[0] = 21 [ 159.699610][T10120] 8021q: adding VLAN 0 to HW filter on device bond0 [ 159.734670][T10126] bridge0: port 1(bridge_slave_0) entered blocking state [ 159.742190][T10126] bridge0: port 1(bridge_slave_0) entered disabled state [ 159.749855][T10126] device bridge_slave_0 entered promiscuous mode [ 159.757748][T10126] bridge0: port 2(bridge_slave_1) entered blocking state [ 159.764910][T10126] bridge0: port 2(bridge_slave_1) entered disabled state [ 159.772574][T10126] device bridge_slave_1 entered promiscuous mode [ 159.803230][T10134] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 159.810957][T10134] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 159.828907][T10128] chnl_net:caif_netlink_parms(): no params data found [ 159.853019][T10120] 8021q: adding VLAN 0 to HW filter on device team0 [ 159.861366][T10126] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 159.874235][T10126] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 159.922042][T10128] bridge0: port 1(bridge_slave_0) entered blocking state [ 159.929675][T10128] bridge0: port 1(bridge_slave_0) entered disabled state [ 159.938111][T10128] device bridge_slave_0 entered promiscuous mode [ 159.945177][T10130] chnl_net:caif_netlink_parms(): no params data found [ 159.962629][T10120] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 159.973497][T10120] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 159.984977][T10134] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 159.993499][T10134] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 160.002695][T10134] bridge0: port 1(bridge_slave_0) entered blocking state [ 160.009775][T10134] bridge0: port 1(bridge_slave_0) entered forwarding state [ 160.017576][T10134] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 160.026096][T10134] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 160.034499][T10134] bridge0: port 2(bridge_slave_1) entered blocking state [ 160.041658][T10134] bridge0: port 2(bridge_slave_1) entered forwarding state [ 160.049168][T10134] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 160.057880][T10134] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 160.066632][T10134] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 160.075223][T10134] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 160.083635][T10134] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 160.091954][T10134] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 160.100500][T10134] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 160.109250][T10134] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 160.117962][T10134] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 160.126844][T10134] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 160.135331][T10134] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 160.143302][T10134] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 160.155663][T10128] bridge0: port 2(bridge_slave_1) entered blocking state [ 160.163340][T10128] bridge0: port 2(bridge_slave_1) entered disabled state [ 160.171097][T10128] device bridge_slave_1 entered promiscuous mode [ 160.196162][T10128] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 160.210427][T10126] team0: Port device team_slave_0 added [ 160.230323][T10128] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 160.250907][T10126] team0: Port device team_slave_1 added [ 160.316801][T10128] team0: Port device team_slave_0 added [ 160.367846][T10126] device hsr_slave_0 entered promiscuous mode [ 160.406207][T10126] device hsr_slave_1 entered promiscuous mode [ 160.446137][T10126] debugfs: Directory 'hsr0' with parent '/' already present! [ 160.464612][T10130] bridge0: port 1(bridge_slave_0) entered blocking state [ 160.472505][T10130] bridge0: port 1(bridge_slave_0) entered disabled state [ 160.480375][T10130] device bridge_slave_0 entered promiscuous mode [ 160.489628][T10130] bridge0: port 2(bridge_slave_1) entered blocking state [ 160.496783][T10130] bridge0: port 2(bridge_slave_1) entered disabled state [ 160.504652][T10130] device bridge_slave_1 entered promiscuous mode [ 160.512882][T10128] team0: Port device team_slave_1 added [ 160.531868][T10120] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 160.557553][T10130] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 160.617578][T10128] device hsr_slave_0 entered promiscuous mode [ 160.656281][T10128] device hsr_slave_1 entered promiscuous mode [ 160.696018][T10128] debugfs: Directory 'hsr0' with parent '/' already present! [ 160.706496][T10122] 8021q: adding VLAN 0 to HW filter on device bond0 [ 160.720963][T10130] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 160.748475][T10133] chnl_net:caif_netlink_parms(): no params data found [ 160.771663][T10130] team0: Port device team_slave_0 added [ 160.779298][T10130] team0: Port device team_slave_1 added [ 160.793614][T10122] 8021q: adding VLAN 0 to HW filter on device team0 [ 160.831055][T10133] bridge0: port 1(bridge_slave_0) entered blocking state [ 160.838508][T10133] bridge0: port 1(bridge_slave_0) entered disabled state [ 160.846717][T10133] device bridge_slave_0 entered promiscuous mode [ 160.854072][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 160.862131][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 160.869782][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 160.879452][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 160.888171][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 160.895382][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 160.903094][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 160.911884][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 160.920480][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 160.927575][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 160.935784][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 160.960822][T10133] bridge0: port 2(bridge_slave_1) entered blocking state [ 160.967977][T10133] bridge0: port 2(bridge_slave_1) entered disabled state [ 160.975555][T10133] device bridge_slave_1 entered promiscuous mode 11:08:41 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000000c0)) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8007ffc) fallocate(r2, 0x3, 0x0, 0x8000fff6) [ 160.995183][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 161.011659][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 161.031387][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 161.048579][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 161.057312][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 161.066104][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 161.074468][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 161.107720][T10128] 8021q: adding VLAN 0 to HW filter on device bond0 [ 161.116687][T10133] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 161.168673][T10130] device hsr_slave_0 entered promiscuous mode [ 161.216245][T10130] device hsr_slave_1 entered promiscuous mode [ 161.256042][T10130] debugfs: Directory 'hsr0' with parent '/' already present! [ 161.273168][T10128] 8021q: adding VLAN 0 to HW filter on device team0 [ 161.284773][T10133] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 11:08:41 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) sendto$inet6(r0, 0x0, 0x3b1, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1, 0xffffffffffffffff}, 0x1c) [ 161.321592][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 161.329766][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 161.338082][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 161.346642][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready 11:08:41 executing program 0: msgctl$IPC_STAT(0x0, 0x2, &(0x7f0000000040)=""/116) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)) syz_open_dev$adsp(0x0, 0x1, 0x40000) openat$fuse(0xffffffffffffff9c, &(0x7f0000000200)='/dev/fuse\x00', 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) write$FUSE_NOTIFY_INVAL_INODE(r0, 0x0, 0x4d165f2f4ff1a34b) r1 = getpid() sched_setscheduler(r1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x182) mknodat(0xffffffffffffffff, 0x0, 0x200, 0x0) r3 = memfd_create(&(0x7f00000003c0)='-bdevlo\x00', 0x1) ftruncate(r3, 0x321) r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x2, 0x0) ioctl$PIO_FONTRESET(r4, 0x4b6d, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/qat_adf_ctl\x00', 0x800, 0x0) ioctl$LOOP_CHANGE_FD(r2, 0x4c00, r3) sendfile(r2, r3, 0x0, 0x2000005) dup2(r3, r2) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x4) [ 161.380545][T10126] 8021q: adding VLAN 0 to HW filter on device bond0 [ 161.393227][T10122] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 161.409420][T10122] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 161.421428][T10133] team0: Port device team_slave_0 added [ 161.438505][T10133] team0: Port device team_slave_1 added [ 161.445601][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 161.455610][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 161.464911][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 161.472619][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 161.480643][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 161.489244][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 161.514799][T10126] 8021q: adding VLAN 0 to HW filter on device team0 [ 161.545412][T10134] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 161.555921][T10134] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 161.564424][T10134] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 161.574041][T10134] bridge0: port 2(bridge_slave_1) entered blocking state [ 161.581216][T10134] bridge0: port 2(bridge_slave_1) entered forwarding state [ 161.589307][T10134] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 161.598387][T10134] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 161.607025][T10134] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 161.615394][T10134] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 161.623768][T10134] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 161.632533][T10134] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 11:08:42 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) listen(r1, 0x0) sendto$inet6(r0, 0x0, 0xfffffffffffffe32, 0x20004004, &(0x7f0000000040)={0xa, 0x20004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000000)='tls\x00', 0xc498ead121f97dd6) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100)=@gcm_128={{0x303}, "d44eb8c7308ec7c4", "442065238929350ade91900b51fc9534", "6bdda720", "7ee51430da3f51b3"}, 0x28) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='gre0\x00', 0x10) lgetxattr(&(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000380)=""/41, 0x29) sendto$inet6(r0, &(0x7f00000005c0), 0xffffffffffffffc1, 0x0, 0x0, 0x1201000000003618) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x40031, 0xffffffffffffffff, 0x0) [ 161.641157][T10134] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 161.649146][T10134] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 161.658006][T10134] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 161.708098][T10133] device hsr_slave_0 entered promiscuous mode [ 161.756214][T10133] device hsr_slave_1 entered promiscuous mode [ 161.765428][ C0] hrtimer: interrupt took 24294 ns [ 161.781987][ C0] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 161.798836][T10133] debugfs: Directory 'hsr0' with parent '/' already present! [ 161.809039][ T2828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 161.817923][ T2828] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 161.826314][ T2828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 161.834824][ T2828] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 11:08:42 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) listen(r1, 0x0) sendto$inet6(r0, 0x0, 0xfffffffffffffe32, 0x20004004, &(0x7f0000000040)={0xa, 0x20004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000000)='tls\x00', 0xc498ead121f97dd6) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100)=@gcm_128={{0x303}, "d44eb8c7308ec7c4", "442065238929350ade91900b51fc9534", "6bdda720", "7ee51430da3f51b3"}, 0x28) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='gre0\x00', 0x10) lgetxattr(&(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000380)=""/41, 0x29) sendto$inet6(r0, &(0x7f00000005c0), 0xffffffffffffffc1, 0x0, 0x0, 0x1201000000003618) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x40031, 0xffffffffffffffff, 0x0) [ 161.861407][T10128] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 161.880312][T10122] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 161.888830][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 161.897889][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 161.931162][ T3486] bridge0: port 1(bridge_slave_0) entered blocking state [ 161.938384][ T3486] bridge0: port 1(bridge_slave_0) entered forwarding state [ 161.948374][ C0] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 161.953462][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 161.971511][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 161.980343][ T3486] bridge0: port 2(bridge_slave_1) entered blocking state [ 161.987437][ T3486] bridge0: port 2(bridge_slave_1) entered forwarding state [ 161.996531][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 162.005164][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 11:08:42 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) listen(r1, 0x0) sendto$inet6(r0, 0x0, 0xfffffffffffffe32, 0x20004004, &(0x7f0000000040)={0xa, 0x20004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000000)='tls\x00', 0xc498ead121f97dd6) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100)=@gcm_128={{0x303}, "d44eb8c7308ec7c4", "442065238929350ade91900b51fc9534", "6bdda720", "7ee51430da3f51b3"}, 0x28) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='gre0\x00', 0x10) lgetxattr(&(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000380)=""/41, 0x29) sendto$inet6(r0, &(0x7f00000005c0), 0xffffffffffffffc1, 0x0, 0x0, 0x1201000000003618) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x40031, 0xffffffffffffffff, 0x0) [ 162.045521][T10128] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 162.057172][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 162.065208][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 162.087037][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 162.117269][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 162.128599][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 162.140661][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 162.149486][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 162.166805][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 162.175192][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 162.183845][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 162.195743][T10126] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 162.210538][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 162.225741][T10130] 8021q: adding VLAN 0 to HW filter on device bond0 [ 162.241867][T10126] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 162.264964][T10130] 8021q: adding VLAN 0 to HW filter on device team0 [ 162.280159][T10134] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 162.289635][T10134] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 162.323951][ T2828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 162.333174][ T2828] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 162.342480][ T2828] bridge0: port 1(bridge_slave_0) entered blocking state [ 162.349708][ T2828] bridge0: port 1(bridge_slave_0) entered forwarding state 11:08:42 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) listen(r1, 0x0) sendto$inet6(r0, 0x0, 0xfffffffffffffe32, 0x20004004, &(0x7f0000000040)={0xa, 0x20004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000000)='tls\x00', 0xc498ead121f97dd6) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100)=@gcm_128={{0x303}, "d44eb8c7308ec7c4", "442065238929350ade91900b51fc9534", "6bdda720", "7ee51430da3f51b3"}, 0x28) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='gre0\x00', 0x10) lgetxattr(&(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000380)=""/41, 0x29) sendto$inet6(r0, &(0x7f00000005c0), 0xffffffffffffffc1, 0x0, 0x0, 0x1201000000003618) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x40031, 0xffffffffffffffff, 0x0) 11:08:42 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) listen(r1, 0x0) sendto$inet6(r0, 0x0, 0xfffffffffffffe32, 0x20004004, &(0x7f0000000040)={0xa, 0x20004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000000)='tls\x00', 0xc498ead121f97dd6) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100)=@gcm_128={{0x303}, "d44eb8c7308ec7c4", "442065238929350ade91900b51fc9534", "6bdda720", "7ee51430da3f51b3"}, 0x28) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='gre0\x00', 0x10) lgetxattr(&(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000380)=""/41, 0x29) sendto$inet6(r0, &(0x7f00000005c0), 0xffffffffffffffc1, 0x0, 0x0, 0x1201000000003618) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x40031, 0xffffffffffffffff, 0x0) [ 162.401862][ T2828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 162.411195][ T2828] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 162.434870][ T2828] bridge0: port 2(bridge_slave_1) entered blocking state [ 162.442084][ T2828] bridge0: port 2(bridge_slave_1) entered forwarding state [ 162.447857][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 162.464955][ T2828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 162.468433][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 162.476894][ T2828] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 162.510952][ T2828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 162.520117][ T2828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 162.533459][ T2828] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 162.542197][ T2828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 162.554263][ T2828] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 162.564044][ T2828] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 162.579774][T10130] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network 11:08:43 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) listen(r1, 0x0) sendto$inet6(r0, 0x0, 0xfffffffffffffe32, 0x20004004, &(0x7f0000000040)={0xa, 0x20004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000000)='tls\x00', 0xc498ead121f97dd6) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100)=@gcm_128={{0x303}, "d44eb8c7308ec7c4", "442065238929350ade91900b51fc9534", "6bdda720", "7ee51430da3f51b3"}, 0x28) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='gre0\x00', 0x10) lgetxattr(&(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000380)=""/41, 0x29) sendto$inet6(r0, &(0x7f00000005c0), 0xffffffffffffffc1, 0x0, 0x0, 0x1201000000003618) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x40031, 0xffffffffffffffff, 0x0) [ 162.616128][T10130] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 162.633480][T10133] 8021q: adding VLAN 0 to HW filter on device bond0 [ 162.643331][ T2828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 162.654826][ T2828] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 162.663332][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 162.666556][ T2828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 162.686709][ T2828] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 162.710362][T10130] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 162.723993][T10133] 8021q: adding VLAN 0 to HW filter on device team0 [ 162.736417][ T2828] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 162.743880][ T2828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 162.755296][ T2828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 162.770185][ T2828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 162.778899][ T2828] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 162.787766][ T2828] bridge0: port 1(bridge_slave_0) entered blocking state [ 162.794801][ T2828] bridge0: port 1(bridge_slave_0) entered forwarding state [ 162.803905][ T2828] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 162.812137][ T2828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 162.820790][ T2828] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 162.829669][ T2828] bridge0: port 2(bridge_slave_1) entered blocking state [ 162.836756][ T2828] bridge0: port 2(bridge_slave_1) entered forwarding state [ 162.856437][T10134] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 162.865417][T10134] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 162.877588][T10134] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 162.886295][T10134] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 162.894580][T10134] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 162.903974][T10134] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 162.912701][T10134] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 162.921329][T10134] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 162.932361][T10133] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 162.943766][T10133] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 162.949284][T10182] kasan: CONFIG_KASAN_INLINE enabled [ 162.960312][T10182] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 162.968453][ T2828] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 162.969099][ T2828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 162.978913][T10182] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 162.987128][ T2828] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 162.990486][T10182] CPU: 1 PID: 10182 Comm: syz-executor.0 Not tainted 5.3.0-rc2-next-20190731 #56 [ 162.990495][T10182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 162.990518][T10182] RIP: 0010:tls_trim_both_msgs+0x54/0x130 [ 162.990539][T10182] Code: 48 c1 ea 03 80 3c 02 00 0f 85 e3 00 00 00 4d 8b b5 b0 06 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d 7e 28 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 b3 00 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b [ 163.031215][T10133] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 163.042634][T10182] RSP: 0018:ffff888064cf7ac0 EFLAGS: 00010206 [ 163.042647][T10182] RAX: dffffc0000000000 RBX: ffff88809730d280 RCX: ffffc90005f4d000 [ 163.042655][T10182] RDX: 0000000000000005 RSI: ffffffff862e0d96 RDI: 0000000000000028 [ 163.042664][T10182] RBP: ffff888064cf7ae0 R08: ffff888064ce8440 R09: ffffed10114c7e19 [ 163.042672][T10182] R10: ffffed10114c7e18 R11: ffff88808a63f0c3 R12: 0000000000000000 [ 163.042680][T10182] R13: ffff888066320040 R14: 0000000000000000 R15: 00000000ffffffe0 [ 163.042698][T10182] FS: 00007f683cd89700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 163.049611][T10133] kobject: 'vlan0' (000000003a6ec74a): kobject_add_internal: parent: 'mesh', set: '' [ 163.055481][T10182] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 163.055490][T10182] CR2: 0000001b2c333000 CR3: 000000009767d000 CR4: 00000000001406e0 [ 163.055502][T10182] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 163.055510][T10182] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 163.055521][T10182] Call Trace: [ 163.152658][T10182] tls_sw_sendmsg+0xe38/0x17b0 [ 163.157408][T10182] ? tx_work_handler+0x180/0x180 [ 163.162325][T10182] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 163.167847][T10182] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 163.174117][T10182] inet6_sendmsg+0x9e/0xe0 [ 163.178513][T10182] ? inet6_ioctl+0x1c0/0x1c0 [ 163.183080][T10182] sock_sendmsg+0xd7/0x130 [ 163.187473][T10182] __sys_sendto+0x262/0x380 [ 163.191953][T10182] ? __ia32_sys_getpeername+0xb0/0xb0 [ 163.197306][T10182] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 163.203522][T10182] ? put_timespec64+0xda/0x140 [ 163.208262][T10182] ? nsecs_to_jiffies+0x30/0x30 [ 163.213091][T10182] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 163.219313][T10182] ? __x64_sys_clock_gettime+0x16d/0x240 [ 163.224925][T10182] __x64_sys_sendto+0xe1/0x1a0 [ 163.229668][T10182] do_syscall_64+0xfa/0x760 [ 163.234166][T10182] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 163.240031][T10182] RIP: 0033:0x459829 [ 163.243902][T10182] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 163.263493][T10182] RSP: 002b:00007f683cd88c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 163.271877][T10182] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000459829 [ 163.279822][T10182] RDX: ffffffffffffffc1 RSI: 00000000200005c0 RDI: 0000000000000004 [ 163.287767][T10182] RBP: 000000000075bf20 R08: 0000000000000000 R09: 1201000000003618 [ 163.295715][T10182] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f683cd896d4 [ 163.303662][T10182] R13: 00000000004c77d9 R14: 00000000004dcf90 R15: 00000000ffffffff [ 163.311619][T10182] Modules linked in: [ 163.359250][T10196] kasan: CONFIG_KASAN_INLINE enabled [ 163.367051][T10198] kasan: CONFIG_KASAN_INLINE enabled [ 163.372628][T10196] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 163.374845][ T3877] kobject: 'loop4' (000000009cc276b7): kobject_uevent_env [ 163.383479][T10198] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 163.399238][T10196] general protection fault: 0000 [#2] PREEMPT SMP KASAN [ 163.406194][T10196] CPU: 1 PID: 10196 Comm: syz-executor.1 Tainted: G D 5.3.0-rc2-next-20190731 #56 [ 163.410519][ T3877] kobject: 'loop4' (000000009cc276b7): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 163.416678][T10196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 163.416708][T10196] RIP: 0010:tls_trim_both_msgs+0x54/0x130 [ 163.416724][T10196] Code: 48 c1 ea 03 80 3c 02 00 0f 85 e3 00 00 00 4d 8b b5 b0 06 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d 7e 28 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 b3 00 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b [ 163.416739][T10196] RSP: 0018:ffff88806575fac0 EFLAGS: 00010206 [ 163.445207][ T3877] kobject: 'loop5' (00000000bdd35770): kobject_uevent_env [ 163.462200][T10196] RAX: dffffc0000000000 RBX: ffff8880647dee00 RCX: ffffc9000815e000 [ 163.462209][T10196] RDX: 0000000000000005 RSI: ffffffff862e0d96 RDI: 0000000000000028 [ 163.462217][T10196] RBP: ffff88806575fae0 R08: ffff888065756080 R09: ffffed10114be351 [ 163.462225][T10196] R10: ffffed10114be350 R11: ffff88808a5f1a83 R12: 0000000000000000 [ 163.462233][T10196] R13: ffff8880654a8c40 R14: 0000000000000000 R15: 00000000ffffffe0 [ 163.462243][T10196] FS: 00007fbaf8460700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 163.462252][T10196] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 163.462259][T10196] CR2: 0000001b2cb34000 CR3: 0000000095f3e000 CR4: 00000000001406e0 [ 163.462275][T10196] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 163.468955][ T3877] kobject: 'loop5' (00000000bdd35770): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 163.475412][T10196] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 163.475417][T10196] Call Trace: [ 163.475441][T10196] tls_sw_sendmsg+0xe38/0x17b0 [ 163.475467][T10196] ? tx_work_handler+0x180/0x180 [ 163.508262][T10182] ---[ end trace 79fb403f60ba88fb ]--- [ 163.515251][T10196] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 163.515277][T10196] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 163.595482][T10196] inet6_sendmsg+0x9e/0xe0 [ 163.600002][T10196] ? inet6_ioctl+0x1c0/0x1c0 [ 163.604692][T10196] sock_sendmsg+0xd7/0x130 [ 163.609335][T10196] __sys_sendto+0x262/0x380 [ 163.613934][T10196] ? __ia32_sys_getpeername+0xb0/0xb0 [ 163.619365][T10196] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 163.625634][T10196] ? put_timespec64+0xda/0x140 [ 163.630426][T10196] ? nsecs_to_jiffies+0x30/0x30 [ 163.635310][T10196] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 163.641598][T10196] ? __x64_sys_clock_gettime+0x16d/0x240 [ 163.647281][T10196] __x64_sys_sendto+0xe1/0x1a0 [ 163.652069][T10196] do_syscall_64+0xfa/0x760 [ 163.656576][T10196] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 163.662458][T10196] RIP: 0033:0x459829 [ 163.666348][T10196] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 163.686129][T10196] RSP: 002b:00007fbaf845fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 163.694535][T10196] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000459829 [ 163.702509][T10196] RDX: ffffffffffffffc1 RSI: 00000000200005c0 RDI: 0000000000000004 [ 163.710473][T10196] RBP: 000000000075bf20 R08: 0000000000000000 R09: 1201000000003618 [ 163.718433][T10196] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbaf84606d4 [ 163.726391][T10196] R13: 00000000004c77d9 R14: 00000000004dcf90 R15: 00000000ffffffff [ 163.734356][T10196] Modules linked in: [ 163.738263][T10198] general protection fault: 0000 [#3] PREEMPT SMP KASAN [ 163.745214][T10198] CPU: 0 PID: 10198 Comm: syz-executor.3 Tainted: G D 5.3.0-rc2-next-20190731 #56 [ 163.755696][T10198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 163.765762][T10198] RIP: 0010:tls_trim_both_msgs+0x54/0x130 [ 163.771484][T10198] Code: 48 c1 ea 03 80 3c 02 00 0f 85 e3 00 00 00 4d 8b b5 b0 06 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d 7e 28 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 b3 00 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b [ 163.775822][T10196] ---[ end trace 79fb403f60ba88fc ]--- [ 163.791084][T10198] RSP: 0018:ffff88806440fac0 EFLAGS: 00010206 [ 163.791096][T10198] RAX: dffffc0000000000 RBX: ffff8880640b4140 RCX: ffffc9000c594000 [ 163.791103][T10198] RDX: 0000000000000005 RSI: ffffffff862e0d96 RDI: 0000000000000028 [ 163.791111][T10198] RBP: ffff88806440fae0 R08: ffff888064402080 R09: ffffed10114db409 [ 163.791118][T10198] R10: ffffed10114db408 R11: ffff88808a6da043 R12: 0000000000000000 [ 163.791125][T10198] R13: ffff8880654a6c40 R14: 0000000000000000 R15: 00000000ffffffe0 [ 163.791136][T10198] FS: 00007fdd7cf28700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 163.791143][T10198] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 163.791151][T10198] CR2: 00007ffe50a4cf88 CR3: 00000000a4ab7000 CR4: 00000000001406f0 [ 163.791162][T10198] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 163.791169][T10198] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 163.791173][T10198] Call Trace: [ 163.791197][T10198] tls_sw_sendmsg+0xe38/0x17b0 [ 163.791229][T10198] ? tx_work_handler+0x180/0x180 [ 163.791252][T10198] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 163.805566][T10205] kasan: CONFIG_KASAN_INLINE enabled [ 163.810720][T10198] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 163.810738][T10198] inet6_sendmsg+0x9e/0xe0 [ 163.810751][T10198] ? inet6_ioctl+0x1c0/0x1c0 [ 163.810765][T10198] sock_sendmsg+0xd7/0x130 [ 163.810780][T10198] __sys_sendto+0x262/0x380 [ 163.810801][T10198] ? __ia32_sys_getpeername+0xb0/0xb0 [ 163.829014][T10205] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 163.834690][T10198] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 163.834715][T10198] ? put_timespec64+0xda/0x140 [ 163.845305][T10196] RIP: 0010:tls_trim_both_msgs+0x54/0x130 [ 163.851607][T10198] ? nsecs_to_jiffies+0x30/0x30 [ 163.851627][T10198] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 163.851641][T10198] ? __x64_sys_clock_gettime+0x16d/0x240 [ 163.851660][T10198] __x64_sys_sendto+0xe1/0x1a0 [ 163.851681][T10198] do_syscall_64+0xfa/0x760 [ 163.985811][T10198] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 163.992226][T10198] RIP: 0033:0x459829 [ 163.996118][T10198] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 164.015714][T10198] RSP: 002b:00007fdd7cf27c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 164.024139][T10198] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000459829 [ 164.032099][T10198] RDX: ffffffffffffffc1 RSI: 00000000200005c0 RDI: 0000000000000004 [ 164.040060][T10198] RBP: 000000000075bf20 R08: 0000000000000000 R09: 1201000000003618 [ 164.048019][T10198] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdd7cf286d4 [ 164.055979][T10198] R13: 00000000004c77d9 R14: 00000000004dcf90 R15: 00000000ffffffff [ 164.063951][T10198] Modules linked in: [ 164.067855][T10205] general protection fault: 0000 [#4] PREEMPT SMP KASAN [ 164.074802][T10205] CPU: 1 PID: 10205 Comm: syz-executor.2 Tainted: G D 5.3.0-rc2-next-20190731 #56 [ 164.085292][T10205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 164.095361][T10205] RIP: 0010:tls_trim_both_msgs+0x54/0x130 [ 164.100968][T10198] ---[ end trace 79fb403f60ba88fd ]--- [ 164.101080][T10205] Code: 48 c1 ea 03 80 3c 02 00 0f 85 e3 00 00 00 4d 8b b5 b0 06 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d 7e 28 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 b3 00 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b [ 164.111818][ T3877] kobject: 'loop4' (000000009cc276b7): kobject_uevent_env [ 164.126592][T10205] RSP: 0018:ffff88806466fac0 EFLAGS: 00010206 [ 164.126605][T10205] RAX: dffffc0000000000 RBX: ffff8880641bae00 RCX: ffffc9000a377000 [ 164.126612][T10205] RDX: 0000000000000005 RSI: ffffffff862e0d96 RDI: 0000000000000028 [ 164.126620][T10205] RBP: ffff88806466fae0 R08: ffff888064664080 R09: ffffed10141f7809 [ 164.126628][T10205] R10: ffffed10141f7808 R11: ffff8880a0fbc043 R12: 0000000000000000 [ 164.126645][T10205] R13: ffff88806478ac40 R14: 0000000000000000 R15: 00000000ffffffe0 [ 164.136456][T10198] RIP: 0010:tls_trim_both_msgs+0x54/0x130 [ 164.139783][T10205] FS: 00007f0aa8422700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 164.139793][T10205] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 164.139801][T10205] CR2: 0000000001607e90 CR3: 00000000996bd000 CR4: 00000000001406e0 [ 164.139813][T10205] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 164.139828][T10205] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 164.148640][T10198] Code: 48 c1 ea 03 80 3c 02 00 0f 85 e3 00 00 00 4d 8b b5 b0 06 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d 7e 28 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 b3 00 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b [ 164.155735][T10205] Call Trace: [ 164.155756][T10205] tls_sw_sendmsg+0xe38/0x17b0 [ 164.155787][T10205] ? tx_work_handler+0x180/0x180 [ 164.164095][ T3877] kobject: 'loop4' (000000009cc276b7): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 164.171881][T10205] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 164.171899][T10205] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 164.171928][T10205] inet6_sendmsg+0x9e/0xe0 [ 164.180207][T10198] RSP: 0018:ffff888064cf7ac0 EFLAGS: 00010206 [ 164.185608][T10205] ? inet6_ioctl+0x1c0/0x1c0 [ 164.185624][T10205] sock_sendmsg+0xd7/0x130 [ 164.185644][T10205] __sys_sendto+0x262/0x380 [ 164.210574][T10198] RAX: dffffc0000000000 RBX: ffff88809730d280 RCX: ffffc90005f4d000 [ 164.217038][T10205] ? __ia32_sys_getpeername+0xb0/0xb0 [ 164.217065][T10205] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 164.217077][T10205] ? put_timespec64+0xda/0x140 [ 164.217095][T10205] ? nsecs_to_jiffies+0x30/0x30 [ 164.234897][T10198] RDX: 0000000000000005 RSI: ffffffff862e0d96 RDI: 0000000000000028 [ 164.244648][T10205] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 164.244665][T10205] ? __x64_sys_clock_gettime+0x16d/0x240 [ 164.244683][T10205] __x64_sys_sendto+0xe1/0x1a0 11:08:44 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) listen(r1, 0x0) sendto$inet6(r0, 0x0, 0xfffffffffffffe32, 0x20004004, &(0x7f0000000040)={0xa, 0x20004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000000)='tls\x00', 0xc498ead121f97dd6) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100)=@gcm_128={{0x303}, "d44eb8c7308ec7c4", "442065238929350ade91900b51fc9534", "6bdda720", "7ee51430da3f51b3"}, 0x28) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='gre0\x00', 0x10) lgetxattr(&(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000380)=""/41, 0x29) sendto$inet6(r0, &(0x7f00000005c0), 0xffffffffffffffc1, 0x0, 0x0, 0x1201000000003618) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x40031, 0xffffffffffffffff, 0x0) 11:08:44 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) listen(r1, 0x0) sendto$inet6(r0, 0x0, 0xfffffffffffffe32, 0x20004004, &(0x7f0000000040)={0xa, 0x20004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000000)='tls\x00', 0xc498ead121f97dd6) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100)=@ccm_128={{0x303}, "91f5c9a1938f2b24", "596cdaad2f281b7cecca45f96ebb092d", "59a15945", "5e0d124dd7fdc23f"}, 0x28) sendmsg$inet6(r0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=[@rthdr_2292={{0x18}}, @dontfrag={{0x14}}], 0x30}, 0x0) [ 164.244713][T10205] do_syscall_64+0xfa/0x760 [ 164.248293][T10198] RBP: ffff888064cf7ae0 R08: ffff888064ce8440 R09: ffffed10114c7e19 [ 164.252722][T10205] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 164.252733][T10205] RIP: 0033:0x459829 [ 164.252753][T10205] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 164.257974][T10198] R10: ffffed10114c7e18 R11: ffff88808a63f0c3 R12: 0000000000000000 [ 164.267787][T10205] RSP: 002b:00007f0aa8421c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 164.267801][T10205] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000459829 [ 164.267809][T10205] RDX: ffffffffffffffc1 RSI: 00000000200005c0 RDI: 0000000000000004 [ 164.267817][T10205] RBP: 000000000075bf20 R08: 0000000000000000 R09: 1201000000003618 [ 164.267825][T10205] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0aa84226d4 [ 164.267832][T10205] R13: 00000000004c77d9 R14: 00000000004dcf90 R15: 00000000ffffffff [ 164.267846][T10205] Modules linked in: [ 164.273789][T10198] R13: ffff888066320040 R14: 0000000000000000 R15: 00000000ffffffe0 [ 164.304918][T10205] ---[ end trace 79fb403f60ba88fe ]--- [ 164.307017][T10182] RIP: 0010:tls_trim_both_msgs+0x54/0x130 [ 164.307034][T10182] Code: 48 c1 ea 03 80 3c 02 00 0f 85 e3 00 00 00 4d 8b b5 b0 06 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d 7e 28 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 b3 00 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b [ 164.307042][T10182] RSP: 0018:ffff888064cf7ac0 EFLAGS: 00010206 [ 164.307055][T10182] RAX: dffffc0000000000 RBX: ffff88809730d280 RCX: ffffc90005f4d000 [ 164.307070][T10182] RDX: 0000000000000005 RSI: ffffffff862e0d96 RDI: 0000000000000028 [ 164.324148][T10205] RIP: 0010:tls_trim_both_msgs+0x54/0x130 [ 164.328003][ T3877] kobject: 'loop5' (00000000bdd35770): kobject_uevent_env [ 164.331636][T10205] Code: 48 c1 ea 03 80 3c 02 00 0f 85 e3 00 00 00 4d 8b b5 b0 06 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d 7e 28 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 b3 00 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b [ 164.337515][T10196] Code: 48 c1 ea 03 80 3c 02 00 0f 85 e3 00 00 00 4d 8b b5 b0 06 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d 7e 28 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 b3 00 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b [ 164.360928][T10205] RSP: 0018:ffff888064cf7ac0 EFLAGS: 00010206 [ 164.386712][ T3877] kobject: 'loop5' (00000000bdd35770): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 164.407724][T10198] FS: 00007fdd7cf28700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 164.415295][T10196] RSP: 0018:ffff888064cf7ac0 EFLAGS: 00010206 [ 164.423503][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 164.431507][ C0] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 164.465940][T10198] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 164.477959][T10182] RBP: ffff888064cf7ae0 R08: ffff888064ce8440 R09: ffffed10114c7e19 [ 164.493466][T10198] CR2: 0000001b2cf22000 CR3: 00000000a4ab7000 CR4: 00000000001406e0 [ 164.521163][T10196] RAX: dffffc0000000000 RBX: ffff88809730d280 RCX: ffffc90005f4d000 11:08:45 executing program 5: socketpair$unix(0x1, 0x200000000005, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_emit_ethernet(0x7ffff, &(0x7f0000000080)={@local, @local, [], {@ipv4={0x800, {{0x8, 0x4, 0x0, 0x0, 0x21c, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @remote={0xac, 0x14, 0x223}}, @icmp=@timestamp_reply={0xffffff83, 0xa, 0x0, 0x0, 0x2, 0x8906}}}}}, &(0x7f0000000040)) [ 164.550018][T10182] R10: ffffed10114c7e18 R11: ffff88808a63f0c3 R12: 0000000000000000 [ 164.566468][T10196] RDX: 0000000000000005 RSI: ffffffff862e0d96 RDI: 0000000000000028 [ 164.586724][T10205] RAX: dffffc0000000000 RBX: ffff88809730d280 RCX: ffffc90005f4d000 [ 164.602293][T10196] RBP: ffff888064cf7ae0 R08: ffff888064ce8440 R09: ffffed10114c7e19 [ 164.613261][T10198] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 164.623362][T10196] R10: ffffed10114c7e18 R11: ffff88808a63f0c3 R12: 0000000000000000 [ 164.636651][T10205] RDX: 0000000000000005 RSI: ffffffff862e0d96 RDI: 0000000000000028 [ 164.638893][T10182] R13: ffff888066320040 R14: 0000000000000000 R15: 00000000ffffffe0 [ 164.661882][T10198] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 164.664651][ T3877] kobject: 'loop5' (00000000bdd35770): kobject_uevent_env [ 164.674326][T10205] RBP: ffff888064cf7ae0 R08: ffff888064ce8440 R09: ffffed10114c7e19 [ 164.679985][ T3877] kobject: 'loop5' (00000000bdd35770): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 164.710714][T10198] Kernel panic - not syncing: Fatal exception [ 164.713969][T10196] R13: ffff888066320040 R14: 0000000000000000 R15: 00000000ffffffe0 [ 164.719698][T10198] Kernel Offset: disabled [ 164.779219][T10198] Rebooting in 86400 seconds..