[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   60.648011][   T26] audit: type=1800 audit(1572383982.177:25): pid=8702 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   60.675287][   T26] audit: type=1800 audit(1572383982.177:26): pid=8702 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   60.738229][   T26] audit: type=1800 audit(1572383982.187:27): pid=8702 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.68' (ECDSA) to the list of known hosts.
2019/10/29 21:19:51 fuzzer started
2019/10/29 21:19:53 dialing manager at 10.128.0.26:38767
2019/10/29 21:19:53 syscalls: 2541
2019/10/29 21:19:53 code coverage: enabled
2019/10/29 21:19:53 comparison tracing: enabled
2019/10/29 21:19:53 extra coverage: extra coverage is not supported by the kernel
2019/10/29 21:19:53 setuid sandbox: enabled
2019/10/29 21:19:53 namespace sandbox: enabled
2019/10/29 21:19:53 Android sandbox: /sys/fs/selinux/policy does not exist
2019/10/29 21:19:53 fault injection: enabled
2019/10/29 21:19:53 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/10/29 21:19:53 net packet injection: enabled
2019/10/29 21:19:53 net device setup: enabled
2019/10/29 21:19:53 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
21:21:32 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000380)='net/route\x00')
preadv(r0, &(0x7f0000000680)=[{&(0x7f0000000100)=""/166, 0xa6}, {&(0x7f00000001c0)=""/70, 0x46}, {&(0x7f0000000240)=""/45, 0x2d}, {&(0x7f0000000280)=""/154, 0x9a}, {&(0x7f00000003c0)=""/206, 0xce}, {&(0x7f00000004c0)=""/151, 0x97}], 0x6, 0x0)

21:21:32 executing program 1:
r0 = openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000380)='/proc/self//exe\x00', 0x3, 0x0)
fdatasync(r0)

syzkaller login: [  170.662710][ T8870] IPVS: ftp: loaded support on port[0] = 21
[  170.826358][ T8870] chnl_net:caif_netlink_parms(): no params data found
[  170.872511][ T8870] bridge0: port 1(bridge_slave_0) entered blocking state
[  170.882375][ T8870] bridge0: port 1(bridge_slave_0) entered disabled state
[  170.883086][ T8873] IPVS: ftp: loaded support on port[0] = 21
[  170.898585][ T8870] device bridge_slave_0 entered promiscuous mode
[  170.907829][ T8870] bridge0: port 2(bridge_slave_1) entered blocking state
[  170.916455][ T8870] bridge0: port 2(bridge_slave_1) entered disabled state
[  170.924351][ T8870] device bridge_slave_1 entered promiscuous mode
[  170.956984][ T8870] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
21:21:32 executing program 2:
r0 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000140)=0x73, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0x20000030, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c)

[  170.971519][ T8870] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  171.058724][ T8870] team0: Port device team_slave_0 added
[  171.087688][ T8870] team0: Port device team_slave_1 added
[  171.117946][ T8875] IPVS: ftp: loaded support on port[0] = 21
21:21:32 executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0x4, &(0x7f00000033c0)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x6, 0x5, 0x1, 0x14}]}, &(0x7f0000000140)='GPL\x00', 0x1, 0x30c, &(0x7f0000000200)=""/251, 0x0, 0x0, [], 0x0, 0xf}, 0x7e)

[  171.288293][ T8870] device hsr_slave_0 entered promiscuous mode
[  171.355393][ T8870] device hsr_slave_1 entered promiscuous mode
21:21:32 executing program 4:
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f0000000180)={@ipv4={[], [], @empty}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, @dev})

[  171.490369][ T8873] chnl_net:caif_netlink_parms(): no params data found
[  171.560867][ T8878] IPVS: ftp: loaded support on port[0] = 21
[  171.631941][ T8873] bridge0: port 1(bridge_slave_0) entered blocking state
[  171.655144][ T8873] bridge0: port 1(bridge_slave_0) entered disabled state
[  171.662914][ T8873] device bridge_slave_0 entered promiscuous mode
[  171.681842][ T8880] IPVS: ftp: loaded support on port[0] = 21
[  171.702412][ T8873] bridge0: port 2(bridge_slave_1) entered blocking state
[  171.725230][ T8873] bridge0: port 2(bridge_slave_1) entered disabled state
[  171.732919][ T8873] device bridge_slave_1 entered promiscuous mode
21:21:33 executing program 5:
recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x16, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = syz_open_procfs(0x0, &(0x7f0000000380)='net/route\x00')
preadv(r3, &(0x7f00000017c0), 0x1a0, 0xf0ffff)

[  171.846987][ T8870] bridge0: port 2(bridge_slave_1) entered blocking state
[  171.854229][ T8870] bridge0: port 2(bridge_slave_1) entered forwarding state
[  171.862354][ T8870] bridge0: port 1(bridge_slave_0) entered blocking state
[  171.869492][ T8870] bridge0: port 1(bridge_slave_0) entered forwarding state
[  171.882150][ T8873] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  171.922703][ T2903] bridge0: port 1(bridge_slave_0) entered disabled state
[  171.937294][ T2903] bridge0: port 2(bridge_slave_1) entered disabled state
[  171.963522][ T8873] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  172.007564][ T8875] chnl_net:caif_netlink_parms(): no params data found
[  172.039121][ T8873] team0: Port device team_slave_0 added
[  172.057417][ T8885] IPVS: ftp: loaded support on port[0] = 21
[  172.070514][ T8873] team0: Port device team_slave_1 added
[  172.094315][ T8875] bridge0: port 1(bridge_slave_0) entered blocking state
[  172.102190][ T8875] bridge0: port 1(bridge_slave_0) entered disabled state
[  172.111678][ T8875] device bridge_slave_0 entered promiscuous mode
[  172.120345][ T8875] bridge0: port 2(bridge_slave_1) entered blocking state
[  172.127657][ T8875] bridge0: port 2(bridge_slave_1) entered disabled state
[  172.135756][ T8875] device bridge_slave_1 entered promiscuous mode
[  172.198293][ T8875] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  172.209303][ T8875] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  172.234417][ T8878] chnl_net:caif_netlink_parms(): no params data found
[  172.317538][ T8873] device hsr_slave_0 entered promiscuous mode
[  172.375497][ T8873] device hsr_slave_1 entered promiscuous mode
[  172.435208][ T8873] debugfs: Directory 'hsr0' with parent '/' already present!
[  172.479067][ T8875] team0: Port device team_slave_0 added
[  172.487009][ T8880] chnl_net:caif_netlink_parms(): no params data found
[  172.526525][ T8875] team0: Port device team_slave_1 added
[  172.560044][ T8878] bridge0: port 1(bridge_slave_0) entered blocking state
[  172.567572][ T8878] bridge0: port 1(bridge_slave_0) entered disabled state
[  172.576545][ T8878] device bridge_slave_0 entered promiscuous mode
[  172.584286][ T8878] bridge0: port 2(bridge_slave_1) entered blocking state
[  172.592049][ T8878] bridge0: port 2(bridge_slave_1) entered disabled state
[  172.599927][ T8878] device bridge_slave_1 entered promiscuous mode
[  172.620695][ T8880] bridge0: port 1(bridge_slave_0) entered blocking state
[  172.628619][ T8880] bridge0: port 1(bridge_slave_0) entered disabled state
[  172.636898][ T8880] device bridge_slave_0 entered promiscuous mode
[  172.644522][ T8880] bridge0: port 2(bridge_slave_1) entered blocking state
[  172.651649][ T8880] bridge0: port 2(bridge_slave_1) entered disabled state
[  172.659462][ T8880] device bridge_slave_1 entered promiscuous mode
[  172.711497][ T8880] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  172.726233][ T8870] 8021q: adding VLAN 0 to HW filter on device bond0
[  172.737910][ T8878] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  172.790483][ T8875] device hsr_slave_0 entered promiscuous mode
[  172.835472][ T8875] device hsr_slave_1 entered promiscuous mode
[  172.875248][ T8875] debugfs: Directory 'hsr0' with parent '/' already present!
[  172.889840][ T8880] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  172.914778][ T8878] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  172.940181][ T8878] team0: Port device team_slave_0 added
[  172.956081][ T8880] team0: Port device team_slave_0 added
[  172.963849][ T8880] team0: Port device team_slave_1 added
[  172.977946][ T8870] 8021q: adding VLAN 0 to HW filter on device team0
[  172.992947][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  173.001275][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  173.012780][ T8878] team0: Port device team_slave_1 added
[  173.108638][ T8880] device hsr_slave_0 entered promiscuous mode
[  173.155542][ T8880] device hsr_slave_1 entered promiscuous mode
[  173.195261][ T8880] debugfs: Directory 'hsr0' with parent '/' already present!
[  173.209651][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  173.223967][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  173.232723][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  173.239821][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  173.314662][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  173.324724][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  173.337168][ T2903] bridge0: port 2(bridge_slave_1) entered blocking state
[  173.344241][ T2903] bridge0: port 2(bridge_slave_1) entered forwarding state
[  173.352650][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  173.361530][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  173.428571][ T8878] device hsr_slave_0 entered promiscuous mode
[  173.465601][ T8878] device hsr_slave_1 entered promiscuous mode
[  173.505248][ T8878] debugfs: Directory 'hsr0' with parent '/' already present!
[  173.532446][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  173.541393][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  173.559450][ T8885] chnl_net:caif_netlink_parms(): no params data found
[  173.579872][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  173.589083][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  173.597788][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  173.626058][ T8873] 8021q: adding VLAN 0 to HW filter on device bond0
[  173.674287][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  173.682866][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  173.692723][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  173.701271][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  173.710167][ T8885] bridge0: port 1(bridge_slave_0) entered blocking state
[  173.717839][ T8885] bridge0: port 1(bridge_slave_0) entered disabled state
[  173.726238][ T8885] device bridge_slave_0 entered promiscuous mode
[  173.733829][ T8885] bridge0: port 2(bridge_slave_1) entered blocking state
[  173.740970][ T8885] bridge0: port 2(bridge_slave_1) entered disabled state
[  173.749972][ T8885] device bridge_slave_1 entered promiscuous mode
[  173.794844][ T8870] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  173.814751][ T8885] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  173.828952][ T8881] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  173.837643][ T8881] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  173.847496][ T8873] 8021q: adding VLAN 0 to HW filter on device team0
[  173.872339][ T8870] 8021q: adding VLAN 0 to HW filter on device batadv0
[  173.882465][ T8885] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  173.924252][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  173.934570][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  173.943725][   T44] bridge0: port 1(bridge_slave_0) entered blocking state
[  173.950861][   T44] bridge0: port 1(bridge_slave_0) entered forwarding state
[  173.959875][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  173.982043][ T8875] 8021q: adding VLAN 0 to HW filter on device bond0
[  174.010051][ T8884] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  174.019642][ T8884] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  174.031939][ T8884] bridge0: port 2(bridge_slave_1) entered blocking state
[  174.039063][ T8884] bridge0: port 2(bridge_slave_1) entered forwarding state
[  174.047106][ T8884] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  174.067219][ T8875] 8021q: adding VLAN 0 to HW filter on device team0
[  174.076391][ T8885] team0: Port device team_slave_0 added
[  174.083583][ T8885] team0: Port device team_slave_1 added
[  174.148862][ T8885] device hsr_slave_0 entered promiscuous mode
[  174.215525][ T8885] device hsr_slave_1 entered promiscuous mode
[  174.265287][ T8885] debugfs: Directory 'hsr0' with parent '/' already present!
[  174.273106][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  174.280933][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  174.302370][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  174.311970][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  174.320663][   T44] bridge0: port 1(bridge_slave_0) entered blocking state
[  174.327808][   T44] bridge0: port 1(bridge_slave_0) entered forwarding state
[  174.335982][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  174.346567][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  174.354881][   T44] bridge0: port 2(bridge_slave_1) entered blocking state
[  174.361990][   T44] bridge0: port 2(bridge_slave_1) entered forwarding state
[  174.369813][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  174.378677][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  174.387333][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  174.398210][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  174.406356][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
21:21:36 executing program 0:

[  174.460485][ T8878] 8021q: adding VLAN 0 to HW filter on device bond0
[  174.510490][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  174.545969][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
21:21:36 executing program 0:

[  174.554492][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  174.573693][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  174.582614][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  174.600655][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
21:21:36 executing program 0:

[  174.611062][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  174.628772][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  174.639530][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
21:21:36 executing program 0:

[  174.663045][ T8873] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  174.687799][ T8873] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
21:21:36 executing program 0:

[  174.755929][ T8880] 8021q: adding VLAN 0 to HW filter on device bond0
[  174.763364][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  174.776636][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  174.788926][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
21:21:36 executing program 0:

[  174.806520][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  174.815860][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  174.824338][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  174.833649][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  174.849282][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
21:21:36 executing program 0:

[  174.879318][ T8875] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  174.893923][ T8878] 8021q: adding VLAN 0 to HW filter on device team0
[  174.918408][ T8881] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  174.927038][ T8881] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  174.948915][ T8873] 8021q: adding VLAN 0 to HW filter on device batadv0
[  174.977674][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  174.999417][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  175.029285][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  175.038271][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  175.046793][ T2903] bridge0: port 1(bridge_slave_0) entered blocking state
[  175.053872][ T2903] bridge0: port 1(bridge_slave_0) entered forwarding state
[  175.061558][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  175.070140][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  175.079091][ T2903] bridge0: port 2(bridge_slave_1) entered blocking state
[  175.086190][ T2903] bridge0: port 2(bridge_slave_1) entered forwarding state
[  175.096351][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  175.119524][ T8880] 8021q: adding VLAN 0 to HW filter on device team0
[  175.133890][ T8891] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  175.152207][ T8891] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  175.161634][ T8891] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  175.170539][ T8891] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  175.179796][ T8891] bridge0: port 1(bridge_slave_0) entered blocking state
[  175.187127][ T8891] bridge0: port 1(bridge_slave_0) entered forwarding state
[  175.195537][ T8891] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  175.207412][ T8875] 8021q: adding VLAN 0 to HW filter on device batadv0
[  175.239343][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  175.254164][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  175.263489][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  175.270615][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  175.279015][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  175.307828][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  175.324329][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  175.361207][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  175.393363][ T8878] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  175.413937][ T8878] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  175.439287][ T8891] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  175.451328][ T8891] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
21:21:37 executing program 1:

[  175.461562][ T8891] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  175.471599][ T8891] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  175.481206][ T8891] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  175.490328][ T8891] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  175.500380][ T8891] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  175.528321][ T8891] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  175.541656][ T8891] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  175.554410][ T8891] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  175.568054][ T8891] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  175.576877][ T8891] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  175.585751][ T8891] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  175.596271][ T8891] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  175.604059][ T8891] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  175.611954][ T8891] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  175.620748][ T8891] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  175.634365][ T8885] 8021q: adding VLAN 0 to HW filter on device bond0
[  175.653495][ T8878] 8021q: adding VLAN 0 to HW filter on device batadv0
[  175.691763][ T8880] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  175.709445][ T8891] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  175.723016][ T8891] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  175.735749][ T8885] 8021q: adding VLAN 0 to HW filter on device team0
21:21:37 executing program 2:

[  175.767782][ T8880] 8021q: adding VLAN 0 to HW filter on device batadv0
[  175.813862][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  175.823432][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  175.845544][ T2903] bridge0: port 1(bridge_slave_0) entered blocking state
[  175.852673][ T2903] bridge0: port 1(bridge_slave_0) entered forwarding state
[  175.884082][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  175.892812][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  175.901904][ T2903] bridge0: port 2(bridge_slave_1) entered blocking state
[  175.909031][ T2903] bridge0: port 2(bridge_slave_1) entered forwarding state
[  175.916819][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  175.936903][ T8891] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  175.944951][ T8891] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  175.961922][ T8891] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  175.971635][ T8891] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  175.980386][ T8891] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  175.989277][ T8891] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  175.999299][ T8891] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  176.007563][ T8891] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  176.016038][ T8891] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
21:21:37 executing program 0:

[  176.056763][ T8938] BPF:hdr_len not found
[  176.061453][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  176.086403][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  176.168241][ T8885] 8021q: adding VLAN 0 to HW filter on device batadv0
21:21:37 executing program 4:
socket$kcm(0x10, 0x0, 0x0)
socket$kcm(0xa, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
recvmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
recvmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000002c0)="2e00000029008151e40f80ecdb5d4cb903024865161a000800050000000089a108b555e7548bcd5edc2976d153b4", 0x2e}], 0x1}, 0x0)

21:21:37 executing program 5:
setsockopt$inet6_MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0x68, &(0x7f0000000000)={{0x18, 0x1, 0x2}, {0x18, 0x1}}, 0x3c)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write(0xffffffffffffffff, &(0x7f0000000040)='b', 0x347fff08)
writev(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f0000000180), 0x81700}], 0x1000000000000013)
writev(r0, &(0x7f0000000240), 0x1000000000000295)

21:21:37 executing program 1:

21:21:37 executing program 3:

21:21:37 executing program 2:

21:21:37 executing program 0:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000002c0)="2e00000029008151e40f80ecdb5d4cb903024865161a000800050000000089a108b555e7548bcd5edc2976d153b4", 0x2e}], 0x1}, 0x0)

[  176.460611][ T8963] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.0'.
21:21:38 executing program 3:
r0 = syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0xc, 0x28001)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000000c0)={0x0, 0x0, 0x0, {0x0, 0x100000000000001}, {}, @rumble})
write$evdev(r0, &(0x7f0000000040), 0x1b3)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff})
r2 = dup2(r1, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$EVIOCGKEY(r0, 0x80404518, 0x0)

21:21:38 executing program 2:
syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0)
r0 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x50, 0x0, &(0x7f0000000900)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00`\x00'/52, @ANYPTR=&(0x7f00000000c0)=ANY=[], @ANYBLOB="0000000000000000046304400000000011634840"], 0x0, 0x0, 0x0})

[  176.502074][ T8965] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.4'.
21:21:38 executing program 1:
syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0)
r0 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x50, 0x0, &(0x7f0000000900)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00`\x00'/52, @ANYPTR=&(0x7f00000000c0)=ANY=[], @ANYBLOB="0000000000000000046304400000000011634840"], 0x0, 0x0, 0x0})

21:21:38 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$IPT_SO_GET_INFO(r1, 0x0, 0x40, 0x0, &(0x7f0000000040))

21:21:38 executing program 0:
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000200)='fd/4\x00\xa7$\xbf\x05l\xb8\t\xd0\x06\xae\b\x86$dV\x92M%\xfd)0m6Z\x05\xae\xa7\rM\bp\xa6Q\x871B\x973\xfe\x05\x12\xf3\xd496\xf9\x1aM6\xb2|\xc5\x05\xbc\xe71g\xe4<&\xd2\xd8g\xb6\xa2U\xae\x9a\x17F\xa5xi\xe8_\xa8R\x96d\x99\xf6_E\xd0\x8f<\xa840\xd6\x84\xd0\x17\xafP\'\xdc{\b\x94\x00Y+\x18N\\\xc9\x1f\a\xf9X\x125\xb9\xd6\xbf\x1a4V\x10\xa6Uq\xceN\xeb\xa8M\xb2?\xda\xfb\xb1\x9d\x94\x13O\xab\xde\xc0t\x8c\")\x05~\x0f\xb8\xf3\xf6d\xbe\xad\xee\"\xaa\x91\x05\xcb9A\x1a\x8d&\x9e\x81\xcf\x9eWvT\x8a\xbfl\x8a\x83%\xec\x94\xfd\x90\xeb\xb3\xa3\xa8\x90\x90\xdb\xc2X\xf48\xd1\x83Eu\xe5c\xd7\xb7qe\xab\xae\xef*\x9e\x95\xde\xa0\x894r[\\\xc4?\xb7\xcfo\xdb\xbeR\xc5\xbc\xb34\xbe}\xf7n/4}\xbc.t\x94\x1c%\xcb\x93\xea\"Aa(\xd6FX\xd8\b\xd1\x10N{\xe8\xbc)\xc8\x1e6\xff\x95\xa3\xf3\x84\xf4\xa5\xe8f\xc2@\x1f7h\xb3\xd6\xab\x9a\x03\x95>V\\\xc4%T\x94M\xc7`\x83\xa1\xa0\xc8gn\xe3\xfe\xef[\xb3\xbd\x18R\x1b=\xab\x97$\x03\xaa\x84C\x0eWD\xeea\xf5\xb9\x82\xea\xbd5:\"\xf6f/\xa1\x8f%8\xa8\x1e\xcf\xb6\xa7\xe1\x1b1\x94\xc1G\xf9\xfc\xc77\x1c\x00'/370)

[  176.668815][ T8984] debugfs: File '8976' in directory 'proc' already present!
[  176.720267][ T8978] debugfs: File '8977' in directory 'proc' already present!
21:21:38 executing program 4:
syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x0, 0x60082)
sendmsg(0xffffffffffffffff, 0x0, 0x0)

21:21:38 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x0, 0x0)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
ppoll(&(0x7f0000000080)=[{r2}, {r3}], 0x2, &(0x7f00000000c0), 0x0, 0x0)

21:21:38 executing program 5:
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000500)='/dev/loop#\x00', 0x0, 0x100082)
r1 = memfd_create(&(0x7f0000000540)='\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00v\x8e\x05\xf7\xc1U\xad}\xc6\x94|W>Zi$Nv8,\n\xa6=W^\xa3Y\x7f\x8b\x17(\'~\xf7k0TM{\xa9-\xcf\x97\x8f\x1f\x81\xdc\x1b\x7f\x8f{4Q\xda\xda\x02\xec\xb4\xf1\xdd\xcc\x8bRA\xda\x89Efn\x00s\xc2Zb\x01\x00M\xbe\xa3z\xab\xd3\xeb\x98\x88\xc4\xc6)A\x9fP\x93zhH\xe0\xd2\x81\xdb\xeeV\x8cM\xe9\xa06\xc2o\x19\"\xf6Iq\xd4\xdf\x97\xfb\xab\x04\xe8\xceI8\xb3\x1d\xcf%\x9bK\xc6\t\x01\xe1\x86a\xfa\xb8\xfb)\x88\xcd+\xc2`\xc2\xf5r5>k\xb0\xa0\x02\xfc\x16MO\x18\x9b\x06\x80b\xd1\x01\x00\x00\x00\x00\x00\x00\x00@\f\fL\xa5{Tk\x940\x17.\xa56.\xe0\x14\x1b=\xf0j\xd25\xe8\x15\xd8\x9e\xea\xd3\xd9G4\t\xc0\x9c.\'\xa9R3z$\xf2\x01\x88\xc0\x13\x12<\xc01j3\xd8\xb4CE7s\xe4\xa0\x9e\xdd\x801\x12M\xee\x13\xce\x9cu(\x8f.\xc83\xc7\xe6j\xf5\xb1\x9a\x00\x00\x00\x00\x00\x00\x00', 0x0)
r2 = openat$btrfs_control(0xffffffffffffff9c, 0x0, 0x80400, 0x0)
r3 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x200, 0x1)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x1f, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_MAXSEG(r3, 0x84, 0xd, &(0x7f0000000700)=@assoc_value={0x0, 0x7f}, 0x8)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f0000000180)={0x0, 0x20}, 0x8)
link(0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r5 = dup2(r4, 0xffffffffffffffff)
setsockopt$inet6_MRT6_ADD_MFC_PROXY(r5, 0x29, 0xd2, &(0x7f0000000200)={{0xa, 0x4e23, 0x8, @mcast2, 0xac}, {0xa, 0x0, 0x40, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x8}, 0x0, [0x58b3, 0x20, 0x0, 0xffffff85, 0x56d, 0xae, 0x1, 0xa448]}, 0x5c)
openat$smack_task_current(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/attr/current\x00', 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0xfffffffffffffffc}, 0x21823}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00')
pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000001c0)='\'', 0x1}], 0x1, 0x81806)
add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000480)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb)
ioctl$sock_TIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000380))
add_key$user(&(0x7f0000000300)='user\x00', &(0x7f0000000440)={'syz', 0x0}, &(0x7f0000000680), 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, &(0x7f00000000c0)={0x4a0e3d761b47f39c})
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r0, 0x0, 0x40fdf)
r6 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x1000)

21:21:38 executing program 3:
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000340)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
epoll_create(0x40)
sendto$inet(0xffffffffffffffff, &(0x7f00000015c0), 0x0, 0x0, 0x0, 0x0)
socket(0x10, 0x80002, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_GET_TSC(0x19, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r4=>0x0})
sched_setattr(0x0, &(0x7f0000000400)={0x30, 0x1, 0x0, 0x0, 0x1}, 0x0)
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b4}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

21:21:38 executing program 1:
clone(0x20002101, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
socket$inet6(0xa, 0x1, 0x7)

21:21:38 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x6, 0x0)
r1 = socket$rds(0x15, 0x5, 0x0)
r2 = io_uring_setup(0xa4, &(0x7f0000000080))
io_uring_register$IORING_REGISTER_FILES(r2, 0x2, &(0x7f0000000280)=[r0, r1, r1], 0x40000000000000e6)

21:21:38 executing program 0:
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000001640)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20)
tee(r1, r1, 0x4, 0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x2, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x2, 0xfffffffc}, 0xffffffffffffffff, 0xffffffffffffffff, r0, 0x8)
r2 = socket$inet6(0xa, 0x6, 0x0)
socket(0x2, 0x3, 0x100000001)
setsockopt$RXRPC_MIN_SECURITY_LEVEL(0xffffffffffffffff, 0x110, 0x4, 0x0, 0x0)
r3 = socket$rds(0x15, 0x5, 0x0)
r4 = io_uring_setup(0xa4, &(0x7f0000000080))
io_uring_register$IORING_REGISTER_FILES(r4, 0x2, &(0x7f0000000280)=[r2, r3, r3], 0x40000000000000e6)
io_uring_register$IORING_UNREGISTER_FILES(r4, 0x3, 0x0, 0x0)

21:21:38 executing program 4:
syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x0, 0x60082)
sendmsg(0xffffffffffffffff, 0x0, 0x0)

21:21:38 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000003c0)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x7, 0x0, "daf2c82ef0a4a7fc37bd440c2ea6593f9e24d66405bb48bcfa18288ee8607032d55e3c40da1ab81fef5b37f7d17e608c345d496f6975ffe9d2166bb2e38910798fc7454ae92070dbaa7e5e92da221017"}, 0xd8)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000ad7000)={0x1, &(0x7f0000acbff8)=[{0x6, 0x0, 0x0, 0x6}]}, 0x10)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0x200408d4, &(0x7f0000000380)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x0, 0x0)
recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0)
getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x0, 0x0)
socket$inet6(0xa, 0x0, 0x0)
write(r0, &(0x7f0000000200)="f1", 0x1)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000180)={0x1, 0x8}, 0x8)
close(r0)

[  177.440623][    C0] hrtimer: interrupt took 44983 ns
21:21:39 executing program 4:
perf_event_open(&(0x7f0000000100)={0x2000000005, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = dup3(0xffffffffffffffff, r0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000380)={0x3, 0x0, &(0x7f0000002c40)=""/175, 0x0, &(0x7f0000001180)=""/78})
ioctl$KVM_GET_VCPU_EVENTS(r1, 0x4400ae8f, &(0x7f0000000000))
ioctl$RTC_WIE_OFF(r1, 0x7010)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r2 = getpid()
sched_setattr(r2, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
write(r5, &(0x7f0000000340), 0x41395527)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0)
rmdir(&(0x7f0000000140)='./bus\x00')
sched_setattr(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket(0x840000000002, 0x3, 0x200000000000ff)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x24000)
r6 = memfd_create(&(0x7f0000000340)='-B\xd5NI\xc5j\xbappp\xf0\b\x84\xa2m\x00:)\x00\xbb\x8d\xac\xacva}knh#\xcb)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bCc\xad\x89\x9ck\xde\xc5\xe96\xddU\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\xb6\xa5$4\xd6\xfe7\x0f\xe7\xd9$\xce \xabN\xae\xc9\xbd\xd3g@\xe1\'s\x0e\x90\xf2\xcdr\xb8(', 0x0)
write(r6, &(0x7f00000004c0)="3161d417452c8f6d46edb3b1077f2abaa85e3489c66107ab7d9aeb42aa515f23c9150bfd105fa1be4e0415cb2c2d4a1cdff5ab24d3676cc093ea0ffa364b7ec5a99d58d2267958d4", 0x48)
sendfile(r6, r6, &(0x7f0000000200), 0xff8)
memfd_create(&(0x7f00000001c0)='md5sum', 0x1)
ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000240)=0x10010)

[  177.854027][ T9009] ==================================================================
[  177.862332][ T9009] BUG: KASAN: null-ptr-deref in io_wq_cancel_all+0x28/0x2a0
[  177.869626][ T9009] Write of size 8 at addr 0000000000000004 by task syz-executor.0/9009
[  177.877867][ T9009] 
[  177.878733][ T9041] BUG: kernel NULL pointer dereference, address: 0000000000000004
[  177.880225][ T9009] CPU: 0 PID: 9009 Comm: syz-executor.0 Not tainted 5.4.0-rc5-next-20191029 #0
[  177.888459][ T9041] #PF: supervisor write access in kernel mode
[  177.897499][ T9009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  177.903552][ T9041] #PF: error_code(0x0002) - not-present page
[  177.913583][ T9009] Call Trace:
[  177.919548][ T9041] PGD 98af0067 P4D 98af0067 PUD 9a687067 PMD 0 
[  177.922835][ T9009]  dump_stack+0x172/0x1f0
[  177.929127][ T9041] Oops: 0002 [#1] PREEMPT SMP KASAN
[  177.933434][ T9009]  ? io_wq_cancel_all+0x28/0x2a0
[  177.938603][ T9041] CPU: 1 PID: 9041 Comm: syz-executor.2 Not tainted 5.4.0-rc5-next-20191029 #0
[  177.943512][ T9009]  ? io_wq_cancel_all+0x28/0x2a0
[  177.952408][ T9041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  177.957324][ T9009]  __kasan_report.cold+0x5/0x41
[  177.967367][ T9041] RIP: 0010:io_wq_cancel_all+0x28/0x2a0
[  177.972188][ T9009]  ? io_wq_cancel_all+0x28/0x2a0
[  177.977706][ T9041] Code: 00 00 55 48 89 e5 41 57 41 56 41 55 41 54 49 89 fc 53 48 83 ec 10 e8 b7 0d a1 ff 49 8d 7c 24 08 be 08 00 00 00 e8 a8 c9 dc ff <f0> 41 80 4c 24 08 02 e8 ec 02 8e ff e8 97 0d a1 ff 45 31 c9 45 31
[  177.982620][ T9009]  kasan_report+0x12/0x20
[  178.002186][ T9041] RSP: 0018:ffff8880618f7910 EFLAGS: 00010246
[  178.006508][ T9009]  check_memory_region+0x134/0x1a0
[  178.012541][ T9041] RAX: 0000000000000000 RBX: ffff8880a0de8000 RCX: ffffffff81d256a8
[  178.017630][ T9009]  __kasan_check_write+0x14/0x20
[  178.025572][ T9041] RDX: 0000000000000001 RSI: 0000000000000008 RDI: 0000000000000004
[  178.030500][ T9009]  io_wq_cancel_all+0x28/0x2a0
[  178.038446][ T9041] RBP: ffff8880618f7948 R08: ffff8880618ec380 R09: ffffed100c31d871
[  178.043189][ T9009]  io_uring_flush+0x35a/0x4e0
[  178.051134][ T9041] R10: ffffed100c31d870 R11: ffff8880618ec387 R12: fffffffffffffffc
[  178.055787][ T9009]  ? exit_sem+0x9a4/0x1d89
[  178.063749][ T9041] R13: ffff8880618ec380 R14: ffff8880a0de8458 R15: 0000000000000000
[  178.068168][ T9009]  ? io_wake_function+0x260/0x260
[  178.076110][ T9041] FS:  00007f7b59429700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
[  178.081111][ T9009]  ? exit_files+0x7b/0xb0
[  178.090012][ T9041] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  178.094317][ T9009]  ? finish_wait+0x260/0x260
[  178.100871][ T9041] CR2: 0000000000000004 CR3: 0000000099955000 CR4: 00000000001406e0
[  178.105449][ T9009]  ? exit_files+0x7b/0xb0
[  178.113494][ T9041] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  178.117804][ T9009]  ? io_wake_function+0x260/0x260
[  178.125768][ T9041] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  178.130772][ T9009]  filp_close+0xbd/0x170
[  178.138710][ T9041] Call Trace:
[  178.142956][ T9009]  put_files_struct+0x1d7/0x2f0
[  178.146227][ T9041]  io_uring_flush+0x35a/0x4e0
[  178.151051][ T9009]  exit_files+0x83/0xb0
[  178.155708][ T9041]  ? exit_sem+0x9a4/0x1d89
[  178.159839][ T9009]  do_exit+0x8d2/0x2e60
[  178.164243][ T9041]  ? io_wake_function+0x260/0x260
[  178.168372][ T9009]  ? __sched_text_start+0x8/0x8
[  178.173467][ T9041]  ? exit_files+0x7b/0xb0
[  178.178292][ T9009]  ? mm_update_next_owner+0x640/0x640
[  178.182592][ T9041]  ? finish_wait+0x260/0x260
[  178.187938][ T9009]  ? preempt_schedule_common+0x63/0xe0
[  178.192499][ T9041]  ? exit_files+0x7b/0xb0
[  178.197930][ T9009]  ? preempt_schedule+0x4b/0x60
[  178.202235][ T9041]  ? io_wake_function+0x260/0x260
[  178.207055][ T9009]  ? ___preempt_schedule+0x16/0x18
[  178.212053][ T9041]  filp_close+0xbd/0x170
[  178.217138][ T9009]  do_group_exit+0x135/0x360
[  178.221356][ T9041]  put_files_struct+0x1d7/0x2f0
[  178.225920][ T9009]  __x64_sys_exit_group+0x44/0x50
[  178.230758][ T9041]  exit_files+0x83/0xb0
[  178.235756][ T9009]  do_syscall_64+0xfa/0x760
[  178.239885][ T9041]  do_exit+0x8d2/0x2e60
[  178.244365][ T9009]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  178.248496][ T9041]  ? mm_update_next_owner+0x640/0x640
[  178.254368][ T9009] RIP: 0033:0x459f49
[  178.259729][ T9041]  ? lock_downgrade+0x920/0x920
[  178.263597][ T9009] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  178.268423][ T9041]  ? _raw_spin_unlock_irq+0x23/0x80
[  178.287993][ T9009] RSP: 002b:00007ffc19d441a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  178.293193][ T9041]  ? get_signal+0x392/0x24f0
[  178.301569][ T9009] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 0000000000459f49
[  178.306138][ T9041]  ? _raw_spin_unlock_irq+0x23/0x80
[  178.314095][ T9009] RDX: 0000000000413ae1 RSI: fffffffffffffff7 RDI: 0000000000000000
[  178.319360][ T9041]  do_group_exit+0x135/0x360
[  178.327298][ T9009] RBP: 0000000000000000 R08: ffffffffffffffff R09: 00007ffc19d44200
[  178.327310][ T9009] R10: 0000000000761d08 R11: 0000000000000246 R12: 0000000000000001
[  178.331881][ T9041]  get_signal+0x47c/0x24f0
[  178.339825][ T9009] R13: 00007ffc19d44200 R14: 0000000000000000 R15: 00007ffc19d44210
[  178.347785][ T9041]  ? lock_downgrade+0x920/0x920
[  178.352174][ T9009] ==================================================================
[  178.360128][ T9041]  do_signal+0x87/0x1700
[  178.372359][ T9009] Kernel panic - not syncing: panic_on_warn set ...
[  178.373023][ T9041]  ? __kasan_check_read+0x11/0x20
[  178.388819][ T9041]  ? _copy_to_user+0x118/0x160
[  178.393573][ T9041]  ? setup_sigcontext+0x7d0/0x7d0
[  178.398601][ T9041]  ? exit_to_usermode_loop+0x43/0x380
[  178.403972][ T9041]  ? do_syscall_64+0x65f/0x760
[  178.408720][ T9041]  ? exit_to_usermode_loop+0x43/0x380
[  178.414077][ T9041]  ? lockdep_hardirqs_on+0x421/0x5e0
[  178.419348][ T9041]  ? trace_hardirqs_on+0x67/0x240
[  178.424447][ T9041]  exit_to_usermode_loop+0x286/0x380
[  178.429732][ T9041]  do_syscall_64+0x65f/0x760
[  178.434310][ T9041]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  178.440191][ T9041] RIP: 0033:0x459f49
[  178.444073][ T9041] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  178.463669][ T9041] RSP: 002b:00007f7b59428cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  178.472084][ T9041] RAX: 0000000000000001 RBX: 000000000075c078 RCX: 0000000000459f49
[  178.480039][ T9041] RDX: 00000000004cddf8 RSI: 0000000000000081 RDI: 000000000075c07c
[  178.487998][ T9041] RBP: 000000000075c070 R08: 0000000000000009 R09: 0000000000000000
[  178.495953][ T9041] R10: ffffffffffffffff R11: 0000000000000246 R12: 000000000075c07c
[  178.503913][ T9041] R13: 00007ffc7e75770f R14: 00007f7b594299c0 R15: 000000000075c07c
[  178.511873][ T9041] Modules linked in:
[  178.515754][ T9041] CR2: 0000000000000004
[  178.519903][ T9041] ---[ end trace eaf752e98e9d4f66 ]---
[  178.525352][ T9041] RIP: 0010:io_wq_cancel_all+0x28/0x2a0
[  178.530885][ T9041] Code: 00 00 55 48 89 e5 41 57 41 56 41 55 41 54 49 89 fc 53 48 83 ec 10 e8 b7 0d a1 ff 49 8d 7c 24 08 be 08 00 00 00 e8 a8 c9 dc ff <f0> 41 80 4c 24 08 02 e8 ec 02 8e ff e8 97 0d a1 ff 45 31 c9 45 31
[  178.550489][ T9041] RSP: 0018:ffff8880618f7910 EFLAGS: 00010246
[  178.556543][ T9041] RAX: 0000000000000000 RBX: ffff8880a0de8000 RCX: ffffffff81d256a8
[  178.564499][ T9041] RDX: 0000000000000001 RSI: 0000000000000008 RDI: 0000000000000004
[  178.572461][ T9041] RBP: ffff8880618f7948 R08: ffff8880618ec380 R09: ffffed100c31d871
[  178.580419][ T9041] R10: ffffed100c31d870 R11: ffff8880618ec387 R12: fffffffffffffffc
[  178.588375][ T9041] R13: ffff8880618ec380 R14: ffff8880a0de8458 R15: 0000000000000000
[  178.596333][ T9041] FS:  00007f7b59429700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
[  178.605245][ T9041] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  178.611822][ T9041] CR2: 0000000000000004 CR3: 0000000099955000 CR4: 00000000001406e0
[  178.619777][ T9041] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  178.627734][ T9041] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  179.474253][ T9009] Shutting down cpus with NMI
[  179.480478][ T9009] Kernel Offset: disabled
[  179.484803][ T9009] Rebooting in 86400 seconds..