[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   87.220127][   T27] audit: type=1800 audit(1578980339.970:25): pid=9540 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   87.240154][   T27] audit: type=1800 audit(1578980339.970:26): pid=9540 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   87.274569][   T27] audit: type=1800 audit(1578980339.970:27): pid=9540 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.155' (ECDSA) to the list of known hosts.
2020/01/14 05:39:10 fuzzer started
2020/01/14 05:39:12 dialing manager at 10.128.0.26:34807
2020/01/14 05:39:12 syscalls: 2860
2020/01/14 05:39:12 code coverage: enabled
2020/01/14 05:39:12 comparison tracing: enabled
2020/01/14 05:39:12 extra coverage: enabled
2020/01/14 05:39:12 setuid sandbox: enabled
2020/01/14 05:39:12 namespace sandbox: enabled
2020/01/14 05:39:12 Android sandbox: /sys/fs/selinux/policy does not exist
2020/01/14 05:39:12 fault injection: enabled
2020/01/14 05:39:12 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2020/01/14 05:39:12 net packet injection: enabled
2020/01/14 05:39:12 net device setup: enabled
2020/01/14 05:39:12 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2020/01/14 05:39:12 devlink PCI setup: PCI device 0000:00:10.0 is not available
05:39:13 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
sendmsg(0xffffffffffffffff, 0x0, 0x0)
connect$rds(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x5c831, 0xffffffffffffffff, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, 0x0, 0xffffffffffffff4f)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x14, &(0x7f0000000540)={@ipv4={[], [], @loopback}, <r4=>0x0}, 0x0)
ioctl$sock_inet6_SIOCDIFADDR(r1, 0x8936, &(0x7f00000005c0)={@loopback, 0x77, r4})
syz_open_procfs(0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xfff)
prctl$PR_GET_THP_DISABLE(0x2a)
sendmsg$inet_sctp(r3, &(0x7f0000000440)={&(0x7f0000000000)=@in6={0xa, 0x4e24, 0x433, @mcast1, 0x1f}, 0x1c, &(0x7f00000003c0)=[{&(0x7f0000000340)="acabfed8e0217c8a46e7486bed8b509bd07b8fde942dda4c2a2a8939b22eb39da5a8050446aecd71c84a76388cb755fe2708aff8c6fe4b21c2578b7b061af183b1eb291428006028952b57cde4be", 0x4e}], 0x1, &(0x7f0000000400)=[@prinfo={0x18, 0x84, 0x5, {0x10, 0x8}}, @prinfo={0x18, 0x84, 0x5, {0x20, 0x1}}], 0x30, 0x800}, 0x24000081)
open(0x0, 0x0, 0x0)
r5 = socket$inet6(0xa, 0x80003, 0x80)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000001c0)="0805b5055e0bcfe8474071")
getsockopt$IP6T_SO_GET_INFO(r5, 0x29, 0x40, &(0x7f0000000280)={'nat\x00'}, &(0x7f0000000300)=0x54)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(0xffffffffffffffff, 0xc10c5541, &(0x7f0000000140)={0x0, 0x2, 0x9, 0x0, 0x0, [], [], [], 0x0, 0x8d})
ioctl$SNDRV_PCM_IOCTL_WRITEI_FRAMES(0xffffffffffffffff, 0x40184150, &(0x7f0000000480)={0x0, &(0x7f0000000600)="1236c08b7ce4c32cc790c82acbae55576e679409601acf1e76e7064667ddb02537bdd3202d58689162ea2d4da2f9c9252961543afdd682f9d7883f6834509429ec9c5885e94165f5d4e777c4c58355c9bd9fc9b9f548e04b8e1f4f4694f91e864b752d038bc04a055fe601e0b305db8bd246a2ec55e3713bedb572cc194606152f08f02aa9d162ea3f1cc09e031215792f270949334de9734dab6f8f3d65b3eff6aebf01f2fcbf844028f09ae4b9b450d7ddbc8acd835e754fdbce03a27dea3d896b69aaaf5d634cd3886a7c24af820020", 0xd1})
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000cfc000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r7 = socket$inet6(0xa, 0x80003, 0x80)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000001c0)="0805b5055e0bcfe8474071")
io_uring_register$IORING_REGISTER_FILES_UPDATE(0xffffffffffffffff, 0x6, &(0x7f00000000c0)={0xb6e, &(0x7f0000000040)=[0xffffffffffffffff, r7]}, 0x2)

05:39:13 executing program 1:
getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f00000000c0), &(0x7f0000000100)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000200), 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000000)=@ipx, 0x80, 0x0, 0x0, 0x0, 0xfffffec5}}], 0x1, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000280)='net/mcfilter6\x00')
preadv(r1, &(0x7f00000017c0), 0x1b4, 0x2)

syzkaller login: [  100.992975][ T9707] IPVS: ftp: loaded support on port[0] = 21
[  101.105736][ T9710] IPVS: ftp: loaded support on port[0] = 21
[  101.227238][ T9707] chnl_net:caif_netlink_parms(): no params data found
05:39:14 executing program 2:
r0 = socket$netlink(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=@delqdisc={0x6c, 0x12, 0x902a92df71b40141, 0x0, 0x0, {}, [@TCA_STAB={0x48, 0x8, [{{0x1c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, {0x6, 0x2, [0x0]}}, {{0x1c, 0x1, {0x7, 0x0, 0x0, 0x2}}, {0x4}}]}]}, 0x6c}}, 0x0)

[  101.268184][ T9710] chnl_net:caif_netlink_parms(): no params data found
[  101.360774][ T9707] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.386539][ T9707] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.395229][ T9707] device bridge_slave_0 entered promiscuous mode
[  101.430049][ T9707] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.440389][ T9707] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.448828][ T9707] device bridge_slave_1 entered promiscuous mode
[  101.465168][ T9710] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.466052][ T9714] IPVS: ftp: loaded support on port[0] = 21
[  101.472230][ T9710] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.489003][ T9710] device bridge_slave_0 entered promiscuous mode
[  101.507596][ T9710] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.524372][ T9710] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.532065][ T9710] device bridge_slave_1 entered promiscuous mode
[  101.562714][ T9707] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
05:39:14 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
syz_open_dev$mice(&(0x7f00000001c0)='/dev/input/mice\x00', 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$pptp(0x18, 0x1, 0x2)
openat$zero(0xffffffffffffff9c, &(0x7f0000000280)='/dev/zero\x00', 0x0, 0x0)
dup(r2)
ioctl$CAPI_MANUFACTURER_CMD(0xffffffffffffffff, 0xc0104320, &(0x7f0000000000)={0x4, 0x0})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000100)="b805000000b9510000000f01c10f46aacb00020066ba2100b067eeb9800000c00f3235000100000f308eb9800000c06832d6d6004000000fda3030c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x47}], 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
pipe(&(0x7f0000000100))
r3 = socket$pptp(0x18, 0x1, 0x2)
openat$zero(0xffffffffffffff9c, &(0x7f0000000280)='/dev/zero\x00', 0x0, 0x0)
dup(r3)
pipe(&(0x7f0000000100))
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, &(0x7f00000000c0)=ANY=[@ANYBLOB="e00000123602df0000020000000004000000ac14142fffff"], 0x1)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

[  101.597004][ T9707] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  101.614491][ T9710] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  101.656918][ T9710] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  101.674672][ T9707] team0: Port device team_slave_0 added
[  101.691702][ T9707] team0: Port device team_slave_1 added
[  101.738253][ T9710] team0: Port device team_slave_0 added
[  101.809135][ T9707] device hsr_slave_0 entered promiscuous mode
05:39:14 executing program 4:
r0 = socket(0x10, 0x80002, 0x0)
ioctl(r0, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe8696071")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000040)=0x2, 0xfe73)
sendmmsg(r1, &(0x7f0000002a00)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="b9", 0x300}], 0x1}}, {{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000180)="f9", 0x1}], 0x1}}], 0x2, 0x0)

[  101.884825][ T9707] device hsr_slave_1 entered promiscuous mode
[  101.955069][ T9710] team0: Port device team_slave_1 added
[  101.973038][ T9716] IPVS: ftp: loaded support on port[0] = 21
[  102.148240][ T9710] device hsr_slave_0 entered promiscuous mode
05:39:14 executing program 5:
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ttyS3\x00', 0x0, 0x0)
openat$vcs(0xffffffffffffff9c, 0x0, 0x80, 0x0)
ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)
inotify_init1(0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x80003, 0x800000000000006)
bind$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast1, 0x5}, 0x1c)
r2 = socket$netlink(0x10, 0x3, 0x4)
sendmsg$nl_generic(r2, &(0x7f0000005000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001400070000000000000000000aff0006667e27a039ffffffff00000000a00b32eadc2828417f000001e3d8760f65b27ee8125f42360500000500000053d50000009c7fb6a76dca036f42c707462124f827268beba660dbbb34ead196ece14436fac18cbc52af6879830d11e99bb79152e340385d23e3e901c0100a00000080000000003448b4da0e4c22a88600"/160], 0x48}}, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x4)
sendmsg$nl_generic(r3, &(0x7f0000005000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001400070000000000000000000aff0006667e27a039ffffffff00000000a00b32eadc2828417f000001e3d8960f65b27ee8125f42360500000500000053d50000009c7fb6a76dca036f42c707462124f827268beba660dbbb34ea91e0ac658d3837d196ece14436fac18cbc52af6879830d11e99b21bde15119f5b79153e340385d23e3e901c0100a9ccba862d73663f73448b4da0e4c22a886000000"], 0x48}}, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x4)
sendmsg$nl_generic(r4, &(0x7f0000005000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001400070000000000000000000aff0006667e27a039ffffffff00000000a00b32eadc2828417f000001e3d8960f65b27ee8125f42360500000500000053d50000009c7fb6a76dca036f42c707462124f827268beba660dbbb34ea91e0ac658d3837d196ece14436fac18cbc52af6879830d11e99b21bde15119f5b79153e340385d23e3e901c0100a9ccba862d73663f73448b4da0e4c22a886000000"], 0x48}}, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast1, 0x5}, 0x1c)
bind$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast1, 0x5}, 0x1c)
r5 = socket$netlink(0x10, 0x3, 0x4)
sendmsg$nl_generic(r5, &(0x7f0000005000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001400070000000000000000000aff0006667e27a039ffffffff00000000a00b32eadc2828417f000001e3d8960f65b27ee8125f42360500000500000053d50000009c7fb6a76dca036f42c707462124f827268beba660dbbb34ea91e0ac658d3837d196ece14436fac18cbc52af6879830d11e99b21bde15119f5b79153e340385d23e3e901c0100a9ccba862d73663f73448b4da0e4c22a886000000"], 0x48}}, 0x0)

[  102.204740][ T9710] device hsr_slave_1 entered promiscuous mode
[  102.244161][ T9710] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  102.252042][ T9710] Cannot create hsr debugfs directory
[  102.308462][ T9719] IPVS: ftp: loaded support on port[0] = 21
[  102.318988][ T9714] chnl_net:caif_netlink_parms(): no params data found
[  102.477905][ T9707] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  102.539446][ T9707] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  102.599636][ T9707] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  102.656651][ T9707] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  102.722684][ T9721] IPVS: ftp: loaded support on port[0] = 21
[  102.763291][ T9714] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.770866][ T9714] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.779078][ T9714] device bridge_slave_0 entered promiscuous mode
[  102.803187][ T9714] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.810391][ T9714] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.818303][ T9714] device bridge_slave_1 entered promiscuous mode
[  102.835878][ T9710] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  102.911611][ T9714] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  102.921273][ T9710] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  102.988362][ T9710] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  103.080496][ T9716] chnl_net:caif_netlink_parms(): no params data found
[  103.092279][ T9714] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  103.115258][ T9710] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  103.244465][ T9714] team0: Port device team_slave_0 added
[  103.253674][ T9714] team0: Port device team_slave_1 added
[  103.297906][ T9716] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.305111][ T9716] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.312823][ T9716] device bridge_slave_0 entered promiscuous mode
[  103.341324][ T9721] chnl_net:caif_netlink_parms(): no params data found
[  103.397317][ T9714] device hsr_slave_0 entered promiscuous mode
[  103.434446][ T9714] device hsr_slave_1 entered promiscuous mode
[  103.494322][ T9714] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  103.501919][ T9714] Cannot create hsr debugfs directory
[  103.511154][ T9716] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.518413][ T9716] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.526863][ T9716] device bridge_slave_1 entered promiscuous mode
[  103.558590][ T9719] chnl_net:caif_netlink_parms(): no params data found
[  103.570633][ T9716] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  103.582928][ T9716] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  103.614834][ T9716] team0: Port device team_slave_0 added
[  103.622962][ T9716] team0: Port device team_slave_1 added
[  103.715710][ T9707] 8021q: adding VLAN 0 to HW filter on device bond0
[  103.732438][ T9721] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.740035][ T9721] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.748064][ T9721] device bridge_slave_0 entered promiscuous mode
[  103.757497][ T9721] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.764680][ T9721] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.772377][ T9721] device bridge_slave_1 entered promiscuous mode
[  103.836175][ T9716] device hsr_slave_0 entered promiscuous mode
[  103.874390][ T9716] device hsr_slave_1 entered promiscuous mode
[  103.924227][ T9716] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  103.931876][ T9716] Cannot create hsr debugfs directory
[  103.939630][ T9719] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.947507][ T9719] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.955469][ T9719] device bridge_slave_0 entered promiscuous mode
[  103.973204][ T9721] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  103.993090][ T9719] bridge0: port 2(bridge_slave_1) entered blocking state
[  104.007611][ T9719] bridge0: port 2(bridge_slave_1) entered disabled state
[  104.016720][ T9719] device bridge_slave_1 entered promiscuous mode
[  104.025069][ T9721] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  104.052529][ T9707] 8021q: adding VLAN 0 to HW filter on device team0
[  104.079839][ T9719] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  104.091238][ T9721] team0: Port device team_slave_0 added
[  104.108376][ T2706] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  104.117258][ T2706] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  104.148939][ T9719] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  104.163196][ T9721] team0: Port device team_slave_1 added
[  104.173451][ T9710] 8021q: adding VLAN 0 to HW filter on device bond0
[  104.188285][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  104.197323][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  104.206437][ T3224] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.213673][ T3224] bridge0: port 1(bridge_slave_0) entered forwarding state
[  104.221934][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  104.231062][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  104.239569][ T3224] bridge0: port 2(bridge_slave_1) entered blocking state
[  104.246694][ T3224] bridge0: port 2(bridge_slave_1) entered forwarding state
[  104.287895][ T9719] team0: Port device team_slave_0 added
[  104.309612][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  104.318122][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  104.326975][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  104.336947][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  104.346664][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  104.355375][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  104.364085][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  104.377126][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  104.393185][ T9719] team0: Port device team_slave_1 added
[  104.419053][ T3210] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  104.427498][ T3210] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  104.487550][ T9721] device hsr_slave_0 entered promiscuous mode
[  104.534803][ T9721] device hsr_slave_1 entered promiscuous mode
[  104.594138][ T9721] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  104.601733][ T9721] Cannot create hsr debugfs directory
[  104.608198][ T9714] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  104.676944][ T9714] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  104.767286][ T9719] device hsr_slave_0 entered promiscuous mode
[  104.824794][ T9719] device hsr_slave_1 entered promiscuous mode
[  104.864354][ T9719] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  104.872010][ T9719] Cannot create hsr debugfs directory
[  104.880853][ T9710] 8021q: adding VLAN 0 to HW filter on device team0
[  104.888370][ T3210] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  104.900819][ T3210] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  104.917046][ T9714] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  105.000954][ T9707] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  105.013081][ T9707] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  105.023158][ T9714] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  105.081740][ T3211] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  105.090367][ T3211] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  105.124127][ T2706] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  105.132737][ T2706] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  105.141893][ T2706] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.149007][ T2706] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.156918][ T2706] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  105.166321][ T2706] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  105.174791][ T2706] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.181814][ T2706] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.227593][ T2694] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  105.240030][ T2694] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  105.287202][ T2706] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  105.302720][ T2706] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  105.329407][ T9707] 8021q: adding VLAN 0 to HW filter on device batadv0
[  105.347599][ T9716] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  105.406524][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  105.422029][ T9721] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  105.471225][ T9721] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  105.527258][ T9716] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  105.590431][ T2694] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  105.603197][ T2694] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  105.613345][ T2694] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  105.622109][ T2694] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  105.630958][ T2694] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  105.639869][ T9721] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  105.706286][ T9716] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  105.766912][ T9716] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  105.831578][ T9721] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  105.876288][ T3211] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  105.885584][ T3211] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  105.894236][ T3211] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  105.902506][ T3211] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  105.911041][ T3211] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  105.919637][ T3211] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  105.940158][ T9710] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  106.001900][ T9719] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  106.040124][ T9714] 8021q: adding VLAN 0 to HW filter on device bond0
[  106.057063][ T9719] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  106.090597][ T9719] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  106.161757][ T9707] device veth0_vlan entered promiscuous mode
[  106.182317][ T9719] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  106.225552][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  106.234740][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  106.242972][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  106.250529][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  106.258426][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  106.266636][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  106.274816][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  106.282568][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  106.299480][ T9710] 8021q: adding VLAN 0 to HW filter on device batadv0
[  106.312917][ T9714] 8021q: adding VLAN 0 to HW filter on device team0
[  106.322687][ T9707] device veth1_vlan entered promiscuous mode
[  106.351507][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  106.362236][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  106.370488][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  106.380027][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  106.388705][ T3224] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.395825][ T3224] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.404820][ T3210] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  106.424309][ T2694] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  106.433100][ T2694] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  106.482531][ T3210] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  106.497930][ T3210] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  106.507338][ T3210] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.514495][ T3210] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.525516][ T2694] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  106.570232][ T2706] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  106.609690][ T9710] device veth0_vlan entered promiscuous mode
[  106.620507][ T2694] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  106.631725][ T2694] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  106.640918][ T2694] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  106.650140][ T2694] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  106.660128][ T2694] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  106.669058][ T2694] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  106.678519][ T2694] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  106.687277][ T2694] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  106.703813][ T9714] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  106.718054][ T9714] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  106.744247][ T9728] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  106.753792][ T9710] device veth1_vlan entered promiscuous mode
[  106.770930][ T2694] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  106.780085][ T2694] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  106.787907][ T2694] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  106.797886][    C0] hrtimer: interrupt took 27084 ns
[  106.804966][ T2694] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  106.813150][ T2694] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  106.823742][ T2694] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  106.889504][ T9716] 8021q: adding VLAN 0 to HW filter on device bond0
[  106.913863][ T9721] 8021q: adding VLAN 0 to HW filter on device bond0
[  106.952065][ T2706] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  106.969967][ T2706] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  106.984422][ T2706] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  107.060893][ T9714] 8021q: adding VLAN 0 to HW filter on device batadv0
[  107.079374][ T2694] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  107.095291][ T2694] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  107.106762][ T9716] 8021q: adding VLAN 0 to HW filter on device team0
[  107.126678][ T9719] 8021q: adding VLAN 0 to HW filter on device bond0
05:39:19 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
sendmsg(0xffffffffffffffff, 0x0, 0x0)
connect$rds(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x5c831, 0xffffffffffffffff, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, 0x0, 0xffffffffffffff4f)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x14, &(0x7f0000000540)={@ipv4={[], [], @loopback}, <r4=>0x0}, 0x0)
ioctl$sock_inet6_SIOCDIFADDR(r1, 0x8936, &(0x7f00000005c0)={@loopback, 0x77, r4})
syz_open_procfs(0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xfff)
prctl$PR_GET_THP_DISABLE(0x2a)
sendmsg$inet_sctp(r3, &(0x7f0000000440)={&(0x7f0000000000)=@in6={0xa, 0x4e24, 0x433, @mcast1, 0x1f}, 0x1c, &(0x7f00000003c0)=[{&(0x7f0000000340)="acabfed8e0217c8a46e7486bed8b509bd07b8fde942dda4c2a2a8939b22eb39da5a8050446aecd71c84a76388cb755fe2708aff8c6fe4b21c2578b7b061af183b1eb291428006028952b57cde4be", 0x4e}], 0x1, &(0x7f0000000400)=[@prinfo={0x18, 0x84, 0x5, {0x10, 0x8}}, @prinfo={0x18, 0x84, 0x5, {0x20, 0x1}}], 0x30, 0x800}, 0x24000081)
open(0x0, 0x0, 0x0)
r5 = socket$inet6(0xa, 0x80003, 0x80)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000001c0)="0805b5055e0bcfe8474071")
getsockopt$IP6T_SO_GET_INFO(r5, 0x29, 0x40, &(0x7f0000000280)={'nat\x00'}, &(0x7f0000000300)=0x54)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(0xffffffffffffffff, 0xc10c5541, &(0x7f0000000140)={0x0, 0x2, 0x9, 0x0, 0x0, [], [], [], 0x0, 0x8d})
ioctl$SNDRV_PCM_IOCTL_WRITEI_FRAMES(0xffffffffffffffff, 0x40184150, &(0x7f0000000480)={0x0, &(0x7f0000000600)="1236c08b7ce4c32cc790c82acbae55576e679409601acf1e76e7064667ddb02537bdd3202d58689162ea2d4da2f9c9252961543afdd682f9d7883f6834509429ec9c5885e94165f5d4e777c4c58355c9bd9fc9b9f548e04b8e1f4f4694f91e864b752d038bc04a055fe601e0b305db8bd246a2ec55e3713bedb572cc194606152f08f02aa9d162ea3f1cc09e031215792f270949334de9734dab6f8f3d65b3eff6aebf01f2fcbf844028f09ae4b9b450d7ddbc8acd835e754fdbce03a27dea3d896b69aaaf5d634cd3886a7c24af820020", 0xd1})
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000cfc000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r7 = socket$inet6(0xa, 0x80003, 0x80)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000001c0)="0805b5055e0bcfe8474071")
io_uring_register$IORING_REGISTER_FILES_UPDATE(0xffffffffffffffff, 0x6, &(0x7f00000000c0)={0xb6e, &(0x7f0000000040)=[0xffffffffffffffff, r7]}, 0x2)

[  107.153609][ T9707] ------------[ cut here ]------------
[  107.159109][ T9707] kernel BUG at fs/namei.c:684!
[  107.172551][ T9721] 8021q: adding VLAN 0 to HW filter on device team0
[  107.185795][ T2706] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  107.193623][ T2706] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  107.210273][ T2706] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  107.215241][ T9707] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[  107.219740][ T2706] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  107.224451][ T9707] CPU: 0 PID: 9707 Comm: syz-executor.0 Not tainted 5.5.0-rc5-next-20200113-syzkaller #0
[  107.224459][ T9707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  107.224477][ T9707] RIP: 0010:unlazy_walk+0x306/0x3b0
05:39:20 executing program 1:
getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f00000000c0), &(0x7f0000000100)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000200), 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000000)=@ipx, 0x80, 0x0, 0x0, 0x0, 0xfffffec5}}], 0x1, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000280)='net/mcfilter6\x00')
preadv(r1, &(0x7f00000017c0), 0x1b4, 0x2)

[  107.224491][ T9707] Code: ff ff ff e8 6c 3f a1 ff e8 e7 d8 b3 ff 48 c7 c6 74 6c c1 81 48 c7 c7 00 f7 ba 89 e8 e4 97 99 ff e9 d8 fe ff ff e8 ca d8 b3 ff <0f> 0b e8 c3 d8 b3 ff 0f 0b e8 bc d8 b3 ff e8 27 86 a0 ff 31 ff 89
[  107.224499][ T9707] RSP: 0018:ffffc900058a7ba0 EFLAGS: 00010293
[  107.224509][ T9707] RAX: ffff88809cc36100 RBX: ffffc900058a7c60 RCX: ffffffff81c16a16
[  107.224524][ T9707] RDX: 0000000000000000 RSI: ffffffff81c16ca6 RDI: 0000000000000005
[  107.240681][ T2706] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.242384][ T9707] RBP: ffffc900058a7bd0 R08: ffff88809cc36100 R09: ffff88809cc36998
[  107.252484][ T2706] bridge0: port 1(bridge_slave_0) entered forwarding state
[  107.257597][ T9707] R10: fffffbfff1549b88 R11: ffffffff8aa4dc47 R12: 0000000000000009
[  107.257610][ T9707] R13: ffffc900058a7c68 R14: ffff88809214f9e0 R15: 0000000000000000
[  107.257626][ T9707] FS:  0000000001294940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
[  107.282080][ T2706] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  107.283268][ T9707] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  107.300658][ T9710] ------------[ cut here ]------------
[  107.306223][ T9707] CR2: 000000000075c000 CR3: 000000007d4dd000 CR4: 00000000001406f0
[  107.314179][ T9710] kernel BUG at fs/namei.c:684!
[  107.321348][ T9707] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  107.386379][ T9707] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  107.394338][ T9707] Call Trace:
[  107.397611][ T9707]  path_mountpoint.isra.0+0x1d5/0x340
[  107.402971][ T9707]  ? find_held_lock+0x35/0x130
[  107.407720][ T9707]  filename_mountpoint+0x181/0x380
[  107.412815][ T9707]  ? filename_parentat.isra.0+0x400/0x400
[  107.418517][ T9707]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[  107.424656][ T9707]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  107.430354][ T9707]  ? strncpy_from_user+0x2b4/0x400
[  107.435458][ T9707]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  107.441673][ T9707]  ? getname_flags+0x277/0x5b0
[  107.446422][ T9707]  user_path_mountpoint_at+0x3a/0x50
[  107.451696][ T9707]  ksys_umount+0x164/0xef0
[  107.456098][ T9707]  ? up_read+0x1cd/0x810
[  107.460371][ T9707]  ? __detach_mounts+0x290/0x290
[  107.465298][ T9707]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  107.470741][ T9707]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  107.476200][ T9707]  ? do_syscall_64+0x26/0x790
[  107.480860][ T9707]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  107.486912][ T9707]  ? do_syscall_64+0x26/0x790
[  107.491564][ T9707]  ? lockdep_hardirqs_on+0x421/0x5e0
[  107.496824][ T9707]  __x64_sys_umount+0x54/0x80
[  107.501479][ T9707]  do_syscall_64+0xfa/0x790
[  107.505969][ T9707]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  107.511836][ T9707] RIP: 0033:0x45d977
[  107.515718][ T9707] Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 2f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  107.535313][ T9707] RSP: 002b:00007ffffcc4b218 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[  107.543704][ T9707] RAX: ffffffffffffffda RBX: 000000000001a1c3 RCX: 000000000045d977
[  107.551652][ T9707] RDX: 0000000000403720 RSI: 0000000000000002 RDI: 00007ffffcc4b2c0
[  107.559613][ T9707] RBP: 0000000000000002 R08: 0000000000000000 R09: 000000000000000e
[  107.567683][ T9707] R10: 000000000000000a R11: 0000000000000202 R12: 00007ffffcc4c350
[  107.575637][ T9707] R13: 0000000001295940 R14: 0000000000000000 R15: 00007ffffcc4c350
[  107.583593][ T9707] Modules linked in:
[  107.587518][ T9710] invalid opcode: 0000 [#2] PREEMPT SMP KASAN
[  107.590707][ T9707] ---[ end trace 4f12985e7ff5be36 ]---
[  107.593615][ T9710] CPU: 1 PID: 9710 Comm: syz-executor.1 Tainted: G      D           5.5.0-rc5-next-20200113-syzkaller #0
[  107.599260][ T9707] RIP: 0010:unlazy_walk+0x306/0x3b0
[  107.610321][ T9710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  107.610334][ T9710] RIP: 0010:unlazy_walk+0x306/0x3b0
[  107.610348][ T9710] Code: ff ff ff e8 6c 3f a1 ff e8 e7 d8 b3 ff 48 c7 c6 74 6c c1 81 48 c7 c7 00 f7 ba 89 e8 e4 97 99 ff e9 d8 fe ff ff e8 ca d8 b3 ff <0f> 0b e8 c3 d8 b3 ff 0f 0b e8 bc d8 b3 ff e8 27 86 a0 ff 31 ff 89
[  107.610360][ T9710] RSP: 0018:ffffc900058b7ba0 EFLAGS: 00010293
[  107.615625][ T9707] Code: ff ff ff e8 6c 3f a1 ff e8 e7 d8 b3 ff 48 c7 c6 74 6c c1 81 48 c7 c7 00 f7 ba 89 e8 e4 97 99 ff e9 d8 fe ff ff e8 ca d8 b3 ff <0f> 0b e8 c3 d8 b3 ff 0f 0b e8 bc d8 b3 ff e8 27 86 a0 ff 31 ff 89
[  107.625582][ T9710] RAX: ffff88808d5001c0 RBX: ffffc900058b7c60 RCX: ffffffff81c16a16
[  107.625591][ T9710] RDX: 0000000000000000 RSI: ffffffff81c16ca6 RDI: 0000000000000005
[  107.625604][ T9710] RBP: ffffc900058b7bd0 R08: ffff88808d5001c0 R09: fffffbfff1549b89
[  107.630778][ T9707] RSP: 0018:ffffc900058a7ba0 EFLAGS: 00010293
[  107.650354][ T9710] R10: fffffbfff1549b88 R11: ffffffff8aa4dc47 R12: 0000000000000009
[  107.650363][ T9710] R13: ffffc900058b7c68 R14: ffff8880a579f9a0 R15: 0000000000000000
[  107.650372][ T9710] FS:  0000000002a3d940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
[  107.650385][ T9710] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  107.656447][ T9707] RAX: ffff88809cc36100 RBX: ffffc900058a7c60 RCX: ffffffff81c16a16
[  107.676028][ T9710] CR2: 00007ffe3eb8cfe8 CR3: 0000000079dc6000 CR4: 00000000001406e0
[  107.676039][ T9710] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  107.676051][ T9710] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  107.684187][ T9707] RDX: 0000000000000000 RSI: ffffffff81c16ca6 RDI: 0000000000000005
[  107.692137][ T9710] Call Trace:
[  107.700119][ T9707] RBP: ffffc900058a7bd0 R08: ffff88809cc36100 R09: ffff88809cc36998
[  107.706156][ T9710]  path_mountpoint.isra.0+0x1d5/0x340
[  107.706174][ T9710]  filename_mountpoint+0x181/0x380
[  107.714130][ T9707] R10: fffffbfff1549b88 R11: ffffffff8aa4dc47 R12: 0000000000000009
[  107.722081][ T9710]  ? filename_parentat.isra.0+0x400/0x400
[  107.731006][ T9707] R13: ffffc900058a7c68 R14: ffff88809214f9e0 R15: 0000000000000000
[  107.737557][ T9710]  ? setup_fault_attr+0x220/0x220
[  107.737579][ T9710]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  107.745534][ T9707] FS:  0000000001294940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
[  107.753480][ T9710]  ? strncpy_from_user+0x2b4/0x400
[  107.761460][ T9707] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  107.769417][ T9710]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  107.769431][ T9710]  ? getname_flags+0x277/0x5b0
[  107.769450][ T9710]  user_path_mountpoint_at+0x3a/0x50
[  107.777434][ T9707] CR2: 000000000075c000 CR3: 000000007d4dd000 CR4: 00000000001406f0
[  107.780703][ T9710]  ksys_umount+0x164/0xef0
[  107.788693][ T9707] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  107.794024][ T9710]  ? up_read+0x1cd/0x810
[  107.794045][ T9710]  ? __this_cpu_preempt_check+0x35/0x190
[  107.799125][ T9707] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  107.807080][ T9710]  ? __detach_mounts+0x290/0x290
[  107.807101][ T9710]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  107.812785][ T9707] Kernel panic - not syncing: Fatal exception
[  107.820799][ T9710]  ? handle_mm_fault+0x4ab/0xa50
[  107.931009][ T9710]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  107.937063][ T9710]  ? trace_hardirqs_off_caller+0x65/0x230
[  107.942767][ T9710]  __x64_sys_umount+0x54/0x80
[  107.947435][ T9710]  do_syscall_64+0xfa/0x790
[  107.951927][ T9710]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  107.957798][ T9710] RIP: 0033:0x45d977
[  107.961691][ T9710] Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 2f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  107.981277][ T9710] RSP: 002b:00007ffe3eb8d248 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[  107.989679][ T9710] RAX: ffffffffffffffda RBX: 000000000001a267 RCX: 000000000045d977
[  107.997632][ T9710] RDX: 0000000000403720 RSI: 0000000000000002 RDI: 00007ffe3eb8d2f0
[  108.005584][ T9710] RBP: 0000000000000002 R08: 0000000000000000 R09: 000000000000000e
[  108.013536][ T9710] R10: 000000000000000a R11: 0000000000000202 R12: 00007ffe3eb8e380
[  108.021501][ T9710] R13: 0000000002a3e940 R14: 0000000000000000 R15: 00007ffe3eb8e380
[  108.029466][ T9710] Modules linked in:
[  108.034606][ T9707] Kernel Offset: disabled
[  108.038930][ T9707] Rebooting in 86400 seconds..