[   77.063039][   T26] audit: type=1800 audit(1565648091.281:26): pid=10318 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   77.083487][   T26] audit: type=1800 audit(1565648091.281:27): pid=10318 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   77.083509][   T26] audit: type=1800 audit(1565648091.291:28): pid=10318 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   77.913999][   T26] audit: type=1800 audit(1565648092.151:29): pid=10318 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.34' (ECDSA) to the list of known hosts.
2019/08/12 22:15:02 fuzzer started
2019/08/12 22:15:05 dialing manager at 10.128.0.26:33609
2019/08/12 22:15:05 syscalls: 2487
2019/08/12 22:15:05 code coverage: enabled
2019/08/12 22:15:05 comparison tracing: enabled
2019/08/12 22:15:05 extra coverage: extra coverage is not supported by the kernel
2019/08/12 22:15:05 setuid sandbox: enabled
2019/08/12 22:15:05 namespace sandbox: enabled
2019/08/12 22:15:05 Android sandbox: /sys/fs/selinux/policy does not exist
2019/08/12 22:15:05 fault injection: enabled
2019/08/12 22:15:05 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/08/12 22:15:05 net packet injection: enabled
2019/08/12 22:15:05 net device setup: enabled
22:17:02 executing program 0:
mkdir(&(0x7f00000013c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='ecryptfs\x00', 0x0, &(0x7f00000000c0)='tmpfs\x00')

22:17:02 executing program 1:
syz_open_dev$evdev(&(0x7f0000000200)='/dev/input/event#\x00', 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080))
pipe2(&(0x7f0000000180), 0x0)
ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0x1)
r1 = syz_open_pts(r0, 0x0)
fanotify_init(0x0, 0x0)
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x2}, 0x0, 0x0)
socketpair$unix(0x1, 0x1000000000000005, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$TIOCVHANGUP(r1, 0x5437, 0x0)

syzkaller login: [  208.279359][T10489] IPVS: ftp: loaded support on port[0] = 21
[  208.439105][T10489] chnl_net:caif_netlink_parms(): no params data found
[  208.448600][T10492] IPVS: ftp: loaded support on port[0] = 21
[  208.508028][T10489] bridge0: port 1(bridge_slave_0) entered blocking state
[  208.515380][T10489] bridge0: port 1(bridge_slave_0) entered disabled state
[  208.523492][T10489] device bridge_slave_0 entered promiscuous mode
[  208.541967][T10489] bridge0: port 2(bridge_slave_1) entered blocking state
[  208.549524][T10489] bridge0: port 2(bridge_slave_1) entered disabled state
22:17:02 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000200)=@filter={'filter\x00', 0xe, 0x4, 0x420, [0x0, 0x200002c0, 0x200004d0, 0x20000610], 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0200000009000000000000000000697036746e6c3000000000000000000073797a6b616c6c6572300000000000006970646470300000000000000000000076657468315f746f5f7465616d0000000000000000000060000000000180c2000000000000000000000050000000a8000000d80000006d61726b0000000000000000000000000000000000000000000000000000000010000000000000000000000000000000dfffffff00000000415544495400000000000000000000000000000000000000000000000000000008000000000000432f0000000000000005000000000000000000626f6e645f736c6176655f310000000073797a6b616c6c6572300000000000007465617d5f736c6176655f310000000065727370616e01790000000000000000aaaaaaaaaabb000000000000aaaaaaaaaabb0000000000000000c0000000c00000000801000068656c70657200000000000000000004ef0000000000000000000000000000002800000000000000000000025241530000000000000000000000000000000000000000000000000000000000000000005241544545535400000000000000000000000000000000050000000000000000200000000000000073797a310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff010000000900000000000000000064756d6d793000000000000000000000697036677265746170300000000000006272696467653000000000000000000076657468500000000000000000000000ffffffffffff000000000000aae794049dd0f63a12000000000070000000c00000001001000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000000073797a31000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003000000ffffffff01000000110000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000766c616e300000000000eaffffff0000627269646765300000000000000000000180c2000000000000000000aaaaaaaaaabb00000000000000007000000070000000a0000000434f4e4e5345434d41524b00000000000000000000000000000000000000000008000100000000000000000000000018"]}, 0x498)

[  208.557724][T10489] device bridge_slave_1 entered promiscuous mode
[  208.626642][T10489] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  208.664850][T10489] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  208.689928][T10492] chnl_net:caif_netlink_parms(): no params data found
[  208.701149][T10489] team0: Port device team_slave_0 added
[  208.711254][T10489] team0: Port device team_slave_1 added
[  208.726493][T10495] IPVS: ftp: loaded support on port[0] = 21
22:17:03 executing program 3:
dup(0xffffffffffffffff)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070")
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x7, 0x0, 0x9, 0x2}, 0x10}}, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)

[  208.855600][T10489] device hsr_slave_0 entered promiscuous mode
[  208.893245][T10489] device hsr_slave_1 entered promiscuous mode
[  208.941323][T10489] bridge0: port 2(bridge_slave_1) entered blocking state
[  208.948451][T10489] bridge0: port 2(bridge_slave_1) entered forwarding state
[  208.955886][T10489] bridge0: port 1(bridge_slave_0) entered blocking state
[  208.962984][T10489] bridge0: port 1(bridge_slave_0) entered forwarding state
[  208.988271][T10492] bridge0: port 1(bridge_slave_0) entered blocking state
[  208.996453][T10492] bridge0: port 1(bridge_slave_0) entered disabled state
[  209.005394][T10492] device bridge_slave_0 entered promiscuous mode
[  209.019380][T10497] IPVS: ftp: loaded support on port[0] = 21
[  209.028496][T10492] bridge0: port 2(bridge_slave_1) entered blocking state
[  209.036735][T10492] bridge0: port 2(bridge_slave_1) entered disabled state
[  209.044976][T10492] device bridge_slave_1 entered promiscuous mode
22:17:03 executing program 4:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff})
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
r3 = memfd_create(&(0x7f0000000100)='\x00', 0x0)
dup2(r0, r3)
write$sndseq(r3, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000100)={0x0, <r4=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

[  209.107159][T10492] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  209.127605][T10492] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  209.147374][T10489] 8021q: adding VLAN 0 to HW filter on device bond0
[  209.228906][T10489] 8021q: adding VLAN 0 to HW filter on device team0
[  209.266504][T10492] team0: Port device team_slave_0 added
[  209.273649][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  209.283056][   T17] bridge0: port 1(bridge_slave_0) entered disabled state
[  209.302786][   T17] bridge0: port 2(bridge_slave_1) entered disabled state
[  209.322930][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
22:17:03 executing program 5:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070")
r1 = syz_open_dev$dri(&(0x7f0000000300)='/dev/dri/card#\x00', 0x0, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000040))

[  209.367254][T10492] team0: Port device team_slave_1 added
[  209.383262][ T2926] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  209.391760][ T2926] bridge0: port 1(bridge_slave_0) entered blocking state
[  209.398874][ T2926] bridge0: port 1(bridge_slave_0) entered forwarding state
[  209.478364][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  209.488273][   T17] bridge0: port 2(bridge_slave_1) entered blocking state
[  209.495475][   T17] bridge0: port 2(bridge_slave_1) entered forwarding state
[  209.523119][T10495] chnl_net:caif_netlink_parms(): no params data found
[  209.604595][T10492] device hsr_slave_0 entered promiscuous mode
[  209.662554][T10492] device hsr_slave_1 entered promiscuous mode
[  209.722559][T10492] debugfs: Directory 'hsr0' with parent '/' already present!
[  209.747487][T10504] IPVS: ftp: loaded support on port[0] = 21
[  209.747597][T10489] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  209.766234][T10489] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  209.791961][ T2926] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  209.800974][ T2926] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  209.809528][ T2926] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  209.818058][ T2926] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  209.826418][ T2926] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  209.834730][ T2926] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  209.843436][ T2926] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  209.851757][ T2926] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  209.860281][ T2926] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  209.868249][ T2926] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  209.893947][T10497] chnl_net:caif_netlink_parms(): no params data found
[  209.916726][T10495] bridge0: port 1(bridge_slave_0) entered blocking state
[  209.924764][T10495] bridge0: port 1(bridge_slave_0) entered disabled state
[  209.932616][T10495] device bridge_slave_0 entered promiscuous mode
[  209.942726][T10495] bridge0: port 2(bridge_slave_1) entered blocking state
[  209.949783][T10495] bridge0: port 2(bridge_slave_1) entered disabled state
[  209.957701][T10495] device bridge_slave_1 entered promiscuous mode
[  209.977416][T10489] 8021q: adding VLAN 0 to HW filter on device batadv0
[  209.999417][T10505] IPVS: ftp: loaded support on port[0] = 21
[  210.013138][T10495] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  210.041194][T10497] bridge0: port 1(bridge_slave_0) entered blocking state
[  210.049156][T10497] bridge0: port 1(bridge_slave_0) entered disabled state
[  210.057123][T10497] device bridge_slave_0 entered promiscuous mode
[  210.067279][T10497] bridge0: port 2(bridge_slave_1) entered blocking state
[  210.074429][T10497] bridge0: port 2(bridge_slave_1) entered disabled state
[  210.082260][T10497] device bridge_slave_1 entered promiscuous mode
[  210.101049][T10495] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  210.131039][T10497] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  210.150974][T10495] team0: Port device team_slave_0 added
[  210.158462][T10495] team0: Port device team_slave_1 added
[  210.168489][T10497] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  210.234406][T10495] device hsr_slave_0 entered promiscuous mode
[  210.282529][T10495] device hsr_slave_1 entered promiscuous mode
[  210.322694][T10495] debugfs: Directory 'hsr0' with parent '/' already present!
[  210.362726][T10497] team0: Port device team_slave_0 added
[  210.401416][T10497] team0: Port device team_slave_1 added
22:17:04 executing program 0:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0))
pipe(&(0x7f0000000440)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write(r1, &(0x7f0000000340), 0x41395527)
memfd_create(0x0, 0x0)
syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x88002)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
keyctl$join(0x1, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000100)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x300000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

[  210.432943][T10513] ecryptfs_parse_options: eCryptfs: unrecognized option [tmpfs]
[  210.440669][T10513] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README
[  210.453848][T10513] Error parsing options; rc = [-22]
[  210.534971][T10504] chnl_net:caif_netlink_parms(): no params data found
[  210.594958][T10497] device hsr_slave_0 entered promiscuous mode
[  210.632546][T10497] device hsr_slave_1 entered promiscuous mode
[  210.644418][    C0] hrtimer: interrupt took 24388 ns
[  210.674049][T10497] debugfs: Directory 'hsr0' with parent '/' already present!
[  210.784328][T10492] 8021q: adding VLAN 0 to HW filter on device bond0
[  210.821709][T10504] bridge0: port 1(bridge_slave_0) entered blocking state
[  210.830468][T10504] bridge0: port 1(bridge_slave_0) entered disabled state
[  210.840530][T10504] device bridge_slave_0 entered promiscuous mode
[  210.848392][T10504] bridge0: port 2(bridge_slave_1) entered blocking state
[  210.855549][T10504] bridge0: port 2(bridge_slave_1) entered disabled state
[  210.863444][T10504] device bridge_slave_1 entered promiscuous mode
[  210.870372][T10505] chnl_net:caif_netlink_parms(): no params data found
[  210.894142][T10492] 8021q: adding VLAN 0 to HW filter on device team0
[  210.915560][T10506] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  210.924373][T10506] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  210.943034][T10497] 8021q: adding VLAN 0 to HW filter on device bond0
[  210.987968][T10504] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  210.999318][T10504] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  211.010507][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  211.019468][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  211.028168][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  211.035251][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  211.042806][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  211.051332][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  211.059793][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  211.066889][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  211.075101][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  211.085923][T10505] bridge0: port 1(bridge_slave_0) entered blocking state
[  211.093162][T10505] bridge0: port 1(bridge_slave_0) entered disabled state
[  211.100848][T10505] device bridge_slave_0 entered promiscuous mode
[  211.127681][T10506] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  211.139501][T10497] 8021q: adding VLAN 0 to HW filter on device team0
[  211.147215][T10505] bridge0: port 2(bridge_slave_1) entered blocking state
[  211.154972][T10505] bridge0: port 2(bridge_slave_1) entered disabled state
[  211.163166][T10505] device bridge_slave_1 entered promiscuous mode
[  211.178004][T10504] team0: Port device team_slave_0 added
[  211.185517][T10504] team0: Port device team_slave_1 added
[  211.193552][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  211.201180][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  211.231209][T10492] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  211.242316][T10492] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  211.264691][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  211.273691][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  211.281919][   T17] bridge0: port 1(bridge_slave_0) entered blocking state
[  211.289001][   T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[  211.296726][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  211.305455][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  211.313739][   T17] bridge0: port 2(bridge_slave_1) entered blocking state
[  211.320769][   T17] bridge0: port 2(bridge_slave_1) entered forwarding state
[  211.328562][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  211.337060][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  211.345619][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  211.354322][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  211.363001][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  211.371752][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
22:17:05 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
readv(r0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/252, 0xfc}, {0x0}], 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
recvfrom$inet(r1, 0x0, 0xccf3, 0x0, 0x0, 0x800e00545)
shutdown(r0, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
readv(r2, &(0x7f0000000840)=[{&(0x7f0000000100)=""/111, 0x6f}, {0x0}, {0x0}], 0x3)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
recvfrom$inet(r3, 0x0, 0x73a0b1b, 0x0, 0x0, 0x800e00549)
r4 = dup(r2)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
recvfrom$inet(r5, 0x0, 0xccf3, 0x0, 0x0, 0x800e0053d)
shutdown(r4, 0x0)
r6 = socket$inet6_sctp(0x1c, 0x5, 0x84)
readv(r6, &(0x7f0000000700)=[{&(0x7f0000000580)=""/180, 0xb4}, {0x0}, {0x0}, {0x0}], 0x4)
shutdown(r5, 0x0)
shutdown(r3, 0x0)
shutdown(r1, 0x0)

[  211.380325][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  211.388867][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  211.397273][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  211.406236][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  211.414955][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  211.423601][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  211.442409][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  211.450976][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  211.459540][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  211.467890][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  211.476376][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  211.484806][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  211.493171][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  211.501047][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  211.508981][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  211.519249][T10505] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  211.533066][T10505] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  211.550643][T10495] 8021q: adding VLAN 0 to HW filter on device bond0
[  211.560909][T10497] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  211.613869][T10504] device hsr_slave_0 entered promiscuous mode
[  211.652506][T10504] device hsr_slave_1 entered promiscuous mode
22:17:05 executing program 0:
setxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422)
clock_gettime(0x0, 0x0)
eventfd(0x0)
fstat(0xffffffffffffffff, 0x0)
rt_sigprocmask(0x2, &(0x7f0000006700), &(0x7f0000006740), 0x8)
lsetxattr$security_selinux(0x0, 0x0, 0x0, 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, 0x0)

[  211.692255][T10504] debugfs: Directory 'hsr0' with parent '/' already present!
[  211.719186][T10495] 8021q: adding VLAN 0 to HW filter on device team0
22:17:06 executing program 0:
r0 = syz_open_dev$dri(&(0x7f00000001c0)='/dev/dri/card#\x00', 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f00000002c0)={0x74})

[  211.735317][ T2926] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  211.744247][ T2926] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  211.753160][ T2926] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  211.760954][ T2926] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
22:17:06 executing program 0:
perf_event_open(&(0x7f000001d000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = epoll_create1(0x0)
fcntl$lock(r0, 0x24, &(0x7f0000000000))

[  211.802800][T10492] 8021q: adding VLAN 0 to HW filter on device batadv0
[  211.847778][T10505] team0: Port device team_slave_0 added
[  211.860308][T10506] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  211.870803][T10506] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  211.890841][T10506] bridge0: port 1(bridge_slave_0) entered blocking state
[  211.898053][T10506] bridge0: port 1(bridge_slave_0) entered forwarding state
[  211.910428][T10506] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  211.919042][T10506] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  211.928015][T10506] bridge0: port 2(bridge_slave_1) entered blocking state
[  211.935223][T10506] bridge0: port 2(bridge_slave_1) entered forwarding state
[  211.949317][T10497] 8021q: adding VLAN 0 to HW filter on device batadv0
[  211.964540][T10505] team0: Port device team_slave_1 added
[  211.971477][T10506] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  211.985196][T10506] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
22:17:06 executing program 0:
getsockname$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000040))
poll(&(0x7f00000000c0), 0x2, 0x42)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
recvfrom$inet(r0, 0x0, 0xfd1d, 0x0, 0x0, 0x800e00509)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
listen(0xffffffffffffffff, 0x0)
recvfrom$inet(r1, 0x0, 0xccf3, 0x0, 0x0, 0x800e0050e)
shutdown(r0, 0x0)
shutdown(r1, 0x0)

[  211.994861][T10506] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  212.035747][T10495] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  212.049721][T10495] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  212.085692][T10500] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  212.100896][T10500] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  212.114966][T10500] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  212.124042][T10500] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  212.132638][T10500] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  212.140890][T10500] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  212.149545][T10500] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  212.157914][T10500] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  212.166658][T10500] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  212.174519][T10500] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  212.248074][T10505] device hsr_slave_0 entered promiscuous mode
22:17:06 executing program 0:
socket$unix(0x1, 0x0, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070")
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x689, 0x3}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0x86ddffff, @remote={0xfe, 0x80, [0x3, 0x543, 0x700, 0x5, 0x50000000000000d, 0x8848000000f0ffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0x7, 0x608], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0x3, 0x4, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3, 0x0, 0x0, 0x5]}, @mcast2={0x11, 0x5}}}}}}}}, 0x0)

[  212.292427][T10505] device hsr_slave_1 entered promiscuous mode
[  212.343962][T10505] debugfs: Directory 'hsr0' with parent '/' already present!
[  212.378220][T10495] 8021q: adding VLAN 0 to HW filter on device batadv0
[  212.421239][T10504] 8021q: adding VLAN 0 to HW filter on device bond0
[  212.457807][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
22:17:06 executing program 1:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000140)={<r1=>0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @remote}]}, &(0x7f0000000180)=0x3ad)
setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000000)={r1, 0x4b09}, 0x10)

[  212.474199][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  212.515371][T10504] 8021q: adding VLAN 0 to HW filter on device team0
[  212.544577][T10500] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  212.555186][T10500] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  212.573723][T10500] bridge0: port 1(bridge_slave_0) entered blocking state
[  212.580801][T10500] bridge0: port 1(bridge_slave_0) entered forwarding state
[  212.603558][T10505] 8021q: adding VLAN 0 to HW filter on device bond0
[  212.619318][ T2926] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  212.629550][ T2926] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  212.638845][ T2926] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  212.653534][ T2926] bridge0: port 2(bridge_slave_1) entered blocking state
[  212.660615][ T2926] bridge0: port 2(bridge_slave_1) entered forwarding state
[  212.691980][T10505] 8021q: adding VLAN 0 to HW filter on device team0
[  212.706122][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  212.714987][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
22:17:07 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000200)=@filter={'filter\x00', 0xe, 0x4, 0x420, [0x0, 0x200002c0, 0x200004d0, 0x20000610], 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0200000009000000000000000000697036746e6c3000000000000000000073797a6b616c6c6572300000000000006970646470300000000000000000000076657468315f746f5f7465616d0000000000000000000060000000000180c2000000000000000000000050000000a8000000d80000006d61726b0000000000000000000000000000000000000000000000000000000010000000000000000000000000000000dfffffff00000000415544495400000000000000000000000000000000000000000000000000000008000000000000432f0000000000000005000000000000000000626f6e645f736c6176655f310000000073797a6b616c6c6572300000000000007465617d5f736c6176655f310000000065727370616e01790000000000000000aaaaaaaaaabb000000000000aaaaaaaaaabb0000000000000000c0000000c00000000801000068656c70657200000000000000000004ef0000000000000000000000000000002800000000000000000000025241530000000000000000000000000000000000000000000000000000000000000000005241544545535400000000000000000000000000000000050000000000000000200000000000000073797a310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff010000000900000000000000000064756d6d793000000000000000000000697036677265746170300000000000006272696467653000000000000000000076657468500000000000000000000000ffffffffffff000000000000aae794049dd0f63a12000000000070000000c00000001001000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000000073797a31000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003000000ffffffff01000000110000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000766c616e300000000000eaffffff0000627269646765300000000000000000000180c2000000000000000000aaaaaaaaaabb00000000000000007000000070000000a0000000434f4e4e5345434d41524b00000000000000000000000000000000000000000008000100000000000000000000000018"]}, 0x498)

[  212.735942][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  212.759607][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  212.770876][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  212.778855][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  212.799918][T10504] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  212.823552][T10504] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  212.837679][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  212.846809][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  212.858086][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  212.867313][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  212.878600][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  212.889900][   T17] bridge0: port 1(bridge_slave_0) entered blocking state
[  212.897010][   T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[  212.905196][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  212.913879][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  212.925271][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  212.934213][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  212.945402][   T17] bridge0: port 2(bridge_slave_1) entered blocking state
[  212.952507][   T17] bridge0: port 2(bridge_slave_1) entered forwarding state
[  212.960213][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  212.972815][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  212.981057][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  212.994715][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  213.005407][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  213.013358][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  213.039243][T10504] 8021q: adding VLAN 0 to HW filter on device batadv0
[  213.046977][ T3491] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  213.065471][ T3491] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  213.082739][ T3491] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  213.099775][T10505] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  213.110836][T10505] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  213.126906][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  213.139250][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  213.149252][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  213.157925][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  213.166731][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  213.175132][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  213.184028][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
22:17:07 executing program 3:
openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
geteuid()
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0)
openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000480)='cgroup.type\x00', 0x2, 0x0)
creat(0x0, 0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)

[  213.227236][T10505] 8021q: adding VLAN 0 to HW filter on device batadv0
22:17:08 executing program 4:
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000600)={0xa, 0x4e22, 0x0, @mcast2, 0x6}, 0x1c)
syz_emit_ethernet(0x3e, &(0x7f0000694ffe)={@local, @link_local, [], {@ipv6={0x86dd, {0x0, 0x6, "06f526", 0x8, 0x11, 0x0, @empty, @mcast2, {[], @udp={0x0, 0x4e22, 0x8}}}}}}, 0x0)

22:17:08 executing program 0:
gettid()
request_key(0x0, 0x0, 0x0, 0xfffffffffffffffe)
write$P9_RRENAMEAT(0xffffffffffffffff, &(0x7f00000001c0)={0x7}, 0x7)
getdents(0xffffffffffffffff, 0x0, 0x0)

22:17:08 executing program 1:
ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={'syzkaller0\x00', {0x2, 0x4e21, @local}})
set_mempolicy(0x0, 0xffffffffffffffff, 0x4e)

22:17:08 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000200)=@filter={'filter\x00', 0xe, 0x4, 0x420, [0x0, 0x200002c0, 0x200004d0, 0x20000610], 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0200000009000000000000000000697036746e6c3000000000000000000073797a6b616c6c6572300000000000006970646470300000000000000000000076657468315f746f5f7465616d0000000000000000000060000000000180c2000000000000000000000050000000a8000000d80000006d61726b0000000000000000000000000000000000000000000000000000000010000000000000000000000000000000dfffffff00000000415544495400000000000000000000000000000000000000000000000000000008000000000000432f0000000000000005000000000000000000626f6e645f736c6176655f310000000073797a6b616c6c6572300000000000007465617d5f736c6176655f310000000065727370616e01790000000000000000aaaaaaaaaabb000000000000aaaaaaaaaabb0000000000000000c0000000c00000000801000068656c70657200000000000000000004ef0000000000000000000000000000002800000000000000000000025241530000000000000000000000000000000000000000000000000000000000000000005241544545535400000000000000000000000000000000050000000000000000200000000000000073797a310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff010000000900000000000000000064756d6d793000000000000000000000697036677265746170300000000000006272696467653000000000000000000076657468500000000000000000000000ffffffffffff000000000000aae794049dd0f63a12000000000070000000c00000001001000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000000073797a31000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003000000ffffffff01000000110000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000766c616e300000000000eaffffff0000627269646765300000000000000000000180c2000000000000000000aaaaaaaaaabb00000000000000007000000070000000a0000000434f4e4e5345434d41524b00000000000000000000000000000000000000000008000100000000000000000000000018"]}, 0x498)

22:17:08 executing program 3:
r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x6, 0x20000)
ioctl$NBD_SET_FLAGS(r0, 0xab0a, 0x3)
socket$rxrpc(0x21, 0x2, 0xa)
bind$rxrpc(0xffffffffffffffff, &(0x7f00000000c0)=@in6={0x21, 0x0, 0x2, 0x1c, {0x2, 0x0, 0x0, @loopback}}, 0x24)
setsockopt$inet_sctp6_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, &(0x7f0000000140)=0x9, 0x4)
ioctl$PPPIOCSDEBUG(r0, 0x40047440, &(0x7f00000003c0)=0x7)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000100)=0x74, 0x4)
lsetxattr$security_capability(&(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0)='security.capability\x00', &(0x7f0000000300)=@v1={0x1000000, [{0x58, 0xa000}]}, 0xc, 0x0)
geteuid()
fstat(0xffffffffffffffff, 0x0)
bind$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10)
ioctl$sock_inet_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000240)={0x0, {0x2, 0x4e22, @rand_addr=0x2}, {0x2, 0x4e24, @remote}, {0x2, 0x0, @local}, 0x1a0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x6, 0x2, 0x201})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000340)={0x2, 0x4e23, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x4)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000200)=ANY=[@ANYRES32, @ANYRES16=0x0], 0x1017f)
socket$isdn_base(0x22, 0x3, 0x0)
ioctl$sock_bt_cmtp_CMTPCONNDEL(0xffffffffffffffff, 0x400443c9, &(0x7f0000000400)={{0x4d0, 0x7, 0x2, 0x6, 0x6, 0x401}, 0x80})
ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f0000000000)={0x0, 0x9, [0x1ff], 0x6})
ioctl$sock_SIOCOUTQNSD(0xffffffffffffffff, 0x894b, 0x0)

22:17:08 executing program 5:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070")
r1 = syz_open_dev$dri(&(0x7f0000000300)='/dev/dri/card#\x00', 0x0, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0)
ioctl$DRM_IOCTL_AGP_INFO(r1, 0x80386433, 0x0)

22:17:08 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000200)=@filter={'filter\x00', 0xe, 0x4, 0x420, [0x0, 0x200002c0, 0x200004d0, 0x20000610], 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0200000009000000000000000000697036746e6c3000000000000000000073797a6b616c6c6572300000000000006970646470300000000000000000000076657468315f746f5f7465616d0000000000000000000060000000000180c2000000000000000000000050000000a8000000d80000006d61726b0000000000000000000000000000000000000000000000000000000010000000000000000000000000000000dfffffff00000000415544495400000000000000000000000000000000000000000000000000000008000000000000432f0000000000000005000000000000000000626f6e645f736c6176655f310000000073797a6b616c6c6572300000000000007465617d5f736c6176655f310000000065727370616e01790000000000000000aaaaaaaaaabb000000000000aaaaaaaaaabb0000000000000000c0000000c00000000801000068656c70657200000000000000000004ef0000000000000000000000000000002800000000000000000000025241530000000000000000000000000000000000000000000000000000000000000000005241544545535400000000000000000000000000000000050000000000000000200000000000000073797a310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff010000000900000000000000000064756d6d793000000000000000000000697036677265746170300000000000006272696467653000000000000000000076657468500000000000000000000000ffffffffffff000000000000aae794049dd0f63a12000000000070000000c00000001001000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000000073797a31000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003000000ffffffff01000000110000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000766c616e300000000000eaffffff0000627269646765300000000000000000000180c2000000000000000000aaaaaaaaaabb00000000000000007000000070000000a0000000434f4e4e5345434d41524b00000000000000000000000000000000000000000008000100000000000000000000000018"]}, 0x498)

22:17:08 executing program 0:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fuse\x00', 0x2, 0x0)
close(r1)

22:17:08 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
getpgid(0x0)
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prctl$PR_CAPBSET_READ(0x17, 0x7)
r0 = memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0)
r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x100000000000001)
r2 = dup2(r1, r0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000300)={0x4, 0x0, 0x1, 'queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00'})
ioctl$BLKREPORTZONE(r2, 0xc0101282, &(0x7f00000003c0)=ANY=[])
ioctl$DRM_IOCTL_RM_MAP(r2, 0x4028641b, &(0x7f0000000280)={0x0, 0x0, 0x5, 0x0, &(0x7f0000ffb000/0x4000)=nil})

22:17:08 executing program 5:
r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x6, 0x20000)
socket$rxrpc(0x21, 0x2, 0xa)
bind$rxrpc(0xffffffffffffffff, &(0x7f00000000c0)=@in6={0x21, 0x0, 0x2, 0x1c, {0x2, 0x0, 0x0, @loopback}}, 0x24)
setsockopt$inet_sctp6_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, &(0x7f0000000140)=0x9, 0x4)
ioctl$PPPIOCSDEBUG(r0, 0x40047440, &(0x7f00000003c0)=0x7)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000100)=0x74, 0x4)
geteuid()
bind$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10)
ioctl$sock_inet_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000240)={0x0, {0x2, 0x4e22}, {0x2, 0x4e24, @remote}, {0x2, 0x0, @local}, 0x1a0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x6, 0x2, 0x201})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000340)={0x2, 0x4e23, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x4)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000200)=ANY=[@ANYRES32, @ANYRES16=0x0], 0x1017f)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$sock_bt_cmtp_CMTPCONNDEL(r2, 0x400443c9, &(0x7f0000000400)={{0x4d0, 0x7, 0x2, 0x6, 0x6, 0x401}, 0x80})
ioctl$TCSETXW(r2, 0x5435, &(0x7f0000000000)={0x0, 0x9, [0x1ff], 0x6})
ioctl$sock_SIOCOUTQNSD(0xffffffffffffffff, 0x894b, 0x0)

22:17:08 executing program 4:
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xfffffc8f)
r3 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0)
mmap(&(0x7f0000008000/0x600000)=nil, 0x600000, 0x0, 0x11, r3, 0x0)
ioctl$sock_proto_private(0xffffffffffffffff, 0x0, 0x0)
sendto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
splice(r0, 0x0, r2, 0x0, 0x100000000ffe0, 0x0)

22:17:08 executing program 2:
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000200)=@filter={'filter\x00', 0xe, 0x4, 0x420, [0x0, 0x200002c0, 0x200004d0, 0x20000610], 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0200000009000000000000000000697036746e6c3000000000000000000073797a6b616c6c6572300000000000006970646470300000000000000000000076657468315f746f5f7465616d0000000000000000000060000000000180c2000000000000000000000050000000a8000000d80000006d61726b0000000000000000000000000000000000000000000000000000000010000000000000000000000000000000dfffffff00000000415544495400000000000000000000000000000000000000000000000000000008000000000000432f0000000000000005000000000000000000626f6e645f736c6176655f310000000073797a6b616c6c6572300000000000007465617d5f736c6176655f310000000065727370616e01790000000000000000aaaaaaaaaabb000000000000aaaaaaaaaabb0000000000000000c0000000c00000000801000068656c70657200000000000000000004ef0000000000000000000000000000002800000000000000000000025241530000000000000000000000000000000000000000000000000000000000000000005241544545535400000000000000000000000000000000050000000000000000200000000000000073797a310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff010000000900000000000000000064756d6d793000000000000000000000697036677265746170300000000000006272696467653000000000000000000076657468500000000000000000000000ffffffffffff000000000000aae794049dd0f63a12000000000070000000c00000001001000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000000073797a31000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003000000ffffffff01000000110000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000766c616e300000000000eaffffff0000627269646765300000000000000000000180c2000000000000000000aaaaaaaaaabb00000000000000007000000070000000a0000000434f4e4e5345434d41524b00000000000000000000000000000000000000000008000100000000000000000000000018"]}, 0x498)

22:17:08 executing program 2:
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000200)=@filter={'filter\x00', 0xe, 0x4, 0x420, [0x0, 0x200002c0, 0x200004d0, 0x20000610], 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0200000009000000000000000000697036746e6c3000000000000000000073797a6b616c6c6572300000000000006970646470300000000000000000000076657468315f746f5f7465616d0000000000000000000060000000000180c2000000000000000000000050000000a8000000d80000006d61726b0000000000000000000000000000000000000000000000000000000010000000000000000000000000000000dfffffff00000000415544495400000000000000000000000000000000000000000000000000000008000000000000432f0000000000000005000000000000000000626f6e645f736c6176655f310000000073797a6b616c6c6572300000000000007465617d5f736c6176655f310000000065727370616e01790000000000000000aaaaaaaaaabb000000000000aaaaaaaaaabb0000000000000000c0000000c00000000801000068656c70657200000000000000000004ef0000000000000000000000000000002800000000000000000000025241530000000000000000000000000000000000000000000000000000000000000000005241544545535400000000000000000000000000000000050000000000000000200000000000000073797a310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff010000000900000000000000000064756d6d793000000000000000000000697036677265746170300000000000006272696467653000000000000000000076657468500000000000000000000000ffffffffffff000000000000aae794049dd0f63a12000000000070000000c00000001001000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000000073797a31000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003000000ffffffff01000000110000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000766c616e300000000000eaffffff0000627269646765300000000000000000000180c2000000000000000000aaaaaaaaaabb00000000000000007000000070000000a0000000434f4e4e5345434d41524b00000000000000000000000000000000000000000008000100000000000000000000000018"]}, 0x498)

22:17:08 executing program 0:
syz_init_net_socket$bt_l2cap(0x1f, 0x200000000001, 0x3)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(0xffffffffffffffff, 0x40bc5311, 0x0)
r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000240)='/dev/full\x00', 0xc240, 0x0)
getsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, 0x0, &(0x7f00000002c0)=0xffffffffffffff07)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0)
r2 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x2)
setsockopt$inet6_MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f00000003c0)={{0xa, 0x4e20, 0x8, @mcast1, 0x6}, {0xa, 0x0, 0x1, @loopback, 0x100000000000000}, 0x0, [0x0, 0x1, 0x6, 0x7fff, 0x9, 0x7fffffff, 0x458a, 0x9]}, 0x5c)
r3 = dup2(r2, r1)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000140)={0x0, 0x0, 0x0, 'queue1\x00\x00\x02\x00\x1a\x00\x00\x00\x00\x1d\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x85\x00'})
write$sndseq(r1, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}], 0xffffff76)

22:17:08 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
getpgid(0x0)
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prctl$PR_CAPBSET_READ(0x17, 0x7)
r0 = memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0)
r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x100000000000001)
r2 = dup2(r1, r0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000300)={0x4, 0x0, 0x1, 'queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00'})
ioctl$BLKREPORTZONE(r2, 0xc0101282, &(0x7f00000003c0)=ANY=[])
ioctl$DRM_IOCTL_RM_MAP(r2, 0x4028641b, &(0x7f0000000280)={0x0, 0x0, 0x5, 0x0, &(0x7f0000ffb000/0x4000)=nil})

22:17:08 executing program 2:
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000200)=@filter={'filter\x00', 0xe, 0x4, 0x420, [0x0, 0x200002c0, 0x200004d0, 0x20000610], 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0200000009000000000000000000697036746e6c3000000000000000000073797a6b616c6c6572300000000000006970646470300000000000000000000076657468315f746f5f7465616d0000000000000000000060000000000180c2000000000000000000000050000000a8000000d80000006d61726b0000000000000000000000000000000000000000000000000000000010000000000000000000000000000000dfffffff00000000415544495400000000000000000000000000000000000000000000000000000008000000000000432f0000000000000005000000000000000000626f6e645f736c6176655f310000000073797a6b616c6c6572300000000000007465617d5f736c6176655f310000000065727370616e01790000000000000000aaaaaaaaaabb000000000000aaaaaaaaaabb0000000000000000c0000000c00000000801000068656c70657200000000000000000004ef0000000000000000000000000000002800000000000000000000025241530000000000000000000000000000000000000000000000000000000000000000005241544545535400000000000000000000000000000000050000000000000000200000000000000073797a310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff010000000900000000000000000064756d6d793000000000000000000000697036677265746170300000000000006272696467653000000000000000000076657468500000000000000000000000ffffffffffff000000000000aae794049dd0f63a12000000000070000000c00000001001000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000000073797a31000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003000000ffffffff01000000110000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000766c616e300000000000eaffffff0000627269646765300000000000000000000180c2000000000000000000aaaaaaaaaabb00000000000000007000000070000000a0000000434f4e4e5345434d41524b00000000000000000000000000000000000000000008000100000000000000000000000018"]}, 0x498)

[  214.923762][T10669] ==================================================================
[  214.931933][T10669] BUG: KASAN: null-ptr-deref in rxrpc_unuse_local+0x23/0x70
[  214.939239][T10669] Write of size 4 at addr 0000000000000010 by task syz-executor.3/10669
[  214.947569][T10669] 
[  214.949923][T10669] CPU: 0 PID: 10669 Comm: syz-executor.3 Not tainted 5.3.0-rc4-next-20190812+ #64
[  214.959118][T10669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  214.969520][T10669] Call Trace:
[  214.972853][T10669]  dump_stack+0x172/0x1f0
[  214.977221][T10669]  ? rxrpc_unuse_local+0x23/0x70
[  214.982166][T10669]  ? rxrpc_unuse_local+0x23/0x70
[  214.987113][T10669]  __kasan_report.cold+0x5/0x36
[  214.991961][T10669]  ? _raw_spin_unlock_irqrestore+0x11/0xe0
[  214.997864][T10669]  ? rxrpc_unuse_local+0x23/0x70
[  215.002797][T10669]  kasan_report+0x12/0x17
[  215.007258][T10669]  check_memory_region+0x134/0x1a0
[  215.012478][T10669]  __kasan_check_write+0x14/0x20
[  215.017427][T10669]  rxrpc_unuse_local+0x23/0x70
[  215.022198][T10669]  rxrpc_release+0x47d/0x840
[  215.026803][T10669]  __sock_release+0xce/0x280
[  215.031419][T10669]  sock_close+0x1e/0x30
[  215.035583][T10669]  __fput+0x2ff/0x890
[  215.039569][T10669]  ? __sock_release+0x280/0x280
[  215.044414][T10669]  ____fput+0x16/0x20
[  215.048469][T10669]  task_work_run+0x145/0x1c0
[  215.053084][T10669]  exit_to_usermode_loop+0x316/0x380
[  215.058376][T10669]  do_syscall_64+0x65f/0x760
[  215.062962][T10669]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  215.068846][T10669] RIP: 0033:0x413511
[  215.072833][T10669] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[  215.092631][T10669] RSP: 002b:00007ffdf654a340 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  215.101051][T10669] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000413511
[  215.109030][T10669] RDX: 0000001b2bc20000 RSI: 0000000000000dcb RDI: 0000000000000003
[  215.117006][T10669] RBP: 0000000000000001 R08: 000000002a3c2dcb R09: 000000002a3c2dcf
[  215.125168][T10669] R10: 00007ffdf654a420 R11: 0000000000000293 R12: 000000000075c9a0
[  215.133143][T10669] R13: 000000000075c9a0 R14: 0000000000761f00 R15: ffffffffffffffff
[  215.141337][T10669] ==================================================================
[  215.154029][T10669] Kernel panic - not syncing: panic_on_warn set ...
[  215.160654][T10669] CPU: 1 PID: 10669 Comm: syz-executor.3 Tainted: G    B             5.3.0-rc4-next-20190812+ #64
[  215.171778][T10669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  215.181969][T10669] Call Trace:
[  215.185271][T10669]  dump_stack+0x172/0x1f0
[  215.189569][T10686] BUG: kernel NULL pointer dereference, address: 0000000000000010
[  215.189610][T10669]  panic+0x2dc/0x755
[  215.197400][T10686] #PF: supervisor write access in kernel mode
[  215.201549][T10669]  ? add_taint.cold+0x16/0x16
[  215.207587][T10686] #PF: error_code(0x0002) - not-present page
[  215.212280][T10669]  ? rxrpc_unuse_local+0x23/0x70
[  215.218236][T10686] PGD 96129067 P4D 96129067 PUD a2309067 PMD 0 
[  215.223172][T10669]  ? preempt_schedule+0x4b/0x60
[  215.229384][T10686] Oops: 0002 [#1] PREEMPT SMP KASAN
[  215.234246][T10669]  ? ___preempt_schedule+0x16/0x20
[  215.239420][T10686] CPU: 0 PID: 10686 Comm: syz-executor.5 Tainted: G    B             5.3.0-rc4-next-20190812+ #64
[  215.244637][T10669]  ? trace_hardirqs_on+0x5e/0x240
[  215.255192][T10686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  215.260392][T10669]  ? rxrpc_unuse_local+0x23/0x70
[  215.270431][T10686] RIP: 0010:rxrpc_unuse_local+0x23/0x70
[  215.275349][T10669]  end_report+0x47/0x4f
[  215.280872][T10686] Code: 1f 84 00 00 00 00 00 55 48 89 e5 41 54 49 89 fc 53 bb ff ff ff ff e8 1c 04 d4 fa 49 8d 7c 24 10 be 04 00 00 00 e8 bd ca 0e fb <f0> 41 0f c1 5c 24 10 bf 01 00 00 00 89 de e8 7a 05 d4 fa 83 fb 01
[  215.285011][T10669]  ? rxrpc_unuse_local+0x23/0x70
[  215.304596][T10686] RSP: 0018:ffff88805f1afd58 EFLAGS: 00010246
[  215.309534][T10669]  __kasan_report.cold+0xe/0x36
[  215.315568][T10686] RAX: 0000000000000000 RBX: 00000000ffffffff RCX: ffffffff869e1853
[  215.320422][T10669]  ? _raw_spin_unlock_irqrestore+0x11/0xe0
[  215.328380][T10686] RDX: 0000000000000001 RSI: 0000000000000004 RDI: 0000000000000010
[  215.334175][T10669]  ? rxrpc_unuse_local+0x23/0x70
[  215.342118][T10686] RBP: ffff88805f1afd68 R08: ffff88805f19a180 R09: fffffbfff138c571
[  215.342133][T10686] R10: fffffbfff138c570 R11: ffffffff89c62b87 R12: 0000000000000000
[  215.347076][T10669]  kasan_report+0x12/0x17
[  215.355034][T10686] R13: ffff88809aa97412 R14: ffff888063100700 R15: ffff88809aa97888
[  215.363010][T10669]  check_memory_region+0x134/0x1a0
[  215.367311][T10686] FS:  000055555707b940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
[  215.375282][T10669]  __kasan_check_write+0x14/0x20
[  215.380455][T10686] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  215.389372][T10669]  rxrpc_unuse_local+0x23/0x70
[  215.394280][T10686] CR2: 0000000000000010 CR3: 0000000096274000 CR4: 00000000001406f0
[  215.400859][T10669]  rxrpc_release+0x47d/0x840
[  215.405597][T10686] Call Trace:
[  215.413564][T10669]  __sock_release+0xce/0x280
[  215.418148][T10686]  rxrpc_release+0x47d/0x840
[  215.421586][T10669]  sock_close+0x1e/0x30
[  215.426242][T10686]  __sock_release+0xce/0x280
[  215.430815][T10669]  __fput+0x2ff/0x890
[  215.434942][T10686]  sock_close+0x1e/0x30
[  215.439518][T10669]  ? __sock_release+0x280/0x280
[  215.443486][T10686]  __fput+0x2ff/0x890
[  215.447629][T10669]  ____fput+0x16/0x20
[  215.452460][T10686]  ? __sock_release+0x280/0x280
[  215.456427][T10669]  task_work_run+0x145/0x1c0
[  215.460385][T10686]  ____fput+0x16/0x20
[  215.465235][T10669]  exit_to_usermode_loop+0x316/0x380
[  215.469804][T10686]  task_work_run+0x145/0x1c0
[  215.473767][T10669]  do_syscall_64+0x65f/0x760
[  215.479037][T10686]  exit_to_usermode_loop+0x316/0x380
[  215.483620][T10669]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  215.488216][T10686]  do_syscall_64+0x65f/0x760
[  215.493490][T10669] RIP: 0033:0x413511
[  215.499371][T10686]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  215.503947][T10669] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[  215.507820][T10686] RIP: 0033:0x413511
[  215.513692][T10669] RSP: 002b:00007ffdf654a340 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  215.533587][T10686] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[  215.537555][T10669] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000413511
[  215.547415][T10686] RSP: 002b:00007fffd84195a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  215.568695][T10669] RDX: 0000001b2bc20000 RSI: 0000000000000dcb RDI: 0000000000000003
[  215.577997][T10686] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000413511
[  215.586672][T10669] RBP: 0000000000000001 R08: 000000002a3c2dcb R09: 000000002a3c2dcf
[  215.594638][T10686] RDX: 0000001b2c220000 RSI: 0000000000001a10 RDI: 0000000000000003
[  215.602636][T10669] R10: 00007ffdf654a420 R11: 0000000000000293 R12: 000000000075c9a0
[  215.610597][T10686] RBP: 0000000000000001 R08: 00000000d0053a10 R09: 00000000d0053a14
[  215.618560][T10669] R13: 000000000075c9a0 R14: 0000000000761f00 R15: ffffffffffffffff
[  215.626524][T10686] R10: 00007fffd8419680 R11: 0000000000000293 R12: 000000000075c9a0
[  215.652334][T10686] R13: 000000000075c9a0 R14: 0000000000761cd8 R15: ffffffffffffffff
[  215.660321][T10686] Modules linked in:
[  215.664234][T10686] CR2: 0000000000000010
[  215.669610][T10669] Kernel Offset: disabled
[  215.673969][T10669] Rebooting in 86400 seconds..