[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   61.586342][   T26] audit: type=1800 audit(1572219941.946:25): pid=8558 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   61.610772][   T26] audit: type=1800 audit(1572219941.946:26): pid=8558 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   61.651609][   T26] audit: type=1800 audit(1572219941.946:27): pid=8558 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.148' (ECDSA) to the list of known hosts.
2019/10/27 23:45:51 fuzzer started
2019/10/27 23:45:53 dialing manager at 10.128.0.26:34793
2019/10/27 23:45:53 syscalls: 2534
2019/10/27 23:45:53 code coverage: enabled
2019/10/27 23:45:53 comparison tracing: enabled
2019/10/27 23:45:53 extra coverage: extra coverage is not supported by the kernel
2019/10/27 23:45:53 setuid sandbox: enabled
2019/10/27 23:45:53 namespace sandbox: enabled
2019/10/27 23:45:53 Android sandbox: /sys/fs/selinux/policy does not exist
2019/10/27 23:45:53 fault injection: enabled
2019/10/27 23:45:53 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/10/27 23:45:53 net packet injection: enabled
2019/10/27 23:45:53 net device setup: enabled
2019/10/27 23:45:53 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
23:48:03 executing program 0:
r0 = syz_open_dev$sndseq(&(0x7f00000003c0)='/dev/snd/seq\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r0, 0x408c5333, 0xfffffffffffffffd)

23:48:03 executing program 1:
socketpair(0x1e, 0x4, 0x0, &(0x7f0000000140)={0x0, <r0=>0x0})
recvmsg(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f0000001000)=[{&(0x7f0000000e00)=""/229, 0xe5}], 0x1}, 0x40020044)

syzkaller login: [  203.079623][ T8725] IPVS: ftp: loaded support on port[0] = 21
[  203.231766][ T8725] chnl_net:caif_netlink_parms(): no params data found
[  203.251933][ T8728] IPVS: ftp: loaded support on port[0] = 21
23:48:03 executing program 2:
r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
write$cgroup_type(r0, &(0x7f0000000080)='threaded\x00', 0xfffffe58)
fallocate(r0, 0x0, 0x0, 0x8000)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)

[  203.310239][ T8725] bridge0: port 1(bridge_slave_0) entered blocking state
[  203.319249][ T8725] bridge0: port 1(bridge_slave_0) entered disabled state
[  203.327880][ T8725] device bridge_slave_0 entered promiscuous mode
[  203.355546][ T8725] bridge0: port 2(bridge_slave_1) entered blocking state
[  203.365200][ T8725] bridge0: port 2(bridge_slave_1) entered disabled state
[  203.373526][ T8725] device bridge_slave_1 entered promiscuous mode
[  203.456340][ T8725] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  203.495825][ T8725] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  203.527698][ T8728] chnl_net:caif_netlink_parms(): no params data found
[  203.540635][ T8725] team0: Port device team_slave_0 added
[  203.578353][ T8725] team0: Port device team_slave_1 added
[  203.604122][ T8731] IPVS: ftp: loaded support on port[0] = 21
23:48:04 executing program 3:
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
getsockname(r0, 0x0, &(0x7f0000004440))

[  203.633123][ T8728] bridge0: port 1(bridge_slave_0) entered blocking state
[  203.640223][ T8728] bridge0: port 1(bridge_slave_0) entered disabled state
[  203.650093][ T8728] device bridge_slave_0 entered promiscuous mode
[  203.694528][ T8725] device hsr_slave_0 entered promiscuous mode
[  203.751830][ T8725] device hsr_slave_1 entered promiscuous mode
[  203.802814][ T8728] bridge0: port 2(bridge_slave_1) entered blocking state
[  203.810006][ T8728] bridge0: port 2(bridge_slave_1) entered disabled state
[  203.827040][ T8728] device bridge_slave_1 entered promiscuous mode
23:48:04 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = open(0x0, 0x0, 0x0)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000740)='/dev/vhost-net\x00', 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000e4e000)=0x200000000)
write$vnet(r1, &(0x7f00000003c0)={0x1, {&(0x7f00000002c0)=""/207, 0xcf, 0x0, 0x0, 0x2402}}, 0x68)
mmap(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x0, 0x28812, r0, 0x0)

[  203.853928][ T8733] IPVS: ftp: loaded support on port[0] = 21
[  203.923680][ T8728] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  203.968226][ T8728] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  204.024927][ T8725] bridge0: port 2(bridge_slave_1) entered blocking state
[  204.032192][ T8725] bridge0: port 2(bridge_slave_1) entered forwarding state
[  204.040344][ T8725] bridge0: port 1(bridge_slave_0) entered blocking state
[  204.047685][ T8725] bridge0: port 1(bridge_slave_0) entered forwarding state
[  204.064324][ T8728] team0: Port device team_slave_0 added
[  204.088750][ T8728] team0: Port device team_slave_1 added
23:48:04 executing program 5:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x4000000000001a8, 0x0)

[  204.203225][    T5] bridge0: port 1(bridge_slave_0) entered disabled state
[  204.212652][ T8736] IPVS: ftp: loaded support on port[0] = 21
[  204.221635][    T5] bridge0: port 2(bridge_slave_1) entered disabled state
[  204.314440][ T8728] device hsr_slave_0 entered promiscuous mode
[  204.371865][ T8728] device hsr_slave_1 entered promiscuous mode
[  204.421844][ T8728] debugfs: Directory 'hsr0' with parent '/' already present!
[  204.457644][ T8733] chnl_net:caif_netlink_parms(): no params data found
[  204.493902][ T8740] IPVS: ftp: loaded support on port[0] = 21
[  204.505986][ T8731] chnl_net:caif_netlink_parms(): no params data found
[  204.534995][ T8733] bridge0: port 1(bridge_slave_0) entered blocking state
[  204.542307][ T8733] bridge0: port 1(bridge_slave_0) entered disabled state
[  204.550148][ T8733] device bridge_slave_0 entered promiscuous mode
[  204.578129][ T8733] bridge0: port 2(bridge_slave_1) entered blocking state
[  204.585312][ T8733] bridge0: port 2(bridge_slave_1) entered disabled state
[  204.593558][ T8733] device bridge_slave_1 entered promiscuous mode
[  204.618331][ T8733] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  204.632458][ T8733] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  204.696147][ T8725] 8021q: adding VLAN 0 to HW filter on device bond0
[  204.713110][ T8733] team0: Port device team_slave_0 added
[  204.719504][ T8731] bridge0: port 1(bridge_slave_0) entered blocking state
[  204.726878][ T8731] bridge0: port 1(bridge_slave_0) entered disabled state
[  204.735511][ T8731] device bridge_slave_0 entered promiscuous mode
[  204.744857][ T8731] bridge0: port 2(bridge_slave_1) entered blocking state
[  204.752684][ T8731] bridge0: port 2(bridge_slave_1) entered disabled state
[  204.761246][ T8731] device bridge_slave_1 entered promiscuous mode
[  204.781969][ T8731] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  204.792435][ T8733] team0: Port device team_slave_1 added
[  204.819753][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  204.828548][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  204.845961][ T8731] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  204.924587][ T8733] device hsr_slave_0 entered promiscuous mode
[  204.962050][ T8733] device hsr_slave_1 entered promiscuous mode
[  205.012496][ T8733] debugfs: Directory 'hsr0' with parent '/' already present!
[  205.022146][ T8725] 8021q: adding VLAN 0 to HW filter on device team0
[  205.038022][ T8731] team0: Port device team_slave_0 added
[  205.059388][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  205.069940][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  205.078969][    T5] bridge0: port 1(bridge_slave_0) entered blocking state
[  205.086317][    T5] bridge0: port 1(bridge_slave_0) entered forwarding state
[  205.094830][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  205.103634][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  205.112229][    T5] bridge0: port 2(bridge_slave_1) entered blocking state
[  205.119280][    T5] bridge0: port 2(bridge_slave_1) entered forwarding state
[  205.137395][ T8731] team0: Port device team_slave_1 added
[  205.206872][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  205.221908][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  205.315631][ T8731] device hsr_slave_0 entered promiscuous mode
[  205.362278][ T8731] device hsr_slave_1 entered promiscuous mode
[  205.401605][ T8731] debugfs: Directory 'hsr0' with parent '/' already present!
[  205.464283][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  205.472978][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  205.485214][ T8736] chnl_net:caif_netlink_parms(): no params data found
[  205.518070][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  205.528987][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  205.538845][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  205.559793][ T8740] chnl_net:caif_netlink_parms(): no params data found
[  205.581041][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  205.592502][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  205.605128][ T8725] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  205.617151][ T8725] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  205.650206][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  205.659656][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  205.694032][ T8736] bridge0: port 1(bridge_slave_0) entered blocking state
[  205.701115][ T8736] bridge0: port 1(bridge_slave_0) entered disabled state
[  205.709740][ T8736] device bridge_slave_0 entered promiscuous mode
[  205.720825][ T8725] 8021q: adding VLAN 0 to HW filter on device batadv0
[  205.750068][ T8736] bridge0: port 2(bridge_slave_1) entered blocking state
[  205.763813][ T8736] bridge0: port 2(bridge_slave_1) entered disabled state
[  205.773089][ T8736] device bridge_slave_1 entered promiscuous mode
[  205.798926][ T8736] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  205.822711][ T8728] 8021q: adding VLAN 0 to HW filter on device bond0
[  205.843657][ T8736] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  205.865590][ T8733] 8021q: adding VLAN 0 to HW filter on device bond0
[  205.878835][ T8740] bridge0: port 1(bridge_slave_0) entered blocking state
[  205.886706][ T8740] bridge0: port 1(bridge_slave_0) entered disabled state
[  205.895573][ T8740] device bridge_slave_0 entered promiscuous mode
[  205.905449][ T8740] bridge0: port 2(bridge_slave_1) entered blocking state
[  205.912723][ T8740] bridge0: port 2(bridge_slave_1) entered disabled state
[  205.920724][ T8740] device bridge_slave_1 entered promiscuous mode
[  205.945456][ T8736] team0: Port device team_slave_0 added
[  205.972878][ T8736] team0: Port device team_slave_1 added
[  205.984000][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  205.992531][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  206.005826][ T8733] 8021q: adding VLAN 0 to HW filter on device team0
[  206.035586][ T8740] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  206.053182][ T8728] 8021q: adding VLAN 0 to HW filter on device team0
[  206.061111][ T8740] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  206.076403][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  206.084142][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  206.154857][ T8736] device hsr_slave_0 entered promiscuous mode
[  206.192002][ T8736] device hsr_slave_1 entered promiscuous mode
[  206.231840][ T8736] debugfs: Directory 'hsr0' with parent '/' already present!
[  206.254508][ T8740] team0: Port device team_slave_0 added
[  206.261262][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  206.271240][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
23:48:06 executing program 0:

[  206.303419][   T44] bridge0: port 1(bridge_slave_0) entered blocking state
[  206.311219][   T44] bridge0: port 1(bridge_slave_0) entered forwarding state
[  206.333373][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
23:48:06 executing program 0:

[  206.362196][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  206.370659][   T44] bridge0: port 2(bridge_slave_1) entered blocking state
[  206.378733][   T44] bridge0: port 2(bridge_slave_1) entered forwarding state
[  206.413250][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  206.438663][ T8731] 8021q: adding VLAN 0 to HW filter on device bond0
23:48:06 executing program 0:

[  206.473546][ T8740] team0: Port device team_slave_1 added
[  206.498132][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
23:48:06 executing program 0:

[  206.519365][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  206.528514][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  206.537998][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  206.549435][   T44] bridge0: port 1(bridge_slave_0) entered blocking state
[  206.556591][   T44] bridge0: port 1(bridge_slave_0) entered forwarding state
23:48:06 executing program 0:

[  206.577998][ T8731] 8021q: adding VLAN 0 to HW filter on device team0
[  206.615987][ T8741] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  206.625537][ T8741] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  206.634520][ T8741] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  206.646015][ T8741] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  206.655627][ T8741] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  206.664801][ T8741] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
23:48:07 executing program 0:

[  206.682320][ T8741] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  206.690526][ T8741] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  206.701022][ T8741] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  206.709938][ T8741] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  206.719051][ T8741] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  206.728126][ T8741] bridge0: port 2(bridge_slave_1) entered blocking state
[  206.735414][ T8741] bridge0: port 2(bridge_slave_1) entered forwarding state
23:48:07 executing program 0:

[  206.781315][ T8733] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  206.801344][ T8733] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  206.884635][ T8740] device hsr_slave_0 entered promiscuous mode
[  206.912794][ T8740] device hsr_slave_1 entered promiscuous mode
[  206.971808][ T8740] debugfs: Directory 'hsr0' with parent '/' already present!
[  206.979457][ T8755] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  206.987507][ T8755] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  206.996190][ T8755] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  207.004932][ T8755] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  207.014126][ T8755] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  207.022648][ T8755] bridge0: port 1(bridge_slave_0) entered blocking state
[  207.029696][ T8755] bridge0: port 1(bridge_slave_0) entered forwarding state
[  207.037869][ T8755] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  207.046765][ T8755] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  207.055374][ T8755] bridge0: port 2(bridge_slave_1) entered blocking state
[  207.062561][ T8755] bridge0: port 2(bridge_slave_1) entered forwarding state
[  207.070210][ T8755] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  207.079226][ T8755] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  207.087945][ T8755] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  207.098227][ T8755] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  207.106787][ T8755] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  207.116021][ T8755] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  207.124706][ T8755] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  207.133431][ T8755] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  207.142031][ T8755] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  207.150459][ T8755] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  207.159186][ T8755] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  207.167430][ T8755] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  207.193717][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  207.202443][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  207.211039][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  207.223172][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  207.235280][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  207.244624][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  207.255417][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  207.286478][ T8741] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  207.296531][ T8741] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  207.305021][ T8741] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  207.313798][ T8741] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  207.344451][ T8731] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  207.383908][ T8728] 8021q: adding VLAN 0 to HW filter on device batadv0
[  207.394024][ T8733] 8021q: adding VLAN 0 to HW filter on device batadv0
[  207.448227][ T8736] 8021q: adding VLAN 0 to HW filter on device bond0
[  207.463423][ T8731] 8021q: adding VLAN 0 to HW filter on device batadv0
[  207.488637][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  207.499910][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  207.517694][ T8736] 8021q: adding VLAN 0 to HW filter on device team0
[  207.549913][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  207.559530][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  207.569672][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  207.577042][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  207.586359][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  207.619540][ T8740] 8021q: adding VLAN 0 to HW filter on device bond0
[  207.640802][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  207.659828][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  207.682017][ T3528] bridge0: port 2(bridge_slave_1) entered blocking state
[  207.689247][ T3528] bridge0: port 2(bridge_slave_1) entered forwarding state
23:48:08 executing program 1:

[  207.744396][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  207.762145][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  207.772413][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  207.781330][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  207.795642][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  207.806997][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  207.840877][ T8740] 8021q: adding VLAN 0 to HW filter on device team0
[  207.867434][ T8736] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  207.888553][ T8736] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  207.911917][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  207.919894][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  207.950707][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  207.976836][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  207.992159][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  208.001112][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  208.016140][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  208.046815][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  208.054756][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  208.064657][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  208.073517][ T3528] bridge0: port 1(bridge_slave_0) entered blocking state
[  208.080591][ T3528] bridge0: port 1(bridge_slave_0) entered forwarding state
[  208.088781][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  208.097958][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  208.111920][ T3528] bridge0: port 2(bridge_slave_1) entered blocking state
[  208.119009][ T3528] bridge0: port 2(bridge_slave_1) entered forwarding state
[  208.136638][ T8736] 8021q: adding VLAN 0 to HW filter on device batadv0
[  208.152881][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  208.160948][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  208.183361][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  208.199478][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  208.209443][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  208.218894][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  208.228335][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  208.245284][ T8740] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  208.266308][ T8740] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  208.290378][ T8741] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  208.306241][ T8741] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  208.316096][ T8741] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  208.325412][ T8741] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  208.334489][ T8741] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  208.343978][ T8741] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  208.387786][ T8740] 8021q: adding VLAN 0 to HW filter on device batadv0
23:48:08 executing program 2:

23:48:08 executing program 0:

[  208.626934][    C0] hrtimer: interrupt took 43873 ns
23:48:09 executing program 4:

23:48:09 executing program 1:

23:48:09 executing program 3:

23:48:09 executing program 0:

23:48:09 executing program 5:

23:48:09 executing program 2:

23:48:09 executing program 4:

23:48:09 executing program 3:

23:48:09 executing program 2:

23:48:09 executing program 0:

23:48:09 executing program 1:

23:48:09 executing program 4:

23:48:09 executing program 3:

23:48:09 executing program 2:

23:48:09 executing program 0:

23:48:09 executing program 1:

23:48:09 executing program 5:

23:48:09 executing program 4:

23:48:09 executing program 0:

23:48:09 executing program 3:

23:48:09 executing program 5:

23:48:09 executing program 2:

23:48:09 executing program 1:

23:48:09 executing program 4:

23:48:10 executing program 2:

23:48:10 executing program 5:

23:48:10 executing program 0:

23:48:10 executing program 1:

23:48:10 executing program 3:

23:48:10 executing program 4:

23:48:10 executing program 3:

23:48:10 executing program 2:

23:48:10 executing program 5:

23:48:10 executing program 1:

23:48:10 executing program 0:

23:48:10 executing program 4:

23:48:10 executing program 5:

23:48:10 executing program 2:

23:48:10 executing program 3:

23:48:10 executing program 1:

23:48:10 executing program 0:

23:48:10 executing program 4:

23:48:10 executing program 2:

23:48:10 executing program 5:

23:48:10 executing program 3:

23:48:10 executing program 0:

23:48:10 executing program 1:

23:48:10 executing program 4:

23:48:10 executing program 5:

23:48:10 executing program 2:

23:48:10 executing program 0:

23:48:10 executing program 3:

23:48:11 executing program 4:
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4)
write(0xffffffffffffffff, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a)
shutdown(r0, 0x1)
recvmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa4756f}, 0x100)
write(0xffffffffffffffff, 0x0, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

23:48:11 executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
io_setup(0x1ff, &(0x7f0000000080)=<r2=>0x0)
ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x35b2, 0x100000000})
io_submit(r2, 0xf, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x10000}])

23:48:11 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x28001, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000180), 0x1000)
ioctl$int_in(r0, 0x800060c0045002, &(0x7f0000000140))

23:48:11 executing program 5:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000100)={'bridge_slave_0\x00\x04'})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000080)={'bridge_slave_0\x00?', 0x22000000c0ffffff})

23:48:11 executing program 0:

23:48:11 executing program 3:
accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000680), 0x0, 0x800)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(0x0, 0x0, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x3f, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0)
mkdir(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$VIDIOC_G_EDID(r3, 0xc0285628, &(0x7f0000000140)={0x0, 0x1, 0x7, [], &(0x7f0000000100)=0x5})
clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x20}, 0x200000000, 0x2, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x7)
mount(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000001c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000))
r4 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x1005, 0x0)
ioctl$int_in(r4, 0x800060800c5011, &(0x7f0000000180))
setsockopt$inet6_MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xcc, &(0x7f00000002c0)={{0xa, 0x4e23, 0x1ff, @remote, 0x3}, {0xa, 0x4e21, 0xf1c, @empty, 0x1000}, 0x86, [0x0, 0x20, 0x100, 0x3, 0x6, 0x9, 0x0, 0x8]}, 0x5c)
ioctl$KVM_SET_NR_MMU_PAGES(0xffffffffffffffff, 0xae44, 0x2)
r5 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x1005, 0x0)
ioctl$int_in(r5, 0x800060800c5011, 0x0)
ioctl$UI_SET_RELBIT(0xffffffffffffffff, 0x40045566, 0x5)

23:48:11 executing program 0:
r0 = socket$inet6(0xa, 0x4001008000000002, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000340)={'bridge0\x00\x00\x00\x00\x00\x00\x0f\x00', &(0x7f0000000000)=@ethtool_ringparam={0x11}})

23:48:11 executing program 3:
accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000680), 0x0, 0x800)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(0x0, 0x0, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x3f, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0)
mkdir(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$VIDIOC_G_EDID(r3, 0xc0285628, &(0x7f0000000140)={0x0, 0x1, 0x7, [], &(0x7f0000000100)=0x5})
clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x20}, 0x200000000, 0x2, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x7)
mount(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000001c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000))
r4 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x1005, 0x0)
ioctl$int_in(r4, 0x800060800c5011, &(0x7f0000000180))
setsockopt$inet6_MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xcc, &(0x7f00000002c0)={{0xa, 0x4e23, 0x1ff, @remote, 0x3}, {0xa, 0x4e21, 0xf1c, @empty, 0x1000}, 0x86, [0x0, 0x20, 0x100, 0x3, 0x6, 0x9, 0x0, 0x8]}, 0x5c)
ioctl$KVM_SET_NR_MMU_PAGES(0xffffffffffffffff, 0xae44, 0x2)
r5 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x1005, 0x0)
ioctl$int_in(r5, 0x800060800c5011, 0x0)
ioctl$UI_SET_RELBIT(0xffffffffffffffff, 0x40045566, 0x5)

[  211.170992][ T8935] bridge0: port 1(bridge_slave_0) entered disabled state
23:48:11 executing program 4:
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4)
write(0xffffffffffffffff, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a)
shutdown(r0, 0x1)
recvmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa4756f}, 0x100)
write(0xffffffffffffffff, 0x0, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

23:48:11 executing program 1:
r0 = socket$inet6(0xa, 0x4001008000000002, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000340)={'bridge0\x00\x00\x00\x00\x00\x00\x0f\x00', &(0x7f0000000000)=@ethtool_ringparam={0x7, 0x0, 0x20000000}})

23:48:11 executing program 3:
accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000680), 0x0, 0x800)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(0x0, 0x0, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x3f, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0)
mkdir(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$VIDIOC_G_EDID(r3, 0xc0285628, &(0x7f0000000140)={0x0, 0x1, 0x7, [], &(0x7f0000000100)=0x5})
clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x20}, 0x200000000, 0x2, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x7)
mount(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000001c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000))
r4 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x1005, 0x0)
ioctl$int_in(r4, 0x800060800c5011, &(0x7f0000000180))
setsockopt$inet6_MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xcc, &(0x7f00000002c0)={{0xa, 0x4e23, 0x1ff, @remote, 0x3}, {0xa, 0x4e21, 0xf1c, @empty, 0x1000}, 0x86, [0x0, 0x20, 0x100, 0x3, 0x6, 0x9, 0x0, 0x8]}, 0x5c)
ioctl$KVM_SET_NR_MMU_PAGES(0xffffffffffffffff, 0xae44, 0x2)
r5 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x1005, 0x0)
ioctl$int_in(r5, 0x800060800c5011, 0x0)
ioctl$UI_SET_RELBIT(0xffffffffffffffff, 0x40045566, 0x5)

[  211.401755][    C0] protocol 88fb is buggy, dev hsr_slave_0
[  211.407882][    C0] protocol 88fb is buggy, dev hsr_slave_1
23:48:11 executing program 2:
r0 = gettid()
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8b21, &(0x7f0000000600)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\x0e\x00\x00\x00\x00\x00\x00\x00!\a\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\xbfjOc\xcd\x15\xc1K\xab\xe9\xe3\xe8\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19EI\x952\x12,\xec\x02:a\xad\xef,\xbc (\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1x\\\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\x98T\x1a\x1f\x16\xb9\b\xa2\xb0\a\x00vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa \x91d\xff9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x99\xb9j\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb30\xe8\xdb[\xc8\xe5\xae\x98\xdc\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0X\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xa9O\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x990\xcei\xf2\xd1\x04\xde\xaa\xfa\xc0\xe9c\x81\x86\xc3j2m\xf6B\x19=h\x8fe\xc2\x13\x92?||\xbf\x10\x8f$\xdf^\xba\x04^\x13\r}\xd2n?3O\xb5\xa8\xfa\xfe\xe6\x92\xfd\x1c\xbc\x15\x81G\xbeC\xb2\x80\x87\x83\xb6\xf7wz\xcf\xa3c\xac\xe56\x8cg\x15\x9e\x96c')
accept4$inet6(r2, &(0x7f00000003c0)={0xa, 0x0, 0x0, @mcast2}, &(0x7f0000000400)=0x1c, 0x800)
r3 = creat(&(0x7f0000000280)='./file0\x00', 0x1)
write$binfmt_script(r3, &(0x7f0000000000)={'#! ', './file0'}, 0xb)
prctl$PR_SET_PTRACER(0x59616d61, r0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
getsockopt$IP6T_SO_GET_ENTRIES(0xffffffffffffffff, 0x29, 0x41, &(0x7f0000000440)=ANY=[@ANYBLOB="6e61740000000000000000000000000000000000000000000021bd83f370866733500da4842f000000000000002c0000001dddd6da670f43b974785ba17085c17aa23138341516d90987cabf9db8890167947e98c1100f326f9a67f05e571af3a2cd174ca9e4121a9c390197a0ad77333d95d1672970cc39f9bd5c0af72ffc1254f4376d869ba12b3c7e243c0c186946414c86b1ddd12c5597bf9dd693817d33add5e8e2e2ae9c3dd66d4aa535c7fe53e8ffdd55f9765fd0a054bd69917b78d7e8429907dafcb4dcf1e9c090751bd42030532cb789b3db39cfd49cc7b69ff9865f7e42f20975840faee7cafff9735e1ab9147899bf5a1621edb2dcc353e125e296177c97d3156d4a25c9cb19cf088644749357775c"], &(0x7f0000000140)=0x50)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
bind(r4, &(0x7f0000000200)=@rxrpc=@in4={0x21, 0x2, 0x2, 0x10, {0x2, 0x0, @remote}}, 0x80)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0)
close(r3)
clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000002c0)={{{@in=@broadcast, @in6=@dev}}, {{@in6=@mcast2}, 0x0, @in=@multicast2}}, &(0x7f00000001c0)=0xe8)

[  211.505824][ T8755] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  211.545251][ T8755] bridge0: port 1(bridge_slave_0) entered blocking state
23:48:11 executing program 1:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000200)=0x78, 0x4)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback}, 0x10)
r1 = dup(r0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000000)={'lo\x00'})
sendmsg$TIPC_NL_PEER_REMOVE(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYBLOB="f8000000", @ANYRES16=0x0, @ANYBLOB="0000000000000000000014000000100004000c00010073797a31000000004800040044000700080002000000000008000200000000000800040007000000080004000000000008000300000000000800030000000000080002000400000008000400000000008c0004000c00070008000200010000801c000700080002000100000008000200fcffffff08000300ff0300000c00010073797a31000000000c00010073797a31000000003c000700080004009a000000080004003f0000000800040006000000080001000f0000000800020005000000080001000d00000008000200070008000200ff000000"], 0xf8}}, 0x30004081)
sendto$inet(r0, &(0x7f00000000c0)="e0", 0xffd4, 0x0, 0x0, 0x0)

[  211.552501][ T8755] bridge0: port 1(bridge_slave_0) entered forwarding state
23:48:12 executing program 3:
accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000680), 0x0, 0x800)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(0x0, 0x0, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x3f, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0)
mkdir(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$VIDIOC_G_EDID(r3, 0xc0285628, &(0x7f0000000140)={0x0, 0x1, 0x7, [], &(0x7f0000000100)=0x5})
clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x20}, 0x200000000, 0x2, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x7)
mount(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000001c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000))
r4 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x1005, 0x0)
ioctl$int_in(r4, 0x800060800c5011, &(0x7f0000000180))
setsockopt$inet6_MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xcc, &(0x7f00000002c0)={{0xa, 0x4e23, 0x1ff, @remote, 0x3}, {0xa, 0x4e21, 0xf1c, @empty, 0x1000}, 0x86, [0x0, 0x20, 0x100, 0x3, 0x6, 0x9, 0x0, 0x8]}, 0x5c)
ioctl$KVM_SET_NR_MMU_PAGES(0xffffffffffffffff, 0xae44, 0x2)
r5 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x1005, 0x0)
ioctl$int_in(r5, 0x800060800c5011, 0x0)
ioctl$UI_SET_RELBIT(0xffffffffffffffff, 0x40045566, 0x5)

23:48:12 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x22)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=@newlink={0x38, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_LINKINFO={0x18, 0x12, @vti={{0x8, 0x1, 'vti\x00'}, {0xc, 0x2, [@vti_common_policy=[@IFLA_VTI_LINK={0x8, 0x1, r4}]]}}}]}, 0x38}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=@newlink={0x38, 0x10, 0x40d, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_LINKINFO={0x18, 0x12, @vti={{0x8, 0x1, 'vti\x00'}, {0xc, 0x2, [@vti_common_policy=[@IFLA_VTI_LINK={0x8, 0x1, r3}]]}}}]}, 0x38}}, 0x0)

[  211.961510][    C0] protocol 88fb is buggy, dev hsr_slave_0
[  211.967379][    C0] protocol 88fb is buggy, dev hsr_slave_1
[  212.007637][ T8935] bridge0: port 1(bridge_slave_0) entered disabled state
23:48:12 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0)
r1 = socket$inet6(0xa, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
recvmmsg(r1, &(0x7f0000000580), 0x0, 0x0, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527)
vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0)
lseek(r2, 0x800000, 0x0)
ioctl$EXT4_IOC_SETFLAGS(r2, 0x40086602, &(0x7f00000001c0))
write$binfmt_elf64(r2, &(0x7f0000000780)=ANY=[@ANYBLOB="e9a099c05e2f1daaeb3cdbc4acb421d2041e241e400ba094b4485525000000a8e31faa786aae05d0c6e66cd50082a8c5f2d9e76bb2f3261c9e211e0dea62e24ed4fe90fa1a990ddcfdbdfe3e678c82d35a1827884f070088f1f496470200000000000000a788b72b572b30e6907718532d6258451952193f5dcabd907aa4018a64e7550410773526598377e7457e8cb03d2673e275c3d7931e73b5f7cf1fbd3d07cc5306000000ebe08f3f890b24cef2aa1a75cdb1c8b8ed504ca76aea6195286dd9b81fb73b75771cf51b13463e6fe5affd372a5e118ed0a90f141f210e01c10ddcec3f3f087939963fcd6a6805872a7f097a8ad1a1e2e133f165efcfa7c63eed25791ba30cdd71ca013632d1965d1b9c0fa7593c1d4bbdd27a0eb5d14933a7a070fd3cf97cffa438f15d6d94cf772011d657f82d3b2ed87237b6"], 0x138)
fallocate(r2, 0x3, 0x0, 0x8020001)
lseek(r2, 0x400000, 0x3)

23:48:12 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@getqdisc={0x24, 0x26, 0x30b}, 0x24}}, 0x0)
sendmsg$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)

23:48:12 executing program 4:
r0 = socket$inet6(0xa, 0x22000000002, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$team(0x0)
listen(r1, 0x0)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @initdev, 0x2}, 0x1c)
r2 = socket(0xa, 0x80005, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000000)={'team0\x00\x030\xff\xfdL%`\xc3\xff\xff', 0xb5})
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e24, 0x0, @ipv4={[], [], @remote}}, 0x1a)
r3 = socket(0xa, 0x80005, 0x0)
ioctl$SIOCSIFMTU(r3, 0x8922, &(0x7f0000000040)={'team0\x00\x00\x01\x00', 0x9843})
sendmmsg(r0, &(0x7f00000092c0), 0x400003b, 0xfdffffff00000000)

23:48:12 executing program 0:
clone(0x800007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="13cd0f34"], 0x4}}, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f0000000140)=[{{0x0, 0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000240)}], 0x3}}], 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1f7d11114e5d6ed86013621d6701a70c3ce4b5fa700f83aea349a501b8f4926c960122bf81c40e3c4d0864b268fa71a491699d044621659396a16561ed76a41714dc23320c090feda54fb9d01dff1b206a98c012356bc30a784b62cf06b391f8f9edad03061b9f03137ef0f339111118b25000f37489ef4238eec20fa85b476da7927e08b507114a00a89b6d3ffbce3e51b3c60c62d9f005a375058de3b1dc8d700a771f9f73f2e4cfe61f900f315f8e6cafe795cfa72aa1589c19474b340244b8b479055d6aa614bdd975cc0b65999c71794d5422aef62a6b616cf32c1ec0964d76a58a73d0c9f9d0481f86485280bd193b1c41df2f6b1d34bc631b9f5d53ef869ac3705d0aa5a48b8c3d8ef39af607d2c40a190f76574a699a93e40d98d17e8b6dea8c826dc205902223b9bd15b4d8cfb0c540970eb8eaf8ad28e21f5390ddf4d71f106f0f5abedcc3e53e9316a5c2df39e703538c27b0de64d3820485d437dbb79923a94e3dbcfd3440e7087f000000000000e97e416d19dee4afe0"], 0x0, 0x17d}, 0x20)
tkill(r0, 0x3b)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

23:48:12 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@getqdisc={0x24, 0x26, 0x30b}, 0x24}}, 0x0)
sendmsg$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)

23:48:12 executing program 1:
seccomp(0x1, 0x0, &(0x7f00000005c0)={0x3, &(0x7f0000000040)=[{}, {0x7c}, {0x6}]})

[  212.378407][ T9013] ptrace attach of "/root/syz-executor.0"[9012] was attempted by "/root/syz-executor.0"[9013]
23:48:12 executing program 0:
r0 = socket(0x1, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x0, 0x0, 0xfffffffffffffec6)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
gettid()
setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
timer_create(0x0, 0x0, 0x0)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, 0x0, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x0, 0x0, 0xffffffffffffffd7)

23:48:12 executing program 5:
perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x89}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = creat(0x0, 0x1a0)
write$P9_RREAD(0xffffffffffffffff, &(0x7f0000000200)=ANY=[], 0x5aa78d33)
r1 = creat(0x0, 0x0)
sync_file_range(r1, 0x5, 0x0, 0x0)
getsockopt$packet_buf(r0, 0x107, 0x0, 0x0, 0x0)
r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7f}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)
close(r3)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0))
write$cgroup_type(r3, &(0x7f0000000080)='threaded\x00', 0xfffffc61)
recvmsg(r2, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x3f00)

[  212.623140][   T26] kauditd_printk_skb: 3 callbacks suppressed
[  212.623152][   T26] audit: type=1326 audit(1572220092.986:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=9023 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45cd7a code=0x0
[  213.318347][   T26] audit: type=1326 audit(1572220093.676:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=9023 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45cd7a code=0x0
23:48:14 executing program 0:
accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000680), 0x0, 0x800)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(0x0, 0x0, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x3f, 0x5}, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$setpipe(r2, 0x407, 0x0)
write(r2, &(0x7f0000000340), 0x41395527)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0)
mkdir(&(0x7f00000000c0)='./file0\x00', 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x481, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x20}, 0x200000000, 0x2, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mount(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000001c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000))
r3 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x1005, 0x0)
ioctl$int_in(r3, 0x800060800c5011, &(0x7f0000000180))
setsockopt$inet6_MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xcc, &(0x7f00000002c0)={{0xa, 0x4e23, 0x1ff, @remote, 0x3}, {0xa, 0x4e21, 0x0, @empty, 0x1000}, 0x86, [0x0, 0x20, 0x100, 0x3, 0x6, 0x9, 0x0, 0x8]}, 0x5c)
ioctl$KVM_SET_NR_MMU_PAGES(0xffffffffffffffff, 0xae44, 0x2)
r4 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x1005, 0x0)
ioctl$int_in(r4, 0x800060800c5011, 0x0)
ioctl$UI_SET_RELBIT(0xffffffffffffffff, 0x40045566, 0x5)

23:48:14 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@getqdisc={0x24, 0x26, 0x30b}, 0x24}}, 0x0)
sendmsg$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)

23:48:14 executing program 4:
pipe(&(0x7f0000000300)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write(r1, &(0x7f0000000340)="460000002800070f3200000800367700fbff020002000000", 0x18)
r2 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000140), &(0x7f0000000040)=0xc)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
socket(0x10, 0x3, 0x0)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={<r4=>0xffffffffffffffff})
r5 = fcntl$dupfd(r4, 0x0, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
splice(r0, 0x0, r3, 0x0, 0x4ffe0, 0x0)

23:48:14 executing program 2:
r0 = gettid()
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8b21, &(0x7f0000000600)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\x0e\x00\x00\x00\x00\x00\x00\x00!\a\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\xbfjOc\xcd\x15\xc1K\xab\xe9\xe3\xe8\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19EI\x952\x12,\xec\x02:a\xad\xef,\xbc (\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1x\\\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\x98T\x1a\x1f\x16\xb9\b\xa2\xb0\a\x00vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa \x91d\xff9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x99\xb9j\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb30\xe8\xdb[\xc8\xe5\xae\x98\xdc\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0X\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xa9O\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x990\xcei\xf2\xd1\x04\xde\xaa\xfa\xc0\xe9c\x81\x86\xc3j2m\xf6B\x19=h\x8fe\xc2\x13\x92?||\xbf\x10\x8f$\xdf^\xba\x04^\x13\r}\xd2n?3O\xb5\xa8\xfa\xfe\xe6\x92\xfd\x1c\xbc\x15\x81G\xbeC\xb2\x80\x87\x83\xb6\xf7wz\xcf\xa3c\xac\xe56\x8cg\x15\x9e\x96c')
accept4$inet6(r2, &(0x7f00000003c0)={0xa, 0x0, 0x0, @mcast2}, &(0x7f0000000400)=0x1c, 0x800)
r3 = creat(&(0x7f0000000280)='./file0\x00', 0x1)
write$binfmt_script(r3, &(0x7f0000000000)={'#! ', './file0'}, 0xb)
prctl$PR_SET_PTRACER(0x59616d61, r0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
getsockopt$IP6T_SO_GET_ENTRIES(0xffffffffffffffff, 0x29, 0x41, &(0x7f0000000440)=ANY=[@ANYBLOB="6e61740000000000000000000000000000000000000000000021bd83f370866733500da4842f000000000000002c0000001dddd6da670f43b974785ba17085c17aa23138341516d90987cabf9db8890167947e98c1100f326f9a67f05e571af3a2cd174ca9e4121a9c390197a0ad77333d95d1672970cc39f9bd5c0af72ffc1254f4376d869ba12b3c7e243c0c186946414c86b1ddd12c5597bf9dd693817d33add5e8e2e2ae9c3dd66d4aa535c7fe53e8ffdd55f9765fd0a054bd69917b78d7e8429907dafcb4dcf1e9c090751bd42030532cb789b3db39cfd49cc7b69ff9865f7e42f20975840faee7cafff9735e1ab9147899bf5a1621edb2dcc353e125e296177c97d3156d4a25c9cb19cf088644749357775c"], &(0x7f0000000140)=0x50)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
bind(r4, &(0x7f0000000200)=@rxrpc=@in4={0x21, 0x2, 0x2, 0x10, {0x2, 0x0, @remote}}, 0x80)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0)
close(r3)
clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000002c0)={{{@in=@broadcast, @in6=@dev}}, {{@in6=@mcast2}, 0x0, @in=@multicast2}}, &(0x7f00000001c0)=0xe8)

23:48:14 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0)
read(r0, &(0x7f0000000040)=""/18, 0x12)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000180))
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140))
dup3(r1, r0, 0x0)
r2 = socket(0x10, 0x3, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
sendfile(r2, r3, 0x0, 0x80000001)
r4 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0)
tkill(r4, 0x16)

23:48:14 executing program 1:
r0 = io_uring_setup(0xb, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, [], {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}})
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000001380)=[{0x0}], 0x1)

23:48:15 executing program 3:
pipe(0x0)
clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = socket$inet6(0xa, 0x802, 0x73)
getsockopt$IP6T_SO_GET_REVISION_MATCH(r0, 0x29, 0x44, &(0x7f0000000100)={'icmp\x00'}, &(0x7f0000000140)=0x1e)

23:48:15 executing program 2:
r0 = gettid()
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8b21, &(0x7f0000000600)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\x0e\x00\x00\x00\x00\x00\x00\x00!\a\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\xbfjOc\xcd\x15\xc1K\xab\xe9\xe3\xe8\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19EI\x952\x12,\xec\x02:a\xad\xef,\xbc (\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1x\\\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\x98T\x1a\x1f\x16\xb9\b\xa2\xb0\a\x00vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa \x91d\xff9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x99\xb9j\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb30\xe8\xdb[\xc8\xe5\xae\x98\xdc\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0X\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xa9O\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x990\xcei\xf2\xd1\x04\xde\xaa\xfa\xc0\xe9c\x81\x86\xc3j2m\xf6B\x19=h\x8fe\xc2\x13\x92?||\xbf\x10\x8f$\xdf^\xba\x04^\x13\r}\xd2n?3O\xb5\xa8\xfa\xfe\xe6\x92\xfd\x1c\xbc\x15\x81G\xbeC\xb2\x80\x87\x83\xb6\xf7wz\xcf\xa3c\xac\xe56\x8cg\x15\x9e\x96c')
accept4$inet6(r2, &(0x7f00000003c0)={0xa, 0x0, 0x0, @mcast2}, &(0x7f0000000400)=0x1c, 0x800)
r3 = creat(&(0x7f0000000280)='./file0\x00', 0x1)
write$binfmt_script(r3, &(0x7f0000000000)={'#! ', './file0'}, 0xb)
prctl$PR_SET_PTRACER(0x59616d61, r0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
getsockopt$IP6T_SO_GET_ENTRIES(0xffffffffffffffff, 0x29, 0x41, &(0x7f0000000440)=ANY=[@ANYBLOB="6e61740000000000000000000000000000000000000000000021bd83f370866733500da4842f000000000000002c0000001dddd6da670f43b974785ba17085c17aa23138341516d90987cabf9db8890167947e98c1100f326f9a67f05e571af3a2cd174ca9e4121a9c390197a0ad77333d95d1672970cc39f9bd5c0af72ffc1254f4376d869ba12b3c7e243c0c186946414c86b1ddd12c5597bf9dd693817d33add5e8e2e2ae9c3dd66d4aa535c7fe53e8ffdd55f9765fd0a054bd69917b78d7e8429907dafcb4dcf1e9c090751bd42030532cb789b3db39cfd49cc7b69ff9865f7e42f20975840faee7cafff9735e1ab9147899bf5a1621edb2dcc353e125e296177c97d3156d4a25c9cb19cf088644749357775c"], &(0x7f0000000140)=0x50)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
bind(r4, &(0x7f0000000200)=@rxrpc=@in4={0x21, 0x2, 0x2, 0x10, {0x2, 0x0, @remote}}, 0x80)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0)
close(r3)
clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000002c0)={{{@in=@broadcast, @in6=@dev}}, {{@in6=@mcast2}, 0x0, @in=@multicast2}}, &(0x7f00000001c0)=0xe8)

[  214.654327][ T9061] netlink: 34 bytes leftover after parsing attributes in process `syz-executor.4'.
[  214.782291][ T9071] ==================================================================
[  214.790782][ T9071] BUG: KASAN: null-ptr-deref in io_wq_cancel_all+0x28/0x2a0
[  214.798073][ T9071] Write of size 8 at addr 0000000000000004 by task syz-executor.1/9071
[  214.806308][ T9071] 
[  214.808643][ T9071] CPU: 1 PID: 9071 Comm: syz-executor.1 Not tainted 5.4.0-rc4-next-20191025 #0
[  214.817673][ T9071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  214.827908][ T9071] Call Trace:
[  214.827938][ T9071]  dump_stack+0x172/0x1f0
[  214.827957][ T9071]  ? io_wq_cancel_all+0x28/0x2a0
[  214.827967][ T9071]  ? io_wq_cancel_all+0x28/0x2a0
[  214.827980][ T9071]  __kasan_report.cold+0x5/0x41
[  214.835681][ T9071]  ? io_wq_cancel_all+0x28/0x2a0
[  214.835701][ T9071]  kasan_report+0x12/0x20
[  214.835717][ T9071]  check_memory_region+0x134/0x1a0
[  214.835729][ T9071]  __kasan_check_write+0x14/0x20
[  214.835745][ T9071]  io_wq_cancel_all+0x28/0x2a0
[  214.874640][ T9071]  io_ring_ctx_wait_and_kill+0x1e2/0x710
[  214.880285][ T9071]  io_uring_release+0x42/0x50
[  214.884970][ T9071]  __fput+0x2ff/0x890
[  214.888962][ T9071]  ? io_ring_ctx_wait_and_kill+0x710/0x710
[  214.894774][ T9071]  ____fput+0x16/0x20
[  214.894793][ T9071]  task_work_run+0x145/0x1c0
[  214.903328][ T9071]  do_exit+0x904/0x2e60
[  214.903349][ T9071]  ? mm_update_next_owner+0x640/0x640
[  214.903368][ T9071]  ? lock_downgrade+0x920/0x920
[  214.903389][ T9071]  ? _raw_spin_unlock_irq+0x23/0x80
[  214.923256][ T9071]  ? get_signal+0x392/0x24f0
23:48:15 executing program 0:
accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000680), 0x0, 0x800)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(0x0, 0x0, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x3f, 0x5}, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$setpipe(r2, 0x407, 0x0)
write(r2, &(0x7f0000000340), 0x41395527)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0)
mkdir(&(0x7f00000000c0)='./file0\x00', 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x481, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x20}, 0x200000000, 0x2, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mount(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000001c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000))
r3 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x1005, 0x0)
ioctl$int_in(r3, 0x800060800c5011, &(0x7f0000000180))
setsockopt$inet6_MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xcc, &(0x7f00000002c0)={{0xa, 0x4e23, 0x1ff, @remote, 0x3}, {0xa, 0x4e21, 0x0, @empty, 0x1000}, 0x86, [0x0, 0x20, 0x100, 0x3, 0x6, 0x9, 0x0, 0x8]}, 0x5c)
ioctl$KVM_SET_NR_MMU_PAGES(0xffffffffffffffff, 0xae44, 0x2)
r4 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x1005, 0x0)
ioctl$int_in(r4, 0x800060800c5011, 0x0)
ioctl$UI_SET_RELBIT(0xffffffffffffffff, 0x40045566, 0x5)

23:48:15 executing program 3:
shmget$private(0x0, 0x1000, 0x78000800, &(0x7f0000ffb000/0x1000)=nil)
syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x10000, 0x100)
syz_genetlink_get_family_id$team(&(0x7f0000000080)='team\x00')
r0 = socket$inet_dccp(0x2, 0x6, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000006c0)=@mangle={'mangle\x00', 0x1f, 0x6, 0x490, 0x0, 0x3a0, 0xc0, 0x3a0, 0x3a0, 0x498, 0x498, 0x498, 0x498, 0x498, 0x6, 0x0, {[{{@ip={@multicast2, @dev, 0x0, 0x0, 'veth0_to_bond\x00', 'ipddp0\x00'}, 0x0, 0x98, 0xc0}, @inet=@DSCP={0x28, 'DSCP\x00'}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, 0x0, 0x0, 'bridge_slave_0\x00', 'irlan0\x00'}, 0x0, 0x98, 0xc0}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@uncond, 0x0, 0x98, 0xc0}, @inet=@TOS={0x28, 'TOS\x00'}}, {{@ip={@remote, @remote, 0x0, 0x0, 'lo\x00', 'nlmon0\x00'}, 0x0, 0x98, 0xc0}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @local, 0x0, 0x0, 'veth0_to_hsr\x00', 'bridge_slave_1\x00'}, 0x0, 0x98, 0xf8}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @random="5da8e28f6b9f"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4f0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth0_to_bridge\x00'})
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=@newlink={0x38, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_LINKINFO={0x18, 0x12, @vti={{0x8, 0x1, 'vti\x00'}, {0xc, 0x2, [@vti_common_policy=[@IFLA_VTI_LINK={0x8, 0x1, r5}]]}}}]}, 0x38}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00'})
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000140)={0x0, @remote, @local}, &(0x7f0000000180)=0xc)
getsockname$packet(0xffffffffffffffff, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'team0\x00'})
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000280)={{{@in6=@empty, @in6=@mcast1}}, {{@in6=@ipv4={[], [], @dev}}, 0x0, @in=@loopback}}, &(0x7f0000000380)=0xe8)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x31, &(0x7f00000003c0)={@rand_addr, @local}, &(0x7f0000000400)=0xc)
accept$packet(0xffffffffffffffff, &(0x7f0000000440)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000480)=0x14)
recvmmsg(0xffffffffffffffff, &(0x7f0000003580)=[{{&(0x7f0000000580)=@xdp, 0x80, &(0x7f0000000840)=[{&(0x7f0000000600)=""/228, 0xe4}, {&(0x7f0000000700)=""/97, 0x61}, {&(0x7f0000000780)=""/84, 0x54}, {&(0x7f0000000800)=""/14, 0xe}], 0x4, &(0x7f0000000880)=""/4096, 0x1000}}, {{&(0x7f0000001880)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x80, &(0x7f0000002e00)=[{&(0x7f0000001900)=""/34, 0x22}, {&(0x7f0000001940)=""/128, 0x80}, {&(0x7f00000019c0)=""/145, 0x91}, {&(0x7f0000001a80)=""/64, 0x40}, {&(0x7f0000001ac0)=""/81, 0x51}, {&(0x7f0000001b40)=""/100, 0x64}, {&(0x7f0000001bc0)=""/154, 0x9a}, {&(0x7f0000001c80)=""/238, 0xee}, {&(0x7f0000001d80)=""/112, 0x70}, {&(0x7f0000001e00)=""/4096, 0x1000}], 0xa, &(0x7f0000002ec0)=""/223, 0xdf}, 0x81}, {{0x0, 0x0, &(0x7f0000003280)=[{&(0x7f0000002fc0)=""/127, 0x7f}, {&(0x7f0000003040)=""/90, 0x5a}, {&(0x7f00000030c0)=""/83, 0x53}, {&(0x7f0000003140)=""/159, 0x9f}, {&(0x7f0000003200)=""/77, 0x4d}], 0x5, &(0x7f0000003300)=""/148, 0x94}, 0x3f}, {{&(0x7f00000033c0)=@can, 0x80, &(0x7f0000003500)=[{&(0x7f0000003440)=""/167, 0xa7}], 0x1, &(0x7f0000003540)=""/10, 0xa}, 0xfffffff9}], 0x4, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r10 = socket(0x1, 0x803, 0x0)
getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, <r11=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=@newlink={0x38, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r9}, [@IFLA_LINKINFO={0x18, 0x12, @vti={{0x8, 0x1, 'vti\x00'}, {0xc, 0x2, [@vti_common_policy=[@IFLA_VTI_LINK={0x8, 0x1, r11}]]}}}]}, 0x38}}, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000002a80)=@newlink={0x60, 0x10, 0x40d, 0x3, 0x0, {0x0, 0x0, 0x0, r9}, [@IFLA_LINKINFO={0x40, 0x12, @vti={{0x8, 0x1, 'vti\x00'}, {0x34, 0x2, [@IFLA_VTI_REMOTE={0x8, 0x5, @loopback}, @vti_common_policy=[@IFLA_VTI_IKEY={0x8, 0x2, 0x8}, @IFLA_VTI_FWMARK={0x8, 0x6, 0x5}, @IFLA_VTI_LINK={0x8}, @IFLA_VTI_IKEY={0x8, 0x2, 0x9}, @IFLA_VTI_IKEY={0x8, 0x2, 0x1}]]}}}]}, 0x60}}, 0x0)

[  214.928386][ T9071]  ? _raw_spin_unlock_irq+0x23/0x80
[  214.933856][ T9071]  do_group_exit+0x135/0x360
[  214.938477][ T9071]  get_signal+0x47c/0x24f0
[  214.943003][ T9071]  ? __kasan_check_read+0x11/0x20
[  214.948074][ T9071]  do_signal+0x87/0x1700
[  214.952322][ T9071]  ? finish_task_switch+0x147/0x750
[  214.957553][ T9071]  ? calculate_sigpending+0x86/0xa0
[  214.962776][ T9071]  ? setup_sigcontext+0x7d0/0x7d0
[  214.967985][ T9071]  ? calculate_sigpending+0x86/0xa0
[  214.975024][ T9071]  ? exit_to_usermode_loop+0x43/0x380
[  214.980408][ T9071]  ? syscall_return_slowpath+0x47a/0x530
[  214.986046][ T9071]  ? exit_to_usermode_loop+0x43/0x380
[  214.991425][ T9071]  ? lockdep_hardirqs_on+0x421/0x5e0
[  214.991442][ T9071]  ? trace_hardirqs_on+0x67/0x240
[  214.991463][ T9071]  exit_to_usermode_loop+0x286/0x380
[  214.991481][ T9071]  syscall_return_slowpath+0x47a/0x530
[  214.991498][ T9071]  ret_from_fork+0x15/0x30
[  214.991515][ T9071] RIP: 0033:0x45c909
23:48:15 executing program 5:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='bbr\x00', 0x4)

[  215.002075][ T9071] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75
[  215.002082][ T9071] RSP: 002b:00007f7adf7a1db0 EFLAGS: 00000202 ORIG_RAX: 0000000000000038
[  215.002096][ T9071] RAX: 0000000000000000 RBX: 00007f7adf7a2700 RCX: 000000000045c909
[  215.002104][ T9071] RDX: 00007f7adf7a29d0 RSI: 00007f7adf7a1db0 RDI: 00000000003d0f00
[  215.002112][ T9071] RBP: 00007ffd4abf9060 R08: 00007f7adf7a2700 R09: 00007f7adf7a2700
[  215.002120][ T9071] R10: 00007f7adf7a29d0 R11: 0000000000000202 R12: 0000000000000000
[  215.002129][ T9071] R13: 00007ffd4abf8eff R14: 00007f7adf7a29c0 R15: 000000000075bfd4
[  215.002151][ T9071] ==================================================================
[  215.002155][ T9071] Disabling lock debugging due to kernel taint
[  215.033613][ T9071] Kernel panic - not syncing: panic_on_warn set ...
[  215.044412][ T3919] kobject: 'loop5' (0000000042754130): kobject_uevent_env
[  215.049668][ T9071] CPU: 1 PID: 9071 Comm: syz-executor.1 Tainted: G    B             5.4.0-rc4-next-20191025 #0
[  215.060029][ T3919] kobject: 'loop5' (0000000042754130): fill_kobj_path: path = '/devices/virtual/block/loop5'
[  215.065943][ T9071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  215.065948][ T9071] Call Trace:
[  215.065966][ T9071]  dump_stack+0x172/0x1f0
[  215.065980][ T9071]  panic+0x2e3/0x75c
[  215.065990][ T9071]  ? add_taint.cold+0x16/0x16
[  215.066002][ T9071]  ? io_wq_cancel_all+0x28/0x2a0
[  215.066018][ T9071]  ? preempt_schedule+0x4b/0x60
[  215.118991][ T9084] kobject: 'vti0' (00000000d881233a): fill_kobj_path: path = '/devices/virtual/net/vti0'
[  215.128400][ T9071]  ? ___preempt_schedule+0x16/0x18
[  215.128414][ T9071]  ? trace_hardirqs_on+0x5e/0x240
[  215.128427][ T9071]  ? io_wq_cancel_all+0x28/0x2a0
[  215.128439][ T9071]  end_report+0x47/0x4f
[  215.128448][ T9071]  ? io_wq_cancel_all+0x28/0x2a0
[  215.128457][ T9071]  __kasan_report.cold+0xe/0x41
[  215.128474][ T9071]  ? io_wq_cancel_all+0x28/0x2a0
[  215.139842][ T9084] kobject: 'queues' (00000000ae9d3cd6): kobject_add_internal: parent: 'vti0', set: '<NULL>'
[  215.149306][ T9071]  kasan_report+0x12/0x20
[  215.149320][ T9071]  check_memory_region+0x134/0x1a0
[  215.149333][ T9071]  __kasan_check_write+0x14/0x20
[  215.149344][ T9071]  io_wq_cancel_all+0x28/0x2a0
[  215.149356][ T9071]  io_ring_ctx_wait_and_kill+0x1e2/0x710
[  215.149374][ T9071]  io_uring_release+0x42/0x50
[  215.153095][ T9084] kobject: 'queues' (00000000ae9d3cd6): kobject_uevent_env
[  215.156972][ T9071]  __fput+0x2ff/0x890
[  215.156988][ T9071]  ? io_ring_ctx_wait_and_kill+0x710/0x710
[  215.157000][ T9071]  ____fput+0x16/0x20
[  215.157016][ T9071]  task_work_run+0x145/0x1c0
[  215.160996][ T9084] kobject: 'queues' (00000000ae9d3cd6): kobject_uevent_env: filter function caused the event to drop!
[  215.165557][ T9071]  do_exit+0x904/0x2e60
[  215.165574][ T9071]  ? mm_update_next_owner+0x640/0x640
[  215.165591][ T9071]  ? lock_downgrade+0x920/0x920
[  215.165605][ T9071]  ? _raw_spin_unlock_irq+0x23/0x80
[  215.165616][ T9071]  ? get_signal+0x392/0x24f0
[  215.165632][ T9071]  ? _raw_spin_unlock_irq+0x23/0x80
[  215.172387][ T9084] kobject: 'rx-0' (00000000285d1c77): kobject_add_internal: parent: 'queues', set: 'queues'
[  215.175470][ T9071]  do_group_exit+0x135/0x360
[  215.175486][ T9071]  get_signal+0x47c/0x24f0
[  215.175508][ T9071]  ? __kasan_check_read+0x11/0x20
[  215.186231][ T9084] kobject: 'rx-0' (00000000285d1c77): kobject_uevent_env
[  215.190639][ T9071]  do_signal+0x87/0x1700
[  215.190654][ T9071]  ? finish_task_switch+0x147/0x750
[  215.190668][ T9071]  ? calculate_sigpending+0x86/0xa0
[  215.190685][ T9071]  ? setup_sigcontext+0x7d0/0x7d0
[  215.196198][ T9084] kobject: 'rx-0' (00000000285d1c77): fill_kobj_path: path = '/devices/virtual/net/vti0/queues/rx-0'
[  215.200712][ T9071]  ? calculate_sigpending+0x86/0xa0
[  215.200733][ T9071]  ? exit_to_usermode_loop+0x43/0x380
[  215.200743][ T9071]  ? syscall_return_slowpath+0x47a/0x530
[  215.200760][ T9071]  ? exit_to_usermode_loop+0x43/0x380
[  215.205951][ T9084] kobject: 'tx-0' (0000000047d8e1b4): kobject_add_internal: parent: 'queues', set: 'queues'
[  215.210337][ T9071]  ? lockdep_hardirqs_on+0x421/0x5e0
[  215.210352][ T9071]  ? trace_hardirqs_on+0x67/0x240
[  215.210366][ T9071]  exit_to_usermode_loop+0x286/0x380
[  215.210384][ T9071]  syscall_return_slowpath+0x47a/0x530
[  215.215712][ T9084] kobject: 'tx-0' (0000000047d8e1b4): kobject_uevent_env
[  215.220129][ T9071]  ret_from_fork+0x15/0x30
[  215.220140][ T9071] RIP: 0033:0x45c909
[  215.220154][ T9071] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75
[  215.220160][ T9071] RSP: 002b:00007f7adf7a1db0 EFLAGS: 00000202 ORIG_RAX: 0000000000000038
[  215.230643][ T9084] kobject: 'tx-0' (0000000047d8e1b4): fill_kobj_path: path = '/devices/virtual/net/vti0/queues/tx-0'
[  215.234534][ T9071] RAX: 0000000000000000 RBX: 00007f7adf7a2700 RCX: 000000000045c909
[  215.234542][ T9071] RDX: 00007f7adf7a29d0 RSI: 00007f7adf7a1db0 RDI: 00000000003d0f00
[  215.234549][ T9071] RBP: 00007ffd4abf9060 R08: 00007f7adf7a2700 R09: 00007f7adf7a2700
[  215.234557][ T9071] R10: 00007f7adf7a29d0 R11: 0000000000000202 R12: 0000000000000000
[  215.234563][ T9071] R13: 00007ffd4abf8eff R14: 00007f7adf7a29c0 R15: 000000000075bfd4
[  215.236267][ T9071] Kernel Offset: disabled
[  215.542297][ T9071] Rebooting in 86400 seconds..