[   59.751056][   T26] audit: type=1800 audit(1573024797.969:25): pid=8895 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   59.785966][   T26] audit: type=1800 audit(1573024797.969:26): pid=8895 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   59.808604][   T26] audit: type=1800 audit(1573024797.969:27): pid=8895 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[   60.427059][ T8962] sshd (8962) used greatest stack depth: 22888 bytes left
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.79' (ECDSA) to the list of known hosts.
2019/11/06 07:20:09 fuzzer started
2019/11/06 07:20:11 dialing manager at 10.128.0.26:46669
2019/11/06 07:20:11 syscalls: 2566
2019/11/06 07:20:11 code coverage: enabled
2019/11/06 07:20:11 comparison tracing: enabled
2019/11/06 07:20:11 extra coverage: enabled
2019/11/06 07:20:11 setuid sandbox: enabled
2019/11/06 07:20:11 namespace sandbox: enabled
2019/11/06 07:20:11 Android sandbox: /sys/fs/selinux/policy does not exist
2019/11/06 07:20:11 fault injection: enabled
2019/11/06 07:20:11 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/11/06 07:20:11 net packet injection: enabled
2019/11/06 07:20:11 net device setup: enabled
2019/11/06 07:20:11 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2019/11/06 07:20:11 devlink PCI setup: PCI device 0000:00:10.0 is not available
07:22:27 executing program 0:
request_key(&(0x7f0000000140)='id_resolver\x00', 0x0, 0x0, 0xfffffffffffffffe)
sendmsg$TIPC_CMD_SET_NETID(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x1}, 0xc, 0x0}, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x0, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0)

07:22:27 executing program 1:
semop(0x0, 0x0, 0x110)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x80000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x1, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000004640)=[{{0x0, 0x0, &(0x7f0000000200)=[{0x0, 0x1c7}], 0x1}}], 0x1, 0x0, 0x0)
r1 = syz_open_dev$dri(0x0, 0x95, 0x0)
socket$netlink(0x10, 0x3, 0x0)
finit_module(r1, 0x0, 0x0)
ioctl$KDDISABIO(0xffffffffffffffff, 0x4b37)
open(&(0x7f0000000180)='./file0\x00', 0x101000, 0x80)
setsockopt$RDS_CONG_MONITOR(0xffffffffffffffff, 0x114, 0x6, &(0x7f00000002c0), 0x4)
request_key(0x0, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
writev(r0, &(0x7f00000023c0), 0x1000000000000252)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x200000000000013, &(0x7f0000000280), 0x4)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
ioctl$TCSETX(0xffffffffffffffff, 0x5433, &(0x7f00000001c0)={0x0, 0x7, [0x0, 0x0, 0x480, 0x3ff, 0x9]})
accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x0)

syzkaller login: [  209.161207][ T9063] IPVS: ftp: loaded support on port[0] = 21
[  209.269916][ T9065] IPVS: ftp: loaded support on port[0] = 21
07:22:27 executing program 2:
recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x38b, 0x0, 0x267}}], 0x8000000000000ee, 0x0, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='stat\x00X\xe1\x7f6\xf2Dk\xeb\x1c\xf4\xf3\xa9\x9e\xbdA\xcdy\xb2\x17\xcd\x90\xfe\x04>\x130\xba\xf8Z\xbe\xa3\xcc\x06Wv\x9d\xd8\x1c ,1\xa24\xb7\xe1\x85\x1aX\x04u\xdaAh\xfd\x86\xeb\xfcc\xe0\xa5\x154\xfe\x8c\xd9q>\xd0\x00\x00\n\x9cp\x9e\n\xb9\x13\xc6r\x12\x84\x18\xcd\xf5\xf3\x9a\xa6+\x9d\x1ba5\x90$-\xb5\x02\xc2M\x05A%\xd7\x99@**M3\xe2A\xd8}v\xfd\xe1\xbf5\xc4\x12!\'\xaf\xef\x058?\xa6\x94\fw\x9fq\x06\a(s9Mwr\xd1\x8b\x8b\xdf')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
preadv(r0, &(0x7f00000017c0), 0x19b, 0x0)

[  209.372432][ T9063] chnl_net:caif_netlink_parms(): no params data found
[  209.431147][ T9063] bridge0: port 1(bridge_slave_0) entered blocking state
[  209.457092][ T9063] bridge0: port 1(bridge_slave_0) entered disabled state
[  209.466918][ T9063] device bridge_slave_0 entered promiscuous mode
[  209.496796][ T9063] bridge0: port 2(bridge_slave_1) entered blocking state
[  209.503957][ T9063] bridge0: port 2(bridge_slave_1) entered disabled state
[  209.512740][ T9063] device bridge_slave_1 entered promiscuous mode
[  209.580589][ T9063] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  209.623957][ T9063] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  209.642102][ T9068] IPVS: ftp: loaded support on port[0] = 21
[  209.685316][ T9065] chnl_net:caif_netlink_parms(): no params data found
[  209.703158][ T9063] team0: Port device team_slave_0 added
07:22:27 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioprio_get$uid(0x3, r3)

[  209.730878][ T9063] team0: Port device team_slave_1 added
[  209.849308][ T9063] device hsr_slave_0 entered promiscuous mode
[  209.889373][ T9063] device hsr_slave_1 entered promiscuous mode
[  209.959455][ T9065] bridge0: port 1(bridge_slave_0) entered blocking state
[  209.975969][ T9065] bridge0: port 1(bridge_slave_0) entered disabled state
[  209.983760][ T9065] device bridge_slave_0 entered promiscuous mode
[  209.994449][ T9065] bridge0: port 2(bridge_slave_1) entered blocking state
[  210.003900][ T9065] bridge0: port 2(bridge_slave_1) entered disabled state
[  210.012230][ T9065] device bridge_slave_1 entered promiscuous mode
[  210.042539][ T9071] IPVS: ftp: loaded support on port[0] = 21
07:22:28 executing program 4:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip_tables_matches\x00c\x9e\x8f\xf1\x05\b\x1dA\x96\xa2\a\r+\xb7\xba\x93\xe1\x03\xa2]{\x9a\xbf\xd3\fm$\x15se\xa4~\xff\xe8\xf2\xc9\xf6\xa6\x13\x80f\x8c\xe6\xc1\xecA\x8dd\xf4\xee\x85\xefRh\xeb6\x99\x03\x8fo\xd3\xee\xab\xe4_n\x98S<A\xaa\x96[\x96\xcc\x1e;0k\xe2W!\xb4\x95\xe3\xe1\xc55\x9b\xea\xeeb\x0f`\x1dJ?h\xf1\xe61\xe0by0\xd0\xb2\x8c\x1d\x16\x91\xa5.{L\xfc')
readv(r0, &(0x7f0000002340)=[{&(0x7f0000000380)=""/4096, 0x1000}], 0x1)

[  210.095043][ T9065] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  210.125149][ T9065] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  210.243468][ T9065] team0: Port device team_slave_0 added
[  210.257504][ T9065] team0: Port device team_slave_1 added
[  210.266395][ T9068] chnl_net:caif_netlink_parms(): no params data found
[  210.369326][ T9065] device hsr_slave_0 entered promiscuous mode
07:22:28 executing program 5:
semop(0x0, 0x0, 0x110)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x80000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x1, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000004640)=[{{0x0, 0x0, &(0x7f0000000200)=[{0x0, 0x1c7}], 0x1}}], 0x1, 0x80, 0x0)
syz_open_dev$dri(0x0, 0x95, 0x0)
socket$netlink(0x10, 0x3, 0x0)
ioctl$KDDISABIO(0xffffffffffffffff, 0x4b37)
r1 = open(0x0, 0x101000, 0x80)
setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, 0x0, 0x0)
writev(r0, &(0x7f00000023c0), 0x1000000000000252)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
bind$alg(0xffffffffffffffff, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'crc32\x00'}, 0x58)
ioctl$TCSETX(0xffffffffffffffff, 0x5433, &(0x7f00000001c0)={0x5, 0x7, [0x1, 0x8, 0x480, 0x3ff, 0x9], 0x3})
accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x0)
dup(r0)

[  210.417676][ T9065] device hsr_slave_1 entered promiscuous mode
[  210.497846][ T9065] debugfs: Directory 'hsr0' with parent '/' already present!
[  210.546994][ T9074] IPVS: ftp: loaded support on port[0] = 21
[  210.560554][ T9068] bridge0: port 1(bridge_slave_0) entered blocking state
[  210.570057][ T9068] bridge0: port 1(bridge_slave_0) entered disabled state
[  210.578871][ T9068] device bridge_slave_0 entered promiscuous mode
[  210.587053][ T9068] bridge0: port 2(bridge_slave_1) entered blocking state
[  210.595022][ T9068] bridge0: port 2(bridge_slave_1) entered disabled state
[  210.596811][ T9076] IPVS: ftp: loaded support on port[0] = 21
[  210.609016][ T9068] device bridge_slave_1 entered promiscuous mode
[  210.637459][ T9068] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  210.653318][ T9068] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  210.703878][ T9068] team0: Port device team_slave_0 added
[  210.729941][ T9068] team0: Port device team_slave_1 added
[  210.799927][ T9068] device hsr_slave_0 entered promiscuous mode
[  210.838896][ T9068] device hsr_slave_1 entered promiscuous mode
[  210.877172][ T9068] debugfs: Directory 'hsr0' with parent '/' already present!
[  210.983852][ T9071] chnl_net:caif_netlink_parms(): no params data found
[  211.083539][ T9074] chnl_net:caif_netlink_parms(): no params data found
[  211.097102][ T9071] bridge0: port 1(bridge_slave_0) entered blocking state
[  211.104249][ T9071] bridge0: port 1(bridge_slave_0) entered disabled state
[  211.115182][ T9071] device bridge_slave_0 entered promiscuous mode
[  211.124961][ T9071] bridge0: port 2(bridge_slave_1) entered blocking state
[  211.132232][ T9071] bridge0: port 2(bridge_slave_1) entered disabled state
[  211.140589][ T9071] device bridge_slave_1 entered promiscuous mode
[  211.155187][ T9076] chnl_net:caif_netlink_parms(): no params data found
[  211.201558][ T9071] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  211.232737][ T9071] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  211.255375][ T9074] bridge0: port 1(bridge_slave_0) entered blocking state
[  211.263821][ T9074] bridge0: port 1(bridge_slave_0) entered disabled state
[  211.272574][ T9074] device bridge_slave_0 entered promiscuous mode
[  211.292945][ T9076] bridge0: port 1(bridge_slave_0) entered blocking state
[  211.300118][ T9076] bridge0: port 1(bridge_slave_0) entered disabled state
[  211.308385][ T9076] device bridge_slave_0 entered promiscuous mode
[  211.319445][ T9074] bridge0: port 2(bridge_slave_1) entered blocking state
[  211.329497][ T9074] bridge0: port 2(bridge_slave_1) entered disabled state
[  211.338126][ T9074] device bridge_slave_1 entered promiscuous mode
[  211.347502][ T9071] team0: Port device team_slave_0 added
[  211.359328][ T9076] bridge0: port 2(bridge_slave_1) entered blocking state
[  211.368647][ T9076] bridge0: port 2(bridge_slave_1) entered disabled state
[  211.377020][ T9076] device bridge_slave_1 entered promiscuous mode
[  211.385180][ T9071] team0: Port device team_slave_1 added
[  211.401533][ T9074] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  211.426298][ T9074] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  211.445512][ T9076] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  211.474268][ T9076] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  211.477789][ T9063] netdevsim: probe of netdevsim0 failed with error -17
[  211.500392][ T9074] team0: Port device team_slave_0 added
[  211.539738][ T9071] device hsr_slave_0 entered promiscuous mode
[  211.596702][ T9071] device hsr_slave_1 entered promiscuous mode
[  211.665945][ T9071] debugfs: Directory 'hsr0' with parent '/' already present!
[  211.683520][ T9074] team0: Port device team_slave_1 added
[  211.705441][ T9076] team0: Port device team_slave_0 added
[  211.729892][ T9076] team0: Port device team_slave_1 added
[  211.798550][ T9074] device hsr_slave_0 entered promiscuous mode
[  211.839104][ T9074] device hsr_slave_1 entered promiscuous mode
[  211.887623][ T9074] debugfs: Directory 'hsr0' with parent '/' already present!
[  211.957391][ T9065] netdevsim: probe of netdevsim1 failed with error -17
[  211.978136][ T9076] device hsr_slave_0 entered promiscuous mode
[  212.026500][ T9076] device hsr_slave_1 entered promiscuous mode
[  212.086060][ T9076] debugfs: Directory 'hsr0' with parent '/' already present!
[  212.183451][ T9063] 8021q: adding VLAN 0 to HW filter on device bond0
[  212.203963][ T3103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  212.214552][ T3103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  212.229256][ T9063] 8021q: adding VLAN 0 to HW filter on device team0
[  212.246710][ T9077] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  212.255399][ T9077] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  212.265456][ T9077] bridge0: port 1(bridge_slave_0) entered blocking state
[  212.272817][ T9077] bridge0: port 1(bridge_slave_0) entered forwarding state
[  212.282855][ T9077] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  212.299931][ T9068] netdevsim: probe of netdevsim2 failed with error -17
[  212.319634][ T9082] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  212.328900][ T9082] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  212.338371][ T9082] bridge0: port 2(bridge_slave_1) entered blocking state
[  212.345712][ T9082] bridge0: port 2(bridge_slave_1) entered forwarding state
[  212.358435][ T9065] 8021q: adding VLAN 0 to HW filter on device bond0
[  212.374859][ T9082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  212.393513][ T9065] 8021q: adding VLAN 0 to HW filter on device team0
[  212.407949][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  212.419024][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  212.428731][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  212.437827][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  212.445497][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  212.454149][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  212.463191][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  212.481643][ T9063] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  212.492639][ T9063] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  212.510550][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  212.518942][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  212.527756][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  212.538117][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  212.546854][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  212.555108][   T17] bridge0: port 1(bridge_slave_0) entered blocking state
[  212.562311][   T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[  212.570043][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  212.578526][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  212.586951][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  212.595437][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  212.603915][   T17] bridge0: port 2(bridge_slave_1) entered blocking state
[  212.611131][   T17] bridge0: port 2(bridge_slave_1) entered forwarding state
[  212.632617][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  212.640973][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  212.650314][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  212.658996][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  212.680667][ T9077] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  212.691757][ T9077] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  212.700981][ T9077] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  212.709309][ T9077] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  212.717170][ T9077] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  212.726594][ T9077] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  212.735758][ T9077] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  212.747894][ T9063] 8021q: adding VLAN 0 to HW filter on device batadv0
[  212.790831][ T9065] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  212.801871][ T9065] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  212.824787][ T3103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  212.835749][ T3103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  212.844728][ T3103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  212.855320][ T3103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  212.864462][ T3103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  212.899877][ T9068] 8021q: adding VLAN 0 to HW filter on device bond0
[  212.920198][ T9077] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  212.929566][ T9077] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  212.937877][ T9077] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  212.945735][ T9077] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  212.959539][ T9065] 8021q: adding VLAN 0 to HW filter on device batadv0
[  212.970739][ T9068] 8021q: adding VLAN 0 to HW filter on device team0
[  212.985148][ T9077] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  212.994684][ T9077] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  213.008423][ T9077] bridge0: port 1(bridge_slave_0) entered blocking state
[  213.015548][ T9077] bridge0: port 1(bridge_slave_0) entered forwarding state
[  213.096755][ T9081] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  213.105089][ T9081] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  213.114245][ T9081] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  213.125058][ T9081] bridge0: port 2(bridge_slave_1) entered blocking state
[  213.132241][ T9081] bridge0: port 2(bridge_slave_1) entered forwarding state
[  213.141803][ T9081] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  213.180784][ T9092] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  213.190360][ T9092] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  213.200179][ T9092] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  213.211213][ T9097] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  213.212679][ T9092] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  213.231281][ T9092] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  213.237162][ T9097] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 overlaps block group descriptors
[  213.240293][ T9092] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  213.259539][ T9092] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  213.268563][ T9092] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  213.271503][ T9097] EXT4-fs error (device loop0): ext4_fill_super:4479: inode #2: comm syz-executor.0: iget: root inode unallocated
[  213.280768][ T9092] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  213.306805][ T9068] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  213.310956][ T9097] EXT4-fs (loop0): get root inode failed
[  213.320093][ T9097] EXT4-fs (loop0): mount failed
[  213.336000][ T9096] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  213.348341][ T9096] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  213.356905][ T9096] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  213.372606][ T9068] 8021q: adding VLAN 0 to HW filter on device batadv0
07:22:31 executing program 0:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0x2b2}, {&(0x7f0000000100)="0900000000003639408fa3a3ba27660199783b0a82f79b32a7c8225086600a38e07d4db88a66596759e95307b680ab73e03c53555c97bdc56a39da4d44a994474a9fa3f355214eeabd24fd620b2022d5ad63b369aaffe9a6b608a5fede0eca95d71f2d3e60613a027fb5f2bcbd92d40700000000000000165ccf1032f51d36ab231f6c20d87e9167edf69776dca67d90a17ccd18fb9c7b21d53478e382dcf296a23a060b", 0xf9}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{0x0}], 0x1)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

[  213.455757][ T9071] netdevsim: probe of netdevsim3 failed with error -17
[  213.478543][    C1] hrtimer: interrupt took 31742 ns
[  213.566725][ T9074] netdevsim: probe of netdevsim4 failed with error -17
[  213.572501][ T9071] 8021q: adding VLAN 0 to HW filter on device bond0
[  213.586847][ T9076] netdevsim: probe of netdevsim5 failed with error -17
[  213.604747][ T9096] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  213.631195][ T9096] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  213.642678][ T9071] 8021q: adding VLAN 0 to HW filter on device team0
[  213.687588][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  213.698376][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  213.719524][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  213.726689][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  213.736644][ T9113] ptrace attach of "/root/syz-executor.0"[9112] was attempted by "/root/syz-executor.0"[9113]
[  213.743038][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  213.763122][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  213.771749][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  213.778870][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
07:22:32 executing program 0:
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x67, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, 0xffffffffffffffff)

[  213.792699][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
07:22:32 executing program 1:
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000005c0)='/group.sta\x9f\xd4t\x00+\x04J{\t\xab\v\x02t\xe1\t\x85\xa6\xfa\x15\xb3[\xa6\x94!\xf2\x04\xde\xc5f\x8a\x06\x00\x00\x00\xb9\x0f\xf8`\xe0\x1f&+\xaf\xacu\nm\\\xe2Y\xcba\xea\f\xd9DXX>\xef/\xc5\x97\xea\x93\xa7\xde\xc9\xb4\x16\x8eF\x8b\xe0Wm\x1d\x0e\xbf\x8b\xc4G\x8f\x8e\xd8[T|i$\x88\x04\x00\x92\xee2\xc2$Wx\x15^\xdaM\xeaB\x00\x00\x00\x00\x00\x00\x90\x1eB\x8b\x98\xad\xd17_Q\xe15\x84\x8f\xea\x98\xc6\xe3WZ;\xce\x05\xfc\x95\xd9\x88\x1f|\x8b\xf1\xbf\xf2u\xdd\xd8AV\xd87\x96M\xea\xd2\xa2iM\xe9\xa1\xbc\xba}\xbe\xa1\x05J\"\f\xf9\b\xcf\xb8J\x13#\xecT\xdf\xe0\x9dOA>\xe9\x99\xf8\xaf@{dw\b\xe7{\xaf\x9a\x1e3\xc1\x83&\x89\xc2\xa5\xb1\xe2NN\xdf\xd3\x0f{\x8c\xc1\xc8y\x01\x04\x00\xc7\x94\xe3\x89|\xd7\x9f\xd3\x06\x17\xe6]\xd7\x81q\x1d\x1dN\x9e\xf4c\x83\x86_\xfc\xbc\xdd\xd4{\xde\xc4\xe5\xb6\b;L\x1cN\xa2\xc9k\xd7 \xc3\xe4\x19\x96\x8c\x04\xea\x9c9\xfa\xe3\xc1\x8dDuTHL\n\xe8\xb7oSx\'\xfd=\xfc\xa4\xa51\b\x02j\xb7\x98{`\x89\x8c\xd3\xc6\xe8\xe2\x9b\xd7\xab\xd1s\xfb\xaa\xcd\x9d\xf1\x9e\xee\xe3e\xf1\x91\xf7\xee%\xf8\xc7G', 0x2761, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x3e, &(0x7f0000000040)=r1, 0xab)
sendmsg(r0, &(0x7f0000000080)={&(0x7f00000003c0)=@in={0x2, 0x0, @loopback}, 0x80, 0x0}, 0x20000000)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x3, &(0x7f0000000ac0)=ANY=[@ANYBLOB="18000000000000000000000000000000950000000000000063efbef6e1d59ebaf921bc3e0e94824ce7d81a684797cc03933f7908e01a88ac407e83759d9e8922b52f6b5363da66fb58f7f643f88f13cc5ff30c5eaee0c97a96ce04e51d374b94b9c9b5308ecd92656cf1aa9d44c2e97eae7e63c3128cdb9a17fa49d028d5188edce63bf5c31d87307f77bcb463289101b07ef7ec204226cc01825761fc8c6f03353461661b04db398715cb1ad751dc4322e07e0e3b0d1952cd4311e2172ac4bb6464b5b878868f7d7025fbb8d6393daee79aeffdb8d7b3cdc05782aa75180fcebf683fe2f9cf2cb0e813bdb114e42c55a7ac6ba5e8a586dfcd73c19bba74d86a20221a6dc7318f6ce3fe382f4fcb6d8e8224587702914300d950756c81f0e886b954af14b58aa8cb37e6cec9204ccbbaf83ee4ed5616cdd141eca1d9ab9ab276bf7e8af76c36ab9c9a0594e72998487ae23abf9151a61de227dab9815ac0ebe7bf519bf7824f38e83bcbc044496d448aebfcd8b8e415ba76014f640349036c6a16d5f192c43fbe745e111176cb32a652ce07e850a2c08b37fb6011311219a2c1538c706d48a4b54367f574acf6096c3cb94f116b51abb8cc7ccc3c63ff39fa6e225ae00e5b777b9144a684e66c1b354c36408f8a0726a0000bc34a2ca7fc7982605f683e0ebc7cc4cc58f9920c7f19e2ba3b6eed47a2f441030000004c26cb4b4b80d3276439728f6b707fd8071e1a2ee55d0654b9168ac67785bb056e386a196d74876103a3172f85bbc17fb2c45804d6c622b881e2ce2cc9cce3a74a25e136bf3062d1d8a2d9fef1f7f54406b72bf1a93bf7e563f7b654b690c5b1847c0e74d18bfd2c0b0b806ccedd349d762ba151a586a55dfaba77a379a9303d55c7bf291fbed0b98dcce51b72d10808f0f0c6226cc542c33412fd9a332c062500703356eb0317a99a609f410966c0be9cca87e176d7435555103fb5bb117d9dbe81ae367b2656c14bb91abe12c253572a0f54c8c00a7ee2556434554bdd26f466a2a38535409114ddc159c8fcc841e17ffdbf16a8745d6e0e181ff201a32da5d986589a26f5a74a54a695353b3d6cd3d3a76bec84c432a5828f4fc7755e1faa03260f1de72dcb0a0c78bb27fd44230162ab9385b4bfd9e06996c7fa8271784e4c32cb68168da4246c9216b168111910b1cee9bb5d8d"], &(0x7f0000f6bffb)='GPL\x00', 0x1, 0xfb, &(0x7f00000002c0)=""/251}, 0x48)
r3 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000180)={r0, r2})
sendmsg$kcm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000017c0)=[{&(0x7f00000000c0)="b7", 0x1}], 0x1}, 0x0)

[  213.864466][ T9081] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  213.917077][ T9081] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  213.932487][ T9081] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  213.969927][ T9081] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  213.971228][ T9125] BPF:hdr_len not found
[  214.002439][ T9081] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  214.013491][ T9081] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  214.029495][ T9096] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  214.053842][ T9071] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
07:22:32 executing program 0:
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000000c0)="2e000000120081aee4050cecff0e00fa048b5bdb4cb904e473730e55cff26d1b0e001d80fffffff05e510befccd7", 0x2e}], 0x1, 0x0, 0x0, 0x88a8ffff00000000}, 0x0)
recvmsg(r0, &(0x7f000000f1c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5e9d43d79950e54}, 0x0)

[  214.064675][ T9071] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  214.084877][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  214.106652][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  214.121052][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  214.144981][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  214.156478][ T9131] netlink: 'syz-executor.0': attribute type 29 has an invalid length.
[  214.181067][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  214.190517][ T9131] netlink: 'syz-executor.0': attribute type 29 has an invalid length.
[  214.220335][ T9132] netlink: 'syz-executor.0': attribute type 29 has an invalid length.
07:22:32 executing program 2:
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x67, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x67, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1)

[  214.232899][ T9081] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  214.235532][ T9131] netlink: 'syz-executor.0': attribute type 29 has an invalid length.
[  214.246245][ T9081] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  214.309179][ T9071] 8021q: adding VLAN 0 to HW filter on device batadv0
[  214.327888][ T9131] netlink: 'syz-executor.0': attribute type 29 has an invalid length.
07:22:32 executing program 0:
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000100)='threaded\x00', 0x9)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000000)={0x19, 0x4, 0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x3c)
r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x67, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x67, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1)

[  214.373429][ T9074] 8021q: adding VLAN 0 to HW filter on device bond0
[  214.446842][ T3440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  214.455293][ T3440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
07:22:32 executing program 2:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x20000802, &(0x7f0000000100)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10)
read(r0, &(0x7f0000000600)=""/13, 0xccacf294)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
sendto$inet(r0, &(0x7f0000000c00)="b6", 0xfffffffffffffce2, 0x0, 0x0, 0x0)

[  214.487987][ T9074] 8021q: adding VLAN 0 to HW filter on device team0
[  214.523025][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  214.544027][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  214.561500][   T17] bridge0: port 1(bridge_slave_0) entered blocking state
[  214.568859][   T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[  214.588132][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  214.602642][ T9076] 8021q: adding VLAN 0 to HW filter on device bond0
07:22:32 executing program 0:
sendmsg(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)}], 0x3}, 0x0)
clone(0x800007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup3(r2, r1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="13d50f34"], 0x4}}, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0cda366f0001aeac44b8055fadbfac2a7dfe5d4965c1dcbe2544be6077bf0925f49126b4bd2dcbf0c45ceecc872b56070000000000000036bc9e892451c93db0ed05311b9e56097397f8640cef47628488498f2c8c6624e7329e5b17a6d63c0715"], 0x0, 0x61}, 0x20)
tkill(r0, 0x3b)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

[  214.635764][   T73] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  214.649405][   T73] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  214.658935][   T73] bridge0: port 2(bridge_slave_1) entered blocking state
[  214.666106][   T73] bridge0: port 2(bridge_slave_1) entered forwarding state
[  214.675005][   T73] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  214.714125][ T9076] 8021q: adding VLAN 0 to HW filter on device team0
[  214.740936][ T3440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
07:22:33 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$PPPIOCSFLAGS1(0xffffffffffffffff, 0x40047459, &(0x7f0000000040)=0x20)
ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc))
r1 = syz_open_pts(r0, 0x40000000002)
fcntl$dupfd(r0, 0x0, r0)
r2 = dup3(r1, r0, 0x0)
write$UHID_INPUT(r2, &(0x7f0000001340)={0x8, "e52aac313baccb9b551156a2d7c12b7711c32a17d3c4c9ceef08c2046fe288a7036e513019e5e114cc4ae935d23a9990952824f5d0c1f52e2eb94e5301ba9dc9a02818038eaef46fc2c3ebbe46e4a6024c93823f66462ba3d68913fdeadd1087b06846aa3ddf6ed3dc2b61b4960f48c2edf5cdf23c7e8d3f2e6daa71e66b29bc19e377d7df4637d735194a52da503a0ac44383ba5b3da867e09ceae02a9bfc21e7f28814c2fab7da41344e207ca706dc37592abdb685e4b80eb6dc2b1dc550a1d16166d163a4a220a54d7844facbbb2648ee90aa05c3c03ee447d79e517df8ffe70c215bd0bf69e86a5f48d571b9337590d05e9947727c0d77d18a117f110252735ca6700a55fd26838935808cce7b7c222a75339e44230bdeb99bc39c0c1cc20de74fcb9744f4c4a988f3874a846d31abcf5504d78a3e14f35f6cbd123fcff22890cc17c730c3ea9f74616dfe60064552ec25568a6211bdc39483a28bed0df0afc7d7c6d13d301e080c8846ea512a8ccae7a99da8dd3009feaf204d22e32c5ecc333e616159d55328d375e59194c5c9a0b3843afb283d1d26f59e03105e91aa552386468432a09be73220e942394f34c559797b74bfe7c5c2c639a40e4d2e81e1004b127540a0bdd6be2f95698e75e4f1203a47d61f506ac9364be9d98ae46536f74afe08c450ecb902e00f188c9f32aed0677455e10bbe82c763a464f10f64c403c35376b7a675546835209f0e2809e9c2bd191f784dda4b727bfac512497a07474e6d3e13233601df81abcdb6fbfb152483ec61baaee45a5d733c62107f63c55a046401a5ddef70cef8d52cb4784e3efc34de554c8ff48f7ae3d6dc1ed4eb70fe1e610355fd66ce1af8ff63b6641fb3dadfab8a9b0b1f26ca11f7287258ad4766e08340f8f2fd53e7e5f287bb73c186f0290f225687040c762776a02e5e65f1b9b713e8ef98ffe111b3e4e7b761dd3ed763ed8dafd67625fb300ac752c0ff9c0c04b75be292c3f0247bd0b3560f1c76aff38791037fcf2b812f1601934a8fc769f7198e0df685841489263a1495a8a8bab1a63cb12b3089a3e30aab15ae872437e52a6f0dbc4df2d0e8df4c6bcd47beefc179d85b70b42b319453e6efaff96a509420bec299f227c4b676c58038916897f15430ff52087dd97dd329c6b6e207378053accaa31843a333e4f69586103424f44bd67eb355c1fbe078e62f07ebaae46c3e335372127dc5fa70a4579af715e531bda52761dc206aded4678079720603a577ef7e5fb5a81a525b7c96a4047d9d6bb80d7e0ce55cc0a4f73256ae9c515307f13fe54126786de425d7a674b05116104176faac5b9365b33fd2f5a710a5159d342abecede83ad421bbb712cd5b006671a958cec907311719eb3e0b5dc4fb51054e06656a7a2a066c0aac65ceb434ca3f242cb2b1d7a22179a85cbbeeacc2f0135d8dd4d1363a98d2543fa4973e19eb359e956d27f142c75f62c7aecaf47090236b9791847725bc6fde15cd4a119a4976a3f0f2d622973ad9000aae56f88b396fa1881ec0b0a5de9955fc8f864b36eacd635b88826e0a64897d605fa4a14f7786b037cf308bef61c7f860e38f1ae67fe8cb7802dbe85f9c0c082eed1a13e645370d0c95d63bba215ac8a637b8f968aef06329d62ba131b56b46bfcfa6a5e82016d5eeb6e7db45595d1acaaa5ec9886315d3dced9d0a15c44c043ac91e4ae7077139774607b76cbc017f636145beb84c1829a6030f4a895a56b8d141f743c9189a71387893f785804f85927a23ccd79c432ab686b621ec91706ef082b4ea4fa608ce2daca0d2e2e07ff51e6a8fdc22f1c8ee5ae53720f93b4547704fae580e5560e3c7b1ac2a38ffc294d3c96635e3b919339394843c8a171c7d12ceb9c0a11be25783694b177b399e7a495538e293a59d3ab44b176afed6894aa0e501d9b98981be3f2057bf6c9869403a34cb83ad57150c674301f39524a026f3608a3414287bc4e507355823c6f8640bb803a392fb8847023d1db3c39753e72414682c617de9bd0d5b6a55d46004d49f20d2f8f53cdd8eb11402f7895cd7c01b4964fd005c564b0b0e156969ccde818dda3a7cae02d1d3af95081e6549f28976fa81b5e90fbb0a62fea850ffaf0220132189c11a74996261f6de6001c50364f08c4f48fd46a0417ec8ee4d003efeead64b87d64b43cd6868f365e72e26dd9f5f9f74d135f64464cb38dd62051ae70c5a4daabebe700eb9b290b8ed4142db0090219e6186f8f71fa8fe1ebe42f621b8eed182ee8ad0401f0a3530fd48e4d1eb2637f1fbd2a7032b0f85715203c12ab8ff48131bc4ff28272b57119a76bc0b30fef5294c23c0b2bcadfbba37a00502b5e43d72148d9acc7cb7cb39dc830cd6f30262a09eecf29d1055c2edc3926cfd5076aa5f9f172ed145359fc974ca5ded652433d212607bed155df1aff269414548a39a644b6ce927de5de6e6750575c4fd7ea7fe10b1e51fde6975c0c23fc012a8b12fe3fa64e972e4e09eafea165ae5c1ffc9d761e1314a781959c223b96eefde0f4f45c7ac032a8d3f1bd304114c3329a3e4966eddcc8d44ae70bad2932f963100955e2d2d487347c2aa8356bc6bc3c84e418163c758f1372246884e6d80d87d7ab3fe660dda13ada65f200b4fb365223b93bbc29493ae6dbbbb1823edb8e9f045b60414edab955e1046b67a8d4908ab08ad90216125d2ffd8c7814a9a4940df0a653b1cf53cf456412228445ebc8e1584adfe13207ff24fe602e2a506218710483b5544347a3d515b7d2ddcaa1bb7ae3578841918a8ed00659d5f260d23ae17a9ffc77f79758844586fe53517097838a92dde8873e8be1cd5934f1a4bfdd9d0b5725b811c4a2c121b7729946993a736bd195c55684ea680304af4844a1b2f74e2c2b2ccaeceb00b9c2c515b70912efb27643c5624025e358b44853cc0efddc103ee514471af902cd9b68f102c95a91d2b825b473ce842e6367b0b7305ce8be6f9c812abe860bb632e00b69a0370e5c8f9ba0cebbcbe1b9276949c303a4e9e3b6db37a0716520c07512192364abb58399fca973a1b32106096eda8bb85745562e8a35c5e917fdf858091a4c29d6549e10098d6b205fc5cad546fe07b3a70756cf7079c88f3708f0c8527002b99e80cbd584a3737fb37953cd6dccf21add4d4b6e65894490840c008578737d5e208649d1cd34beb403c2226300297853a29cf6c661b426c13306575d81f6fd21712e0ec4366013883b95a71d5094acbf156e42de11cb873744983ec1ff9cfbee2278053b8b4e523388bd41dfd3c2ecaacc5d9d2958bbfa94f4bd0ac1c61c98ab295dd5c69020f1329818df9a2aa88ced03f4e6a4d1f8cb020afcd2384e65511ddeb908ba0c13a03dd32e8d4ccf0246008f35ef5184f81b8fed73b4aae4998bd8c7d784210042247d39396ba881bf43555d0ec58deede7b4729e79d31b2a346527594ca3a47a1723a792a701dc18d0124365e2c4a4fefed48c29a9f2fc747b302eaf92a100b2da211c91de4ab79d4aede483d852635c6f14d38095a5739d475c7aa67fdd54767a056eeb3098dfd8d1c21f32e76f0247f04118448273586856e641b83f540a643e72dc15804b78bac475f39e23291798aa45a2c10aa5fef2d5e4d7b8f529a66535d11c6149e9797f2fcce2804f2a5370345e98b0c02c7dd27135d414fe72f0740423920d68b64f6b8c05788c6693ee1b9abb5d4593a970dc3ee2528765fb739964f4fed7200d7e796a9f3d0d60834e638dd8c29d4e85011e4ba4f127fe765954a5b5bb5d1cc69f2376599d5a3e8c30714893f763c06061072c10cb0eee17eb2a2514acc584b04e169d4a33a330367bb725ff9462f5d50282a2e393293eec8ea1eaab8217cc108798a4a57eccdb00647ab9f07318993f7c59c395a93cbd681d0a967a56e3f13c832c48dcc0d0096870b0d51b754e70b12a849b6f376923f7f7d909f64d64e1d6e338d39166b725265b96ed21e36b12057148d66e5df04b7b734ed0957d47fde172be2473b9ac6fdb823abe3e11ec69a170a14511d5572d6c0d9f6b749acad7003f0567bb6f9381649e42d02764077330d5af3d93185968a9f8dfed16c4a7c768a2bb98304946a557182c0ce93e82b340074e384cc6bd6129483386c654a6ab3bb12fe8e86adafa93f218fdf5019c09292858acd8ef7aa6a78e3f846215856d630ae9c5fc4009693b2767ea55c469f9099693287b35d43ee0f7a5baf3328d37b2c536f2abd6e21e472c105ae982cdd26a5a20562122e71efb1486c28d9409c3114b608f297695958c5604cf0918c0c70c56c79170260d73bde297e47cae1c404cca0a96eed51a2dc8f6f6ad862fe767ee5b5e68f231096825d935b809b3c1b5d9a2cd76cae22652bed7d263b42612ed717eba0aaf2a3989c4520c402d29428010000000000000062fb3fdd073b91d4e2f6895fba9639ee78bd8ccb5bc3ce442fbeb9a1521314b82804293159fd7df4db66b78a06fe93e705bbc4e0d294a787c3cbf271b2acd15e7b4998c822f7724d3191e2265bd0d694dfb08063c9ff26a424884b46e26b5560d756c114ad1a7b92eee3f49dc2883b604ecc49c5ce92ce467778301326588a6577d44758e8d90710248d110dbf3d3d568779bd1c616369f84619dd089e38b51634f7c5d2ac9f1547a342877815a3864ad70b68b196bde9d810512f411d5235633ef65088788dfa3f152df7cee3a0803f6ac7ae192301dec07ff870ff3d7cf1c09cc9093263b225d01222376531007af9e6fb96e5ccaa8274f70adc786db7f33a20a752717b56b9a03bfce15a1aacd78c4adf8bdf41de8aaf421684c27526088c54322b5eea9175ef9c574c1f873218cc6f5df233892d7d5b0b0649ffc5a1c4909f2967a8c1f15b419ecde0448f071fa71e553f4f12cfa5e35022e75ddc5509edddc3de82d9097759b27f7c24776702e0ff64559281f796f11c1a9c77a156f390d2d18d1759b6be0347eb5bb4df912e9cfafa0db3be3243bacb378ca0946cece695a8099d6d7a24fc8bcca4c09695e3208f17f00bf404f6eb7852dfe73c163a19fd4e890e0edd5c7a727984b6f47a952373b95200bba061756c699c218b52c265b22bcd5cb24fdf056621fdd2126cede171e435320ca34e56e4c82a2afc9a59d3bf4647877658b6f23a6484f37acd8e2e184926993b5d1bbe6cdba64f486b4fb41bb94a644140540894f8fc14e585bc8beae88eabf926add289c82eb8cea99743baed842d76eb5c5573f7a7f3f2693960d6bfed697b5619afd942f41689dbd281a35e32478ba3a388dada82a2f4164481aa6a8f3946a84ea6186b20ce388c202be42996ae90feec7258d4a4a276353df84c96b160ac003d81cf395c0e61b0f0a9e692c32fab307f754cae5de7716a00cb96160cd39c931f4885d612862cecf6ba76502c9d266f97e4cf6cf0a16f787788e5471458a0dc24d3f2a28caa0f7ee00cf8bb113bd9c2b086037d765b5ec9a849df6f482fc01b48261e44299b0bc88321d837b6e2d221ebf2996b4140cd82e531de27f8de445f31c64469a5a145b031cd2569d19e27369c31ec63a989f0c9aaba7cc9d36d652001d40004f83a90d6465854f31bf15d1ef6bff4c02d60b948a37e3f50d250d7f85f545f507014aae5a35908283168c034f654acbb9d0fc261671d612e3d74261653e69e5e9cf7c8fda298b4d6c879cbbb97eafe648ba70150599089d65c1fdc0d5af879a2d46a443ac6dd21b33f72510742db4faf7eeb1580580ffe26e2d5ff", 0x1000}, 0x1006)

[  214.764800][ T3440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  214.800738][ T3440] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  214.825441][ T3440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  214.834461][ T3440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  214.845364][ T3440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  214.878432][ T3440] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  214.903603][ T3440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  214.914860][ T3440] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  214.937119][ T3440] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  214.950215][ T9074] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  214.979338][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  214.988018][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  214.997185][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  215.008336][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  215.017272][   T17] bridge0: port 1(bridge_slave_0) entered blocking state
[  215.024351][   T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[  215.032762][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  215.042293][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  215.051334][   T17] bridge0: port 2(bridge_slave_1) entered blocking state
[  215.058707][   T17] bridge0: port 2(bridge_slave_1) entered forwarding state
[  215.067311][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
07:22:33 executing program 1:
ptrace(0xffffffffffffffff, 0x0)
syz_open_pts(0xffffffffffffffff, 0x0)
ioctl(0xffffffffffffffff, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
add_key$user(0x0, 0x0, &(0x7f00000001c0), 0x0, 0xfffffffffffffffe)
lremovexattr(&(0x7f0000000500)='./file1\x00', &(0x7f0000000540)=@random={'system.', '}(posix_acl_access-\x00'})
keyctl$KEYCTL_PKEY_VERIFY(0x1c, 0x0, 0x0, 0x0, 0x0)
keyctl$link(0x8, 0x0, 0x0)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz'}, &(0x7f0000000a80), 0xfffffffffffffffd)
rmdir(0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0xb2)
syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0xacc4e2, 0x0)
write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, 0x0, 0x262)
add_key$keyring(&(0x7f0000000280)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffb)
syz_open_procfs(0x0, &(0x7f0000000140)='net/ip_tables_matches\x00')

[  215.076327][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  215.085595][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  215.103659][ T9081] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  215.113850][ T9081] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  215.152109][ T9081] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  215.181297][ T9081] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  215.191852][ T9081] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  215.208757][ T9081] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  215.219256][ T9081] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  215.230597][ T9081] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  215.243365][ T9081] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  215.262894][ T9076] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  215.277255][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  215.287338][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  215.309562][ T9074] 8021q: adding VLAN 0 to HW filter on device batadv0
[  215.375378][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  215.394157][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  215.410926][ T9166] EXT4-fs (sda1): re-mounted. Opts: 
[  215.423112][ T9076] 8021q: adding VLAN 0 to HW filter on device batadv0
07:22:33 executing program 4:
syz_mount_image$jfs(&(0x7f00000000c0)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB='gid=', @ANYRESHEX])

07:22:34 executing program 5:
r0 = socket$kcm(0x2b, 0x4000000000000001, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
socketpair(0x0, 0x0, 0x0, &(0x7f0000000380))

07:22:34 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
recvmmsg(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
set_mempolicy(0x0, 0x0, 0x0)
r1 = gettid()
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffff9c)
ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, 0x0)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040))
rt_tgsigqueueinfo(0x0, 0x0, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0)
ioctl$EXT4_IOC_SWAP_BOOT(0xffffffffffffffff, 0x6611)
tkill(r1, 0x1000000000016)

07:22:34 executing program 0:
open(&(0x7f0000002bc0)='./file0\x00', 0x40c2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup2(r1, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
pipe2$9p(&(0x7f0000000240)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r4, &(0x7f0000000440)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75a4e0159f860e33823bf47843535af3a818d057ef622662eeb208b33f209975e2c24316681233fc626ba2af632dc3150afd5f944599"], 0x4a)
r5 = dup(r4)
write$FUSE_BMAP(r5, &(0x7f0000000000)={0x18}, 0x18)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
write$FUSE_NOTIFY_RETRIEVE(r5, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

07:22:34 executing program 2:
r0 = socket(0x1, 0x1, 0x0)
setsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0xffffffffffffffd1)
r1 = gettid()
getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
setsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, 0x0, 0x0)
setsockopt$inet_buf(r0, 0x0, 0x0, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0)
ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, 0x0)
ioctl$TIOCSWINSZ(0xffffffffffffffff, 0x5414, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0)
tkill(r1, 0x1000000000016)

07:22:34 executing program 1:
ptrace(0xffffffffffffffff, 0x0)
syz_open_pts(0xffffffffffffffff, 0x0)
ioctl(0xffffffffffffffff, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
add_key$user(0x0, 0x0, &(0x7f00000001c0), 0x0, 0xfffffffffffffffe)
lremovexattr(&(0x7f0000000500)='./file1\x00', &(0x7f0000000540)=@random={'system.', '}(posix_acl_access-\x00'})
keyctl$KEYCTL_PKEY_VERIFY(0x1c, 0x0, 0x0, 0x0, 0x0)
keyctl$link(0x8, 0x0, 0x0)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz'}, &(0x7f0000000a80), 0xfffffffffffffffd)
rmdir(0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0xb2)
syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0xacc4e2, 0x0)
write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, 0x0, 0x262)
add_key$keyring(&(0x7f0000000280)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffb)
syz_open_procfs(0x0, &(0x7f0000000140)='net/ip_tables_matches\x00')

07:22:34 executing program 4:
syz_mount_image$reiserfs(&(0x7f0000000000)='reiserfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001380)={[{@usrjquota_file='usrjquota=syz'}]})

[  215.889181][   T26] kauditd_printk_skb: 3 callbacks suppressed
[  215.889206][   T26] audit: type=1800 audit(1573024954.109:31): pid=9206 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=16545 res=0
07:22:34 executing program 5:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = socket(0xa, 0x2, 0x0)
r2 = dup2(r0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f00000000c0)={0x0, 0x0, 0xfffffffffffffffc}, 0x4)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000006000000bfa30000000000000703000000feffff7a0af0fff8ffe5ff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000002b230000575d9c556f2c50c4bca2a2cb5a39bc4a49f4f59e0a362871e348a049a2701bddd2ea4a53cf6b6ba856eaf37074e12934ed06d6762fed8dfda3caa0a82648f4fbcfff000000002730d192b0119454776e23047326eaa0ece94002f50ae63f9f760581df62474533b9b700d266e68727b75af98acc432a711efcdcb12239f3d03f91d63c9c5fe51cd7fdafafb9876f7a8942b18fb680cd07000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x64}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r4, 0x1800000000000060, 0xcc0, 0x0, &(0x7f0000000000)="b90703e6680d698cb89e15f02cea", 0x0, 0x100}, 0x28)

07:22:34 executing program 3:
getresgid(&(0x7f00000006c0)=<r0=>0x0, &(0x7f0000000700), &(0x7f0000000740))
syz_mount_image$jfs(&(0x7f00000000c0)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=r0, @ANYBLOB=',grpquota,nodiscard,a'])

07:22:34 executing program 2:
r0 = socket(0x200000000010, 0x0, 0x0)
mkdir(&(0x7f0000000b00)='./file0\x00', 0x0)
lgetxattr(0x0, 0x0, 0x0, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$DRM_IOCTL_IRQ_BUSID(0xffffffffffffffff, 0xc0106403, 0x0)
r2 = dup3(r1, 0xffffffffffffffff, 0x0)
recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000640)='nsfs\x00\xf1\xb07\xb0IF\xca\xc4&\xf1\r\x8a\x9d\x84\xf0\x0f9m\xc1\xa2\xc9\x9d\x01\xfbp\'\xfa\xf9\xceP?\xd1n\x9dQ\xff\xbb%\x88\xc4V4\xe40\x1a\n@\xdfw\xa5\xec\tAi\x19\xef\xde\xae\xb5\x949h\x91\xff\xd6V\x82\xb9*\xd0\xa9\xf4\xd2\x17\xfcD\t\x84\xb3y\x9b\x93\xc6\xa1\xceU\xd2\x0f~\xe1\x1cS\xd7Q\xedz\x18\xbeN\x84\xea\v)\aD\xae6\xe5\xf5\xe2D\xcc\x0fv\xc2nE\x8eX\x05\a\x17~\x90', 0x6048ac87bcab9e67, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000540)='TIPCv2\x00')
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000340)={@loopback, @initdev}, &(0x7f0000000380)=0xc)
add_key(0x0, &(0x7f0000000480)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0)
request_key(&(0x7f00000004c0)='cifs.spnego\x00', 0x0, 0x0, 0xffffffffffffffff)
clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
setsockopt$inet_sctp_SCTP_AUTOCLOSE(0xffffffffffffffff, 0x84, 0x4, 0x0, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000080), &(0x7f0000000300), 0x8)
perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x700, &(0x7f0000000000))
fsetxattr(r0, &(0x7f00000000c0)=@known='system.sockprotoname\x00', &(0x7f0000000140)='wlan1#wlan0!(nodevppp0vboxnet1wlan1[posix_acl_accessmd5sum\x00', 0x3b, 0x1)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_INTERVAL(r2, 0xc040564b, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(0xffffffffffffffff, 0x408c5333, &(0x7f0000000900)={0x0, 0x0, 0x380000000000000, 'queue1\x00'})
sendmsg$TIPC_CMD_DISABLE_BEARER(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=ANY=[@ANYBLOB="0000ce1105bb9346e8bcf404a37c", @ANYRES16, @ANYBLOB="01fb0000000000000002410000000c060000000000000000000000f26aa2e300f89bee7e248817616400000000002fae3d66cfe400"/68], 0x3}}, 0x0)

07:22:34 executing program 1:
ptrace(0xffffffffffffffff, 0x0)
syz_open_pts(0xffffffffffffffff, 0x0)
ioctl(0xffffffffffffffff, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
add_key$user(0x0, 0x0, &(0x7f00000001c0), 0x0, 0xfffffffffffffffe)
lremovexattr(&(0x7f0000000500)='./file1\x00', &(0x7f0000000540)=@random={'system.', '}(posix_acl_access-\x00'})
keyctl$KEYCTL_PKEY_VERIFY(0x1c, 0x0, 0x0, 0x0, 0x0)
keyctl$link(0x8, 0x0, 0x0)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz'}, &(0x7f0000000a80), 0xfffffffffffffffd)
rmdir(0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0xb2)
syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0xacc4e2, 0x0)
write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, 0x0, 0x262)
add_key$keyring(&(0x7f0000000280)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffb)
syz_open_procfs(0x0, &(0x7f0000000140)='net/ip_tables_matches\x00')

[  216.086586][ T9225] REISERFS warning (device loop4): super-6502 reiserfs_getopt: unknown mount option ""
[  216.254507][ T9225] REISERFS warning (device loop4): super-6502 reiserfs_getopt: unknown mount option ""
[  216.277535][ T9236] jfs: Unrecognized mount option "a" or missing value
07:22:34 executing program 5:
r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000940)={{0x44}})

[  216.435018][ T9243] FS-Cache: Duplicate cookie detected
[  216.440795][ T9243] FS-Cache: O-cookie c=00000000fc9bbfbd [p=00000000ed6f38a8 fl=222 nc=0 na=1]
[  216.449743][ T9243] FS-Cache: O-cookie d=0000000081414bda n=000000005c9dd617
[  216.457004][ T9243] FS-Cache: O-key=[10] '02000200000002000000'
[  216.463169][ T9243] FS-Cache: N-cookie c=0000000031694cff [p=00000000ed6f38a8 fl=2 nc=0 na=1]
[  216.471917][ T9243] FS-Cache: N-cookie d=0000000081414bda n=00000000696b79a5
[  216.479191][ T9243] FS-Cache: N-key=[10] '02000200000002000000'
07:22:34 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x80000001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
syz_open_dev$amidi(0x0, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c)
r1 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00')
sendfile(r0, r1, 0x0, 0xa808)

07:22:34 executing program 5:
r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000940)={{0x44}})

07:22:34 executing program 2:
r0 = socket(0x200000000010, 0x0, 0x0)
mkdir(&(0x7f0000000b00)='./file0\x00', 0x0)
lgetxattr(0x0, 0x0, 0x0, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$DRM_IOCTL_IRQ_BUSID(0xffffffffffffffff, 0xc0106403, 0x0)
r2 = dup3(r1, 0xffffffffffffffff, 0x0)
recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000640)='nsfs\x00\xf1\xb07\xb0IF\xca\xc4&\xf1\r\x8a\x9d\x84\xf0\x0f9m\xc1\xa2\xc9\x9d\x01\xfbp\'\xfa\xf9\xceP?\xd1n\x9dQ\xff\xbb%\x88\xc4V4\xe40\x1a\n@\xdfw\xa5\xec\tAi\x19\xef\xde\xae\xb5\x949h\x91\xff\xd6V\x82\xb9*\xd0\xa9\xf4\xd2\x17\xfcD\t\x84\xb3y\x9b\x93\xc6\xa1\xceU\xd2\x0f~\xe1\x1cS\xd7Q\xedz\x18\xbeN\x84\xea\v)\aD\xae6\xe5\xf5\xe2D\xcc\x0fv\xc2nE\x8eX\x05\a\x17~\x90', 0x6048ac87bcab9e67, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000540)='TIPCv2\x00')
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000340)={@loopback, @initdev}, &(0x7f0000000380)=0xc)
add_key(0x0, &(0x7f0000000480)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0)
request_key(&(0x7f00000004c0)='cifs.spnego\x00', 0x0, 0x0, 0xffffffffffffffff)
clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
setsockopt$inet_sctp_SCTP_AUTOCLOSE(0xffffffffffffffff, 0x84, 0x4, 0x0, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000080), &(0x7f0000000300), 0x8)
perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x700, &(0x7f0000000000))
fsetxattr(r0, &(0x7f00000000c0)=@known='system.sockprotoname\x00', &(0x7f0000000140)='wlan1#wlan0!(nodevppp0vboxnet1wlan1[posix_acl_accessmd5sum\x00', 0x3b, 0x1)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_INTERVAL(r2, 0xc040564b, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(0xffffffffffffffff, 0x408c5333, &(0x7f0000000900)={0x0, 0x0, 0x380000000000000, 'queue1\x00'})
sendmsg$TIPC_CMD_DISABLE_BEARER(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=ANY=[@ANYBLOB="0000ce1105bb9346e8bcf404a37c", @ANYRES16, @ANYBLOB="01fb0000000000000002410000000c060000000000000000000000f26aa2e300f89bee7e248817616400000000002fae3d66cfe400"/68], 0x3}}, 0x0)

[  216.683464][ T9269] kasan: CONFIG_KASAN_INLINE enabled
[  216.690719][ T9246] EXT4-fs (sda1): re-mounted. Opts: 
[  216.702223][ T9269] kasan: GPF could be caused by NULL-ptr deref or user memory access
[  216.712399][ T9269] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[  216.712565][ T4001] kobject: 'loop4' (00000000b519e7a1): kobject_uevent_env
[  216.719355][ T9269] CPU: 1 PID: 9269 Comm: syz-executor.3 Not tainted 5.4.0-rc6-next-20191105 #0
[  216.719366][ T9269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  216.719392][ T9269] RIP: 0010:pagemap_pmd_range+0x83/0x1e40
[  216.719408][ T9269] Code: c1 ea 03 80 3c 02 00 0f 85 ef 1a 00 00 48 8b 43 18 49 8d 7f 40 48 89 fa 48 c1 ea 03 48 89 45 c8 48 b8 00 00 00 00 00 fc ff df <80> 3c 02 00 0f 85 be 1a 00 00 49 8b 5f 40 be 08 00 00 00 4c 8d ab
[  216.719422][ T9269] RSP: 0018:ffff88805c787288 EFLAGS: 00010202
[  216.776868][ T9269] RAX: dffffc0000000000 RBX: ffff88805c787438 RCX: ffffc9000c5a4000
[  216.784848][ T9269] RDX: 0000000000000008 RSI: ffffffff81dd1b94 RDI: 0000000000000040
[  216.792865][ T9269] RBP: ffff88805c787300 R08: ffff88805c778240 R09: ffffed10145301da
[  216.801112][ T9269] R10: ffffed10145301d9 R11: ffff8880a2980ecb R12: ffff8880911c7010
[  216.805973][ T4001] kobject: 'loop4' (00000000b519e7a1): fill_kobj_path: path = '/devices/virtual/block/loop4'
[  216.809116][ T9269] R13: 0000000000600000 R14: 00000000005fffff R15: 0000000000000000
07:22:34 executing program 0:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x27, &(0x7f00000004c0)=ANY=[@ANYBLOB="85000000070000002500000000000000950000000000000067e8f7150fcd34cfa572170d70f0661c392ece1cb9e901020a7b61a2adc7a79312eac99327279c87455bfa08a5cfde2a21a1adfc51e0d98e0258454e361cc0384db24607e843930c419bf6112c35598de30d59c78ac9b9610634123725270000000000000000a35c1f30de86fc055572a086d2acdf9e8158b5048a6d5648da81d3e439a4f0956d78bee726e5bfc1700defb39f9524e237046064460d6f5bd7cf9dfeb3772d8442870fa135233429a83c858acc85fbeb3568fb52c0430476f837f18e4d0c4ddadc648f5ef43f0ab9fac76951eb08db6b4a5b56341d8c0d9bbbf60f3c52b98fe4872f47074c7860edacabb9828582d56ef6d7b545560ebceee4f65fd8924ff7f045ac94923ffadc05142ad152bf9d5d39b40d5e5fa2206aa821267ad48b3f"], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
r2 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000004c0)=ANY=[@ANYBLOB="85000000070000002500000000000000950000000000000067e8f7150fcd34cfa572170d70f0661c392ece1cb9e901020a7b61a2adc7a79312eac99327279c87455bfa08a5cfde2a21a1adfc51e0d98e0258454e361cc0384db24607e843930c419bf6112c35598de30d59c78ac9b9610634123725270000000000000000a35c1f30de86fc055572a086d2acdf9e8158b5048a6d5648da81d3e439a4f0956d78bee726e5bfc1700defb39f9524e237046064460d6f5bd7cf9dfeb3772d8442870fa135233429a83c858acc85fbeb3568fb52c0430476f837f18e4d0c4ddadc648f5ef43f0ab9fac76951eb08db6b4a5b56341d8c0d9bbbf60f3c52b98fe4872f47074c7860edacabb9828582d56ef6d7b545560ebceee4f65fd8924ff7f045ac94923ffadc05142ad152bf9d5d39b40d5e5fa2206aa821267ad48b3f"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3)
r4 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000004c0)=ANY=[@ANYBLOB="85000000070000002500000000000000950000000000000067e8f7150fcd34cfa572170d70f0661c392ece1cb9e901020a7b61a2adc7a79312eac99327279c87455bfa08a5cfde2a21a1adfc51e0d98e0258454e361cc0384db24607e843930c419bf6112c35598de30d59c78ac9b9610634123725270000000000000000a35c1f30de86fc055572a086d2acdf9e8158b5048a6d5648da81d3e439a4f0956d78bee726e5bfc1700defb39f9524e237046064460d6f5bd7cf9dfeb3772d8442870fa135233429a83c858acc85fbeb3568fb52c0430476f837f18e4d0c4ddadc648f5ef43f0ab9fac76951eb08db6b4a5b56341d8c0d9bbbf60f3c52b98fe4872f47074c7860edacabb9828582d56ef6d7b545560ebceee4f65fd8924ff7f045ac94923ffadc05142ad152bf9d5d39b40d5e5fa2206aa821267ad48b3f"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48)
ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r5)

07:22:34 executing program 4:
syz_mount_image$reiserfs(&(0x7f0000000000)='reiserfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001380)={[{@usrjquota_file='usrjquota=syz'}]})

07:22:34 executing program 5:
r0 = socket(0x200000000010, 0x0, 0x0)
mkdir(&(0x7f0000000b00)='./file0\x00', 0x0)
lgetxattr(0x0, 0x0, 0x0, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$DRM_IOCTL_IRQ_BUSID(0xffffffffffffffff, 0xc0106403, 0x0)
r2 = dup3(r1, 0xffffffffffffffff, 0x0)
recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000640)='nsfs\x00\xf1\xb07\xb0IF\xca\xc4&\xf1\r\x8a\x9d\x84\xf0\x0f9m\xc1\xa2\xc9\x9d\x01\xfbp\'\xfa\xf9\xceP?\xd1n\x9dQ\xff\xbb%\x88\xc4V4\xe40\x1a\n@\xdfw\xa5\xec\tAi\x19\xef\xde\xae\xb5\x949h\x91\xff\xd6V\x82\xb9*\xd0\xa9\xf4\xd2\x17\xfcD\t\x84\xb3y\x9b\x93\xc6\xa1\xceU\xd2\x0f~\xe1\x1cS\xd7Q\xedz\x18\xbeN\x84\xea\v)\aD\xae6\xe5\xf5\xe2D\xcc\x0fv\xc2nE\x8eX\x05\a\x17~\x90', 0x6048ac87bcab9e67, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000540)='TIPCv2\x00')
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000340)={@loopback, @initdev}, &(0x7f0000000380)=0xc)
add_key(0x0, &(0x7f0000000480)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0)
request_key(&(0x7f00000004c0)='cifs.spnego\x00', 0x0, 0x0, 0xffffffffffffffff)
clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
setsockopt$inet_sctp_SCTP_AUTOCLOSE(0xffffffffffffffff, 0x84, 0x4, 0x0, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000080), &(0x7f0000000300), 0x8)
perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x700, &(0x7f0000000000))
fsetxattr(r0, &(0x7f00000000c0)=@known='system.sockprotoname\x00', &(0x7f0000000140)='wlan1#wlan0!(nodevppp0vboxnet1wlan1[posix_acl_accessmd5sum\x00', 0x3b, 0x1)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_INTERVAL(r2, 0xc040564b, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(0xffffffffffffffff, 0x408c5333, &(0x7f0000000900)={0x0, 0x0, 0x380000000000000, 'queue1\x00'})
sendmsg$TIPC_CMD_DISABLE_BEARER(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=ANY=[@ANYBLOB="0000ce1105bb9346e8bcf404a37c", @ANYRES16, @ANYBLOB="01fb0000000000000002410000000c060000000000000000000000f26aa2e300f89bee7e248817616400000000002fae3d66cfe400"/68], 0x3}}, 0x0)

07:22:35 executing program 2:
r0 = socket(0x200000000010, 0x0, 0x0)
mkdir(&(0x7f0000000b00)='./file0\x00', 0x0)
lgetxattr(0x0, 0x0, 0x0, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$DRM_IOCTL_IRQ_BUSID(0xffffffffffffffff, 0xc0106403, 0x0)
r2 = dup3(r1, 0xffffffffffffffff, 0x0)
recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000640)='nsfs\x00\xf1\xb07\xb0IF\xca\xc4&\xf1\r\x8a\x9d\x84\xf0\x0f9m\xc1\xa2\xc9\x9d\x01\xfbp\'\xfa\xf9\xceP?\xd1n\x9dQ\xff\xbb%\x88\xc4V4\xe40\x1a\n@\xdfw\xa5\xec\tAi\x19\xef\xde\xae\xb5\x949h\x91\xff\xd6V\x82\xb9*\xd0\xa9\xf4\xd2\x17\xfcD\t\x84\xb3y\x9b\x93\xc6\xa1\xceU\xd2\x0f~\xe1\x1cS\xd7Q\xedz\x18\xbeN\x84\xea\v)\aD\xae6\xe5\xf5\xe2D\xcc\x0fv\xc2nE\x8eX\x05\a\x17~\x90', 0x6048ac87bcab9e67, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000540)='TIPCv2\x00')
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000340)={@loopback, @initdev}, &(0x7f0000000380)=0xc)
add_key(0x0, &(0x7f0000000480)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0)
request_key(&(0x7f00000004c0)='cifs.spnego\x00', 0x0, 0x0, 0xffffffffffffffff)
clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
setsockopt$inet_sctp_SCTP_AUTOCLOSE(0xffffffffffffffff, 0x84, 0x4, 0x0, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000080), &(0x7f0000000300), 0x8)
perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x700, &(0x7f0000000000))
fsetxattr(r0, &(0x7f00000000c0)=@known='system.sockprotoname\x00', &(0x7f0000000140)='wlan1#wlan0!(nodevppp0vboxnet1wlan1[posix_acl_accessmd5sum\x00', 0x3b, 0x1)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_INTERVAL(r2, 0xc040564b, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(0xffffffffffffffff, 0x408c5333, &(0x7f0000000900)={0x0, 0x0, 0x380000000000000, 'queue1\x00'})
sendmsg$TIPC_CMD_DISABLE_BEARER(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=ANY=[@ANYBLOB="0000ce1105bb9346e8bcf404a37c", @ANYRES16, @ANYBLOB="01fb0000000000000002410000000c060000000000000000000000f26aa2e300f89bee7e248817616400000000002fae3d66cfe400"/68], 0x3}}, 0x0)

[  216.809129][ T9269] FS:  00007f26dc9a8700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
[  216.809136][ T9269] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  216.809150][ T9269] CR2: 00000000007146b4 CR3: 00000000a4d97000 CR4: 00000000001406e0
[  216.850829][ T9269] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  216.858902][ T9269] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  216.866973][ T9269] Call Trace:
[  216.870292][ T9269]  ? smaps_pte_range+0x1460/0x1460
[  216.875401][ T9269]  __walk_page_range+0x10ff/0x1b40
[  216.880530][ T9269]  walk_page_range+0x1c5/0x3b0
[  216.885278][ T9269]  ? __walk_page_range+0x1b40/0x1b40
[  216.890709][ T9269]  ? security_capable+0x95/0xc0
[  216.895547][ T9269]  pagemap_read+0x4d1/0x650
[  216.900038][ T9269]  ? smaps_rollup_open+0x160/0x160
[  216.905136][ T9269]  ? retint_kernel+0x2b/0x2b
[  216.909734][ T9269]  do_iter_read+0x4a4/0x660
[  216.914232][ T9269]  ? dup_iter+0x260/0x260
[  216.918550][ T9269]  vfs_readv+0xf0/0x160
[  216.922823][ T9269]  ? retint_kernel+0x2b/0x2b
[  216.927531][ T9269]  ? compat_rw_copy_check_uvector+0x4c0/0x4c0
[  216.933782][ T9269]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  216.940020][ T9269]  ? iov_iter_get_pages_alloc+0x3ae/0x12f0
[  216.945929][ T9269]  ? memcpy_mcsafe_to_page+0x150/0x150
[  216.951456][ T9269]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  216.957169][ T9269]  ? iov_iter_pipe+0xba/0x2f0
[  216.961997][ T9269]  default_file_splice_read+0x482/0x8a0
[  216.967672][ T9269]  ? rcu_read_lock_held+0x9c/0xb0
[  216.972811][ T9269]  ? iter_file_splice_write+0xbe0/0xbe0
[  216.978353][ T9269]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[  216.984330][ T9269]  ? aa_path_link+0x340/0x340
[  216.988998][ T9269]  ? retint_kernel+0x2b/0x2b
[  216.993578][ T9269]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  216.999820][ T9269]  ? security_file_permission+0x8f/0x380
[  217.005452][ T9269]  ? __mutex_init+0xef/0x130
[  217.010025][ T9269]  ? iter_file_splice_write+0xbe0/0xbe0
[  217.015697][ T9269]  do_splice_to+0x127/0x180
[  217.020209][ T9269]  splice_direct_to_actor+0x2d3/0x970
[  217.025575][ T9269]  ? generic_pipe_buf_nosteal+0x10/0x10
[  217.031110][ T9269]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  217.037345][ T9269]  ? do_splice_to+0x180/0x180
[  217.042018][ T9269]  ? rw_verify_area+0x126/0x360
[  217.046851][ T9269]  do_splice_direct+0x1da/0x2a0
[  217.051692][ T9269]  ? splice_direct_to_actor+0x970/0x970
[  217.057226][ T9269]  ? rw_verify_area+0x126/0x360
[  217.062058][ T9269]  do_sendfile+0x597/0xd00
[  217.066479][ T9269]  ? do_compat_pwritev64+0x1c0/0x1c0
[  217.071770][ T9269]  __x64_sys_sendfile64+0x1dd/0x220
[  217.076952][ T9269]  ? __ia32_sys_sendfile+0x230/0x230
[  217.082220][ T9269]  ? do_syscall_64+0x26/0x760
[  217.086888][ T9269]  ? lockdep_hardirqs_on+0x421/0x5e0
[  217.092162][ T9269]  ? trace_hardirqs_on+0x67/0x240
[  217.097190][ T9269]  do_syscall_64+0xfa/0x760
[  217.101748][ T9269]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  217.107628][ T9269] RIP: 0033:0x45a219
[  217.111510][ T9269] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  217.131104][ T9269] RSP: 002b:00007f26dc9a7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  217.139556][ T9269] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a219
[  217.147521][ T9269] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004
[  217.155486][ T9269] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[  217.163453][ T9269] R10: 000000000000a808 R11: 0000000000000246 R12: 00007f26dc9a86d4
[  217.171422][ T9269] R13: 00000000004c7f94 R14: 00000000004de3b0 R15: 00000000ffffffff
[  217.179379][ T9269] Modules linked in:
[  217.193626][ T9269] ---[ end trace 8e9b2860fa05616e ]---
[  217.199897][ T9269] RIP: 0010:pagemap_pmd_range+0x83/0x1e40
[  217.205643][ T9269] Code: c1 ea 03 80 3c 02 00 0f 85 ef 1a 00 00 48 8b 43 18 49 8d 7f 40 48 89 fa 48 c1 ea 03 48 89 45 c8 48 b8 00 00 00 00 00 fc ff df <80> 3c 02 00 0f 85 be 1a 00 00 49 8b 5f 40 be 08 00 00 00 4c 8d ab
[  217.207272][ T9246] kobject: 'loop1' (0000000065366cea): kobject_uevent_env
[  217.226207][ T9269] RSP: 0018:ffff88805c787288 EFLAGS: 00010202
[  217.236857][ T9246] kobject: 'loop1' (0000000065366cea): fill_kobj_path: path = '/devices/virtual/block/loop1'
[  217.239217][ T9269] RAX: dffffc0000000000 RBX: ffff88805c787438 RCX: ffffc9000c5a4000
[  217.257635][ T9269] RDX: 0000000000000008 RSI: ffffffff81dd1b94 RDI: 0000000000000040
[  217.265745][ T9269] RBP: ffff88805c787300 R08: ffff88805c778240 R09: ffffed10145301da
[  217.274009][ T9269] R10: ffffed10145301d9 R11: ffff8880a2980ecb R12: ffff8880911c7010
[  217.283826][ T9269] R13: 0000000000600000 R14: 00000000005fffff R15: 0000000000000000
07:22:35 executing program 1:
ptrace(0xffffffffffffffff, 0x0)
syz_open_pts(0xffffffffffffffff, 0x0)
ioctl(0xffffffffffffffff, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
add_key$user(0x0, 0x0, &(0x7f00000001c0), 0x0, 0xfffffffffffffffe)
lremovexattr(&(0x7f0000000500)='./file1\x00', &(0x7f0000000540)=@random={'system.', '}(posix_acl_access-\x00'})
keyctl$KEYCTL_PKEY_VERIFY(0x1c, 0x0, 0x0, 0x0, 0x0)
keyctl$link(0x8, 0x0, 0x0)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz'}, &(0x7f0000000a80), 0xfffffffffffffffd)
rmdir(0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0xb2)
syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0xacc4e2, 0x0)
write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, 0x0, 0x262)
add_key$keyring(&(0x7f0000000280)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffb)
syz_open_procfs(0x0, &(0x7f0000000140)='net/ip_tables_matches\x00')

[  217.295985][ T9269] FS:  00007f26dc9a8700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
[  217.301218][ T4001] kobject: 'loop0' (00000000930767b5): kobject_uevent_env
[  217.319249][ T9269] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  217.326363][ T9269] CR2: 00000000007146b4 CR3: 00000000a4d97000 CR4: 00000000001406e0
[  217.338774][ T9269] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  217.350600][ T9269] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  217.358327][ T9278] kobject: 'loop4' (00000000b519e7a1): kobject_uevent_env
[  217.366829][ T9278] kobject: 'loop4' (00000000b519e7a1): fill_kobj_path: path = '/devices/virtual/block/loop4'
[  217.378244][ T9269] Kernel panic - not syncing: Fatal exception
[  217.385882][ T9269] Kernel Offset: disabled
[  217.390213][ T9269] Rebooting in 86400 seconds..