[   41.464129][   T25] audit: type=1800 audit(1572642056.799:22): pid=7199 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2480 res=0
[   41.491368][   T25] audit: type=1800 audit(1572642056.799:23): pid=7199 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rsyslog" dev="sda1" ino=2475 res=0
[   41.514985][   T25] audit: type=1800 audit(1572642056.799:24): pid=7199 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="sudo" dev="sda1" ino=2487 res=0
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.1.24' (ECDSA) to the list of known hosts.
2019/11/01 21:01:07 fuzzer started
2019/11/01 21:01:09 dialing manager at 10.128.0.105:41349
2019/11/01 21:01:10 syscalls: 2540
2019/11/01 21:01:10 code coverage: enabled
2019/11/01 21:01:10 comparison tracing: enabled
2019/11/01 21:01:10 extra coverage: extra coverage is not supported by the kernel
2019/11/01 21:01:10 setuid sandbox: enabled
2019/11/01 21:01:10 namespace sandbox: enabled
2019/11/01 21:01:10 Android sandbox: /sys/fs/selinux/policy does not exist
2019/11/01 21:01:10 fault injection: enabled
2019/11/01 21:01:10 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/11/01 21:01:10 net packet injection: enabled
2019/11/01 21:01:10 net device setup: enabled
2019/11/01 21:01:10 concurrency sanitizer: enabled
syzkaller login: [   65.193649][ T7361] KCSAN: could not find function: 'poll_schedule_timeout'
2019/11/01 21:01:25 adding functions to KCSAN blacklist: '__nf_conntrack_find_get' 'ktime_get_real_seconds' 'find_get_pages_range_tag' 'n_tty_receive_buf_common' 'kvm_write_tsc' 'wbt_issue' 'run_timer_softirq' 'add_timer' 'xas_find_marked' 'p9_poll_workfn' 'ext4_nonda_switch' 'add_timer_on' 'ext4_mark_iloc_dirty' '__hrtimer_run_queues' '__delete_from_page_cache' 'list_lru_count_one' 'shmem_getpage_gfp' 'ext4_free_inodes_count' 'rcu_gp_fqs_loop' 'snapshot_refaults' 'common_perm_cond' 'pipe_poll' 'tcp_poll' '__ext4_new_inode' 'dd_has_work' 'timer_clear_idle' 'tick_do_update_jiffies64' '__nf_ct_refresh_acct' 'blk_mq_get_request' 'do_nanosleep' 'ktime_get_seconds' 'icmp_global_allow' '__skb_wait_for_more_packets' '__rb_erase_color' 'kernfs_refresh_inode' 'mem_cgroup_select_victim_node' 'task_dump_owner' 'blk_mq_run_hw_queue' 'kauditd_thread' '__skb_try_recv_from_queue' 'rcu_gp_fqs_check_wake' 'tick_nohz_idle_stop_tick' 'fasync_remove_entry' 'osq_lock' 'ext4_free_inode' 'find_next_bit' 'poll_schedule_timeout' 'datagram_poll' 'ep_poll' 'generic_fillattr' 'generic_write_end' 'echo_char' 'blk_mq_dispatch_rq_list' 'tcp_add_backlog' 'vm_area_dup' 'process_srcu' '__find_get_block' 'mm_update_next_owner' 'install_new_memslots' 'generic_permission' 'iput' 'blk_mq_sched_dispatch_requests' 'shmem_file_read_iter' 'sit_tunnel_xmit' 'mod_timer' 'taskstats_exit' 'ext4_has_free_clusters' 'xas_clear_mark' 'pid_update_inode' 'tomoyo_supervisor' 'tick_sched_do_timer' 'copy_process' 'update_defense_level' '__acct_update_integrals' 'ksys_read' 
21:05:21 executing program 0:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vhost-vsock\x00', 0x2, 0x0)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@my=0x0})
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$int_in(r1, 0x5421, &(0x7f00000002c0)=0x8)
connect$vsock_dgram(r1, &(0x7f0000000640)={0x28, 0x0, 0x0, @my=0x0}, 0x10)

21:05:22 executing program 1:
getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff}, 0x111}}, 0x20)
write$RDMA_USER_CM_CMD_LISTEN(r2, &(0x7f0000000040)={0x7, 0x8, 0xfa00, {r3}}, 0x10)
write$RDMA_USER_CM_CMD_DESTROY_ID(r2, &(0x7f0000000200)={0x1, 0x10, 0xfa00, {&(0x7f0000000000), r3}}, 0x18)

[  306.650583][ T7365] IPVS: ftp: loaded support on port[0] = 21
[  306.801644][ T7365] chnl_net:caif_netlink_parms(): no params data found
[  306.858952][ T7368] IPVS: ftp: loaded support on port[0] = 21
[  306.872162][ T7365] bridge0: port 1(bridge_slave_0) entered blocking state
[  306.882379][ T7365] bridge0: port 1(bridge_slave_0) entered disabled state
[  306.890455][ T7365] device bridge_slave_0 entered promiscuous mode
[  306.909005][ T7365] bridge0: port 2(bridge_slave_1) entered blocking state
[  306.916070][ T7365] bridge0: port 2(bridge_slave_1) entered disabled state
[  306.924087][ T7365] device bridge_slave_1 entered promiscuous mode
21:05:22 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=@newlink={0x38, 0x10, 0xe3b, 0x0, 0x0, {}, [@IFLA_LINKMODE={0x8}, @IFLA_LINKINFO={0x10, 0x12, @sit={{0x8, 0x1, 'sit\x00'}, {0x4}}}]}, 0x38}}, 0x0)

[  306.971922][ T7365] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  306.988501][ T7365] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  307.034626][ T7365] team0: Port device team_slave_0 added
[  307.052265][ T7365] team0: Port device team_slave_1 added
[  307.065536][ T7368] chnl_net:caif_netlink_parms(): no params data found
[  307.183159][ T7365] device hsr_slave_0 entered promiscuous mode
21:05:22 executing program 3:
capset(&(0x7f00000000c0)={0x20080522}, &(0x7f0000000100))
prctl$PR_SET_SECUREBITS(0x1c, 0x0)

[  307.268781][ T7365] device hsr_slave_1 entered promiscuous mode
[  307.333667][ T7368] bridge0: port 1(bridge_slave_0) entered blocking state
[  307.340910][ T7368] bridge0: port 1(bridge_slave_0) entered disabled state
[  307.350781][ T7368] device bridge_slave_0 entered promiscuous mode
[  307.365717][ T7371] IPVS: ftp: loaded support on port[0] = 21
[  307.374331][ T7368] bridge0: port 2(bridge_slave_1) entered blocking state
[  307.387603][ T7368] bridge0: port 2(bridge_slave_1) entered disabled state
[  307.406087][ T7368] device bridge_slave_1 entered promiscuous mode
[  307.529132][ T7368] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  307.539278][ T7365] bridge0: port 2(bridge_slave_1) entered blocking state
[  307.546363][ T7365] bridge0: port 2(bridge_slave_1) entered forwarding state
[  307.553749][ T7365] bridge0: port 1(bridge_slave_0) entered blocking state
[  307.560896][ T7365] bridge0: port 1(bridge_slave_0) entered forwarding state
[  307.651510][ T7368] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  307.806747][ T3508] bridge0: port 1(bridge_slave_0) entered disabled state
[  307.829032][ T3508] bridge0: port 2(bridge_slave_1) entered disabled state
[  307.863523][ T7368] team0: Port device team_slave_0 added
[  307.898695][ T7365] 8021q: adding VLAN 0 to HW filter on device bond0
[  307.915736][ T7392] IPVS: ftp: loaded support on port[0] = 21
[  307.923266][ T7368] team0: Port device team_slave_1 added
[  307.984547][ T7365] 8021q: adding VLAN 0 to HW filter on device team0
[  308.022233][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  308.030772][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  308.079988][ T7393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  308.100530][ T7393] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  308.128911][ T7393] bridge0: port 1(bridge_slave_0) entered blocking state
[  308.136085][ T7393] bridge0: port 1(bridge_slave_0) entered forwarding state
21:05:23 executing program 4:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000000301ffff978fdb003d88c8f00010ae1b"], 0x14}}, 0x0)
recvmmsg(r0, &(0x7f00000013c0), 0x4a5, 0x200002, &(0x7f0000000c40)={0x77359400})

[  308.243150][ T7368] device hsr_slave_0 entered promiscuous mode
[  308.298733][ T7368] device hsr_slave_1 entered promiscuous mode
[  308.350018][ T7368] debugfs: Directory 'hsr0' with parent '/' already present!
[  308.361395][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  308.382412][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  308.430411][   T17] bridge0: port 2(bridge_slave_1) entered blocking state
[  308.437479][   T17] bridge0: port 2(bridge_slave_1) entered forwarding state
[  308.480690][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  308.521666][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  308.609669][ T7371] chnl_net:caif_netlink_parms(): no params data found
[  308.636424][ T7365] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  308.688449][ T7365] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  308.730351][ T7393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  308.749356][ T7393] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  308.790018][ T7393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  308.829248][ T7393] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  308.858672][ T7393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  308.867568][ T7393] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  308.929790][ T7393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  308.959029][ T7393] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  309.032387][ T7365] 8021q: adding VLAN 0 to HW filter on device batadv0
[  309.077209][ T7403] IPVS: ftp: loaded support on port[0] = 21
[  309.111369][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  309.133800][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  309.443695][ T7371] bridge0: port 1(bridge_slave_0) entered blocking state
[  309.456152][ T7371] bridge0: port 1(bridge_slave_0) entered disabled state
[  309.488510][ T7371] device bridge_slave_0 entered promiscuous mode
[  309.591708][ T7371] bridge0: port 2(bridge_slave_1) entered blocking state
[  309.621357][ T7371] bridge0: port 2(bridge_slave_1) entered disabled state
[  309.649484][ T7371] device bridge_slave_1 entered promiscuous mode
[  309.927174][ T7371] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  309.982946][ T7403] chnl_net:caif_netlink_parms(): no params data found
[  310.007897][ T7371] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  310.035698][ T7368] 8021q: adding VLAN 0 to HW filter on device bond0
[  310.086628][ T7392] chnl_net:caif_netlink_parms(): no params data found
[  310.155617][ T7368] 8021q: adding VLAN 0 to HW filter on device team0
[  310.190445][ T7371] team0: Port device team_slave_0 added
[  310.232260][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  310.251212][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  310.291865][ T7371] team0: Port device team_slave_1 added
[  310.343782][ T7403] bridge0: port 1(bridge_slave_0) entered blocking state
[  310.355404][ T7403] bridge0: port 1(bridge_slave_0) entered disabled state
[  310.381658][ T7403] device bridge_slave_0 entered promiscuous mode
[  310.412007][ T7392] bridge0: port 1(bridge_slave_0) entered blocking state
[  310.434651][ T7392] bridge0: port 1(bridge_slave_0) entered disabled state
[  310.459462][ T7392] device bridge_slave_0 entered promiscuous mode
[  310.482401][ T3508] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  310.502382][ T3508] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  310.537713][ T3508] bridge0: port 1(bridge_slave_0) entered blocking state
[  310.545160][ T3508] bridge0: port 1(bridge_slave_0) entered forwarding state
[  310.595177][ T3508] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  310.618942][ T3508] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  310.640903][ T3508] bridge0: port 2(bridge_slave_1) entered blocking state
[  310.647994][ T3508] bridge0: port 2(bridge_slave_1) entered forwarding state
[  310.682160][ T3508] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  310.746628][ T7403] bridge0: port 2(bridge_slave_1) entered blocking state
[  310.754351][ T7403] bridge0: port 2(bridge_slave_1) entered disabled state
[  310.789750][ T7403] device bridge_slave_1 entered promiscuous mode
[  310.796659][ T7392] bridge0: port 2(bridge_slave_1) entered blocking state
[  310.804231][ T7392] bridge0: port 2(bridge_slave_1) entered disabled state
[  310.829668][ T7392] device bridge_slave_1 entered promiscuous mode
[  310.868634][ T3508] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  310.889370][ T3508] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  310.902831][ T3508] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  310.922627][ T3508] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  310.932169][ T3508] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  310.941350][ T3508] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  310.954756][ T3508] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  310.963701][ T3508] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
21:05:26 executing program 0:
r0 = socket$inet(0x2, 0x2000080001, 0x84)
sendmsg$inet_sctp(r0, &(0x7f00000014c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001400)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x204}}], 0x30}, 0x0)

[  310.978548][ T3508] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
21:05:26 executing program 5:
r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x6, 0x0)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_GET_INFO(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0xa0031004}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x60, r1, 0x20, 0x70bd25, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x10000}, @IPVS_CMD_ATTR_DAEMON={0x14, 0x3, [@IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @local}]}, @IPVS_CMD_ATTR_DAEMON={0x28, 0x3, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'yam0\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x10000}]}, 0x60}, 0x1, 0x0, 0x0, 0x50811}, 0x2000c084)
r2 = syz_open_dev$dspn(&(0x7f00000001c0)='/dev/dsp#\x00', 0x17, 0x2000)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000200)={<r3=>0x0, @in={{0x2, 0x4e22, @remote}}, 0x2eac, 0xfffffffd, 0x8001, 0x7, 0x1000}, &(0x7f00000002c0)=0x98)
setsockopt$inet_sctp_SCTP_RTOINFO(r2, 0x84, 0x0, &(0x7f0000000300)={r3, 0x64, 0x2, 0x7}, 0x10)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000340)=<r4=>0x0)
capset(&(0x7f0000000380)={0x40100a44, r4}, &(0x7f00000003c0)={0x6, 0x4, 0x2, 0x7ff, 0x5, 0x2})
io_setup(0x7, &(0x7f0000000400)=<r5=>0x0)
r6 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000500)='/proc/capi/capi20ncci\x00', 0x701a00, 0x0)
r7 = open$dir(&(0x7f0000000800)='./file0\x00', 0x2000, 0x80)
r8 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000008c0)='/dev/btrfs-control\x00', 0x202, 0x0)
io_submit(r5, 0x5, &(0x7f0000000940)=[&(0x7f0000000540)={0x0, 0x0, 0x0, 0x8, 0xc5a, r0, &(0x7f0000000440)="141b7b3d89d51073324c5035833b6d7d988563d22a64cb67aec4ff0e042847e684587a8c5952db827e8c1a6f299b2a6138601a7a0549218b93a3e916979f46a17df6cc1068c95181baee5baad0950c14edd72870de4440fe876c0e0c2cdf8aec58b5682bdb8857461ed3dde3c0d8f3da20df15c39895356de070fe7cdbccb91db5d561ca67961f11a526918bcb877776f888fdb766a6a691d42fe894d050eb7dfd6fd175ce0806cb0999ea392c1133f2fe3542000204eee50b9d349a917686", 0xbf, 0x1779, 0x0, 0x1, r6}, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x753609aa2398d40f, 0x3ff, r2, &(0x7f0000000580)="e1a118a708cde9c96e4894b4f009c70ee560472bb98c1ca66b6d712dcdb3407c0a1251d2367b34f009d5e34a81eee3b12179167af9001f8b0a38aa5b1b033c5e08b4ac991c845566861bb9e16c2dbb4fbb5d7595010a40bcf47a93242070161a0803184a050eb2f75f5da4f1decfe959e1405303c54fb9fa1f9b8e8cf40f81458c216bb28cd5d0702cb2401a0e4334a999b64368bfe6081246484834", 0x9c, 0xff}, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x8, 0x3, 0xffffffffffffffff, &(0x7f0000000680)="95aebef23d79fda8626b74299cb8c427d60b264be2f3daf91d76b1c4cf2f6ac65be75d1987cfbbe640a0be81a6ac477d77efaacb54772616befa4b77a28e1424fac3929a967048da9fb94e17e7e7e3a929ec5cefccc2e91b138bbed0cd862f59365b768903c893f415b2a23291ed2b2870fb8fd785c8cdefc185370cc85943ed69ab1c1d05232efcc1a6104c52d0af0e058c7046bb7a710755dbee680198b2dbcefce86a4524cbd0a8e25240c4f762f72ba98442", 0xb4, 0xffffffff00000000}, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x8, 0x80, r2, &(0x7f0000000780), 0x0, 0x101, 0x0, 0x2}, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x2, 0x9, r7, &(0x7f0000000840)="e1ddab6cf0b27813eb9e43073d9056a6e1bfe3e414802d754cba6f885352f698c47be7c01f9a5c7ef12057e485a4b3c106232f06939c9a5e2ee63dede9a95d6d6355b5c12cfead1b695998d8511efe3c186a6e5b29426dc24d815b9f02ffd1b961881f797a273f821b8d5b5720b8606a6adb", 0x72, 0x30, 0x0, 0x0, r8}])
openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000980)='/proc/thread-self/attr/current\x00', 0x2, 0x0)
getsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f00000009c0), &(0x7f0000000a00)=0x4)
rt_sigpending(&(0x7f0000000a40), 0x8)
r9 = syz_open_dev$vbi(&(0x7f0000000a80)='/dev/vbi#\x00', 0x0, 0x2)
getsockopt$netlink(r9, 0x10e, 0x7, &(0x7f0000000ac0)=""/2, &(0x7f0000000b00)=0x2)
setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(0xffffffffffffffff, 0x84, 0xc, &(0x7f0000000b40)=0x7, 0x4)
ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0)
r10 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000b80)={0xa, 0x0, 0x0, @local}, &(0x7f0000000bc0)=0x1c, 0x80000)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000f00)={<r11=>0x0, @dev}, &(0x7f0000000f40)=0xc)
setsockopt$inet6_IPV6_IPSEC_POLICY(r10, 0x29, 0x22, &(0x7f0000000f80)={{{@in6=@local, @in=@local, 0x4e23, 0x9, 0x4e22, 0x0, 0x2, 0x120, 0x20, 0x89, r11, 0xee01}, {0x8, 0x5, 0x6, 0x7, 0x5, 0x0, 0x100000000, 0x9}, {0x3, 0x2, 0x6, 0x6}, 0x1, 0x6e6bc0, 0x0, 0x0, 0x2, 0x2}, {{@in6=@dev={0xfe, 0x80, [], 0x22}, 0x4d2, 0x6c}, 0x2, @in=@rand_addr=0x7f, 0x3505, 0x1, 0x0, 0x7, 0x1, 0xffffffff, 0x9}}, 0xe8)
r12 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000001080)='/proc/sys/net/ipv4/vs/sloppy_tcp\x00', 0x2, 0x0)
ioctl$KVM_SET_MP_STATE(r12, 0x4004ae99, &(0x7f00000010c0)=0x3)
r13 = openat(r0, &(0x7f0000001100)='./file0\x00', 0x1, 0x3a0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r13, 0xc4c85513, &(0x7f0000001140)={{0x2, 0x5, 0x5, 0x5, '\x00', 0x5}, 0x1, [0xffffffff850a00e2, 0x59, 0x9, 0x0, 0x7, 0x6e24, 0x400, 0x7fff, 0x7ff, 0x1, 0x8000, 0x8, 0x5, 0x3, 0x3, 0xff, 0x1, 0x7fffffff, 0x10001, 0x1, 0x3f, 0x6, 0x80000001, 0x7fff, 0x800, 0x3751, 0x7ff, 0xec2, 0x0, 0x63, 0x2, 0x1f, 0x10001, 0xe71, 0x0, 0x65d, 0x6, 0x28c2, 0x8, 0x0, 0x9, 0x81, 0x3, 0x5, 0x9, 0x100, 0x7fffffff, 0x200, 0x8001, 0x8, 0x3, 0x1, 0x81, 0x80000000, 0x6, 0x9, 0xc127, 0x9, 0xf2, 0x8, 0x100, 0x1, 0x7b9, 0x9, 0x1, 0x1, 0x5, 0x2, 0x4, 0x0, 0x0, 0x4, 0x3f, 0xaca0, 0x1, 0xfffffffffffffffe, 0x7, 0x8000, 0x0, 0x100000000, 0xfffffffffffffff7, 0x3, 0xeb66, 0xffffffffffffff9b, 0x1, 0x0, 0x3651, 0x3, 0x8, 0x7fffffff, 0x800, 0x99b, 0x8, 0x20000, 0x7fffffff, 0x7fffffff, 0x4, 0x7, 0x1, 0xd653574, 0x9, 0x20, 0xd10, 0x62f, 0x3, 0x9, 0x81, 0x2, 0x7, 0x2, 0x9f7, 0x1f, 0x9, 0x6c4, 0x101, 0x20, 0x1, 0x85, 0x8, 0x8, 0xfffffffffffffff7, 0x1fffe, 0x6, 0x7, 0xfffffffffffffffd, 0x6, 0x101, 0x80000001], {0x77359400}})
r14 = syz_open_dev$audion(&(0x7f0000001640)='/dev/audio#\x00', 0x6, 0x6fe8cb0d9e52e020)
r15 = dup(0xffffffffffffffff)
linkat(r14, &(0x7f0000001680)='./file0\x00', r15, &(0x7f00000016c0)='./file0\x00', 0x1000)

[  311.051808][ T7371] device hsr_slave_0 entered promiscuous mode
[  311.078688][ T7371] device hsr_slave_1 entered promiscuous mode
[  311.148556][ T7371] debugfs: Directory 'hsr0' with parent '/' already present!
[  311.218115][ T7398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  311.241376][ T7398] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
21:05:26 executing program 0:
r0 = socket$inet(0x2, 0x2000080001, 0x84)
sendmsg$inet_sctp(r0, &(0x7f00000014c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001400)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x204}}], 0x30}, 0x0)

[  311.287491][ T7368] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  311.375039][ T7403] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  311.435912][ T7392] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  311.503526][ T7403] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  311.534751][ T7392] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  311.633647][ T7368] 8021q: adding VLAN 0 to HW filter on device batadv0
21:05:27 executing program 0:
r0 = socket$inet(0x2, 0x2000080001, 0x84)
sendmsg$inet_sctp(r0, &(0x7f00000014c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001400)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x204}}], 0x30}, 0x0)

[  311.696200][ T7403] team0: Port device team_slave_0 added
[  311.790018][ T7403] team0: Port device team_slave_1 added
[  311.796932][ T7392] team0: Port device team_slave_0 added
[  311.850072][ T7392] team0: Port device team_slave_1 added
[  311.956748][ T7454] IPVS: ftp: loaded support on port[0] = 21
[  312.069622][ T7403] device hsr_slave_0 entered promiscuous mode
[  312.098752][ T7403] device hsr_slave_1 entered promiscuous mode
[  312.148426][ T7403] debugfs: Directory 'hsr0' with parent '/' already present!
[  312.201405][ T7392] device hsr_slave_0 entered promiscuous mode
[  312.238142][ T7392] device hsr_slave_1 entered promiscuous mode
21:05:27 executing program 0:
r0 = socket$inet(0x2, 0x2000080001, 0x84)
sendmsg$inet_sctp(r0, &(0x7f00000014c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001400)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x204}}], 0x30}, 0x0)

[  312.318457][ T7392] debugfs: Directory 'hsr0' with parent '/' already present!
[  312.811153][ T7371] 8021q: adding VLAN 0 to HW filter on device bond0
21:05:28 executing program 0:
r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0)
ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000080)={0xa925, 0x1d, 0x0, <r1=>0xffffffffffffffff})
r2 = dup(r1)
r3 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0)
r4 = dup(r1)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r3, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r3, 0xc00c642e, &(0x7f0000000040)={0x0, 0x0, r2})

[  313.038502][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  313.046683][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
21:05:28 executing program 1:
r0 = creat(&(0x7f0000000080)='./file0\x00', 0x4003)
write$binfmt_script(r0, &(0x7f0000000380)=ANY=[@ANYRESOCT=0x0], 0x17)
close(r0)
execve(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000340)='/dev/uinput\x00', 0x0, 0x0)
execve(&(0x7f0000000040)='./file0\x00', &(0x7f0000000540)=[&(0x7f0000000300)='/dev/uinput\x00'], 0x0)
execve(&(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000700)=[&(0x7f0000000600)='/dev/uinput\x00'])

[  313.147884][ T7392] 8021q: adding VLAN 0 to HW filter on device bond0
[  313.399852][ T7371] 8021q: adding VLAN 0 to HW filter on device team0
[  313.496584][ T7403] 8021q: adding VLAN 0 to HW filter on device bond0
[  313.603366][ T7392] 8021q: adding VLAN 0 to HW filter on device team0
[  313.651862][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
21:05:29 executing program 0:
socket(0x40000000015, 0x805, 0x0)
r0 = socket$inet6(0xa, 0x1, 0x8010000400000084)
bind$inet6(r0, &(0x7f0000ed3fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000925000)="e0", 0x1, 0x0, &(0x7f0000bb6000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0))
openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20\x00', 0x0, 0x0)
clock_gettime(0x0, &(0x7f0000000380))
pselect6(0x40, &(0x7f0000000180), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200), 0x0)

[  313.699005][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  313.733564][ T7454] chnl_net:caif_netlink_parms(): no params data found
[  313.892401][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  313.909216][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  313.917659][   T44] bridge0: port 1(bridge_slave_0) entered blocking state
[  313.924838][   T44] bridge0: port 1(bridge_slave_0) entered forwarding state
21:05:29 executing program 1:
r0 = creat(&(0x7f0000000080)='./file0\x00', 0x4003)
write$binfmt_script(r0, &(0x7f0000000380)=ANY=[@ANYRESOCT=0x0], 0x17)
close(r0)
execve(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000340)='/dev/uinput\x00', 0x0, 0x0)
execve(&(0x7f0000000040)='./file0\x00', &(0x7f0000000540)=[&(0x7f0000000300)='/dev/uinput\x00'], 0x0)
execve(&(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000700)=[&(0x7f0000000600)='/dev/uinput\x00'])

[  314.097056][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  314.175287][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  314.218678][    C0] hrtimer: interrupt took 32623 ns
[  314.248540][   T44] bridge0: port 2(bridge_slave_1) entered blocking state
[  314.255645][   T44] bridge0: port 2(bridge_slave_1) entered forwarding state
[  314.375457][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  314.453158][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  314.521656][   T44] bridge0: port 1(bridge_slave_0) entered blocking state
[  314.528774][   T44] bridge0: port 1(bridge_slave_0) entered forwarding state
[  314.609081][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  314.617875][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  314.749029][   T44] bridge0: port 2(bridge_slave_1) entered blocking state
[  314.756137][   T44] bridge0: port 2(bridge_slave_1) entered forwarding state
[  314.775336][ T7465] ==================================================================
[  314.783881][ T7465] BUG: KCSAN: data-race in __do_page_fault / do_task_stat
[  314.790981][ T7465] 
[  314.793349][ T7465] write to 0xffff8881212c56d0 of 8 bytes by task 4170 on cpu 1:
[  314.801031][ T7465]  __do_page_fault+0x6b1/0x9e0
[  314.805801][ T7465]  do_page_fault+0x54/0x233
[  314.810303][ T7465]  page_fault+0x34/0x40
[  314.814538][ T7465] 
[  314.816860][ T7465] read to 0xffff8881212c56d0 of 8 bytes by task 7465 on cpu 0:
[  314.824404][ T7465]  do_task_stat+0x4c7/0x1370
[  314.828999][ T7465]  proc_tgid_stat+0x3d/0x60
[  314.833528][ T7465]  proc_single_show+0x89/0xe0
[  314.838198][ T7465]  seq_read+0x350/0x960
[  314.842355][ T7465]  __vfs_read+0x67/0xc0
[  314.846501][ T7465]  vfs_read+0x143/0x2c0
[  314.850645][ T7465]  ksys_read+0xd5/0x1b0
[  314.854807][ T7465]  __x64_sys_read+0x4c/0x60
[  314.859321][ T7465]  do_syscall_64+0xcc/0x370
[  314.863820][ T7465]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  314.869722][ T7465] 
[  314.872036][ T7465] Reported by Kernel Concurrency Sanitizer on:
[  314.878184][ T7465] CPU: 0 PID: 7465 Comm: ps Not tainted 5.4.0-rc3+ #0
[  314.884927][ T7465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  314.889315][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  314.895099][ T7465] ==================================================================
[  314.910763][ T7465] Kernel panic - not syncing: panic_on_warn set ...
[  314.917619][ T7465] CPU: 0 PID: 7465 Comm: ps Not tainted 5.4.0-rc3+ #0
[  314.924718][ T7465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  314.939332][ T7465] Call Trace:
[  314.944573][ T7465]  dump_stack+0xf5/0x159
[  314.948817][ T7465]  panic+0x210/0x640
[  314.952818][ T7465]  ? do_syscall_64+0xcc/0x370
[  314.957655][ T7465]  ? vprintk_func+0x8d/0x140
[  314.962441][ T7465]  kcsan_report.cold+0xc/0x10
[  314.967129][ T7465]  __kcsan_setup_watchpoint+0x32e/0x4a0
[  314.972669][ T7465]  __tsan_read8+0x2c/0x30
[  314.977019][ T7465]  do_task_stat+0x4c7/0x1370
[  314.979088][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  314.981624][ T7465]  proc_tgid_stat+0x3d/0x60
[  314.993629][ T7465]  proc_single_show+0x89/0xe0
[  314.998294][ T7465]  seq_read+0x350/0x960
[  315.002454][ T7465]  __vfs_read+0x67/0xc0
[  315.006599][ T7465]  ? seq_hlist_start_head_rcu+0x60/0x60
[  315.012142][ T7465]  vfs_read+0x143/0x2c0
[  315.016392][ T7465]  ksys_read+0xd5/0x1b0
[  315.020543][ T7465]  __x64_sys_read+0x4c/0x60
[  315.025035][ T7465]  do_syscall_64+0xcc/0x370
[  315.029527][ T7465]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  315.035402][ T7465] RIP: 0033:0x7fc84ea57310
[  315.039809][ T7465] Code: 73 01 c3 48 8b 0d 28 4b 2b 00 31 d2 48 29 c2 64 89 11 48 83 c8 ff eb ea 90 90 83 3d e5 a2 2b 00 00 75 10 b8 00 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 6e 8a 01 00 48 89 04 24
[  315.059406][ T7465] RSP: 002b:00007ffced8bd2b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  315.067810][ T7465] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00007fc84ea57310
[  315.075780][ T7465] RDX: 0000000000000fff RSI: 00007fc84ef24d00 RDI: 0000000000000006
[  315.083754][ T7465] RBP: 0000000000000fff R08: 0000000000000000 R09: 00007fc84ed1fa10
[  315.091714][ T7465] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc84ef24d00
[  315.099759][ T7465] R13: 000000000176c1c0 R14: 0000000000000005 R15: 0000000000000000
[  316.238333][ T7465] Shutting down cpus with NMI
[  316.244565][ T7465] Kernel Offset: disabled
[  316.248911][ T7465] Rebooting in 86400 seconds..