[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   36.254571][   T25] audit: type=1800 audit(1572469737.937:25): pid=7056 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2447 res=0
[   36.282047][   T25] audit: type=1800 audit(1572469737.937:26): pid=7056 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0
[   36.309042][   T25] audit: type=1800 audit(1572469737.937:27): pid=7056 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.177' (ECDSA) to the list of known hosts.
2019/10/30 21:09:08 fuzzer started
2019/10/30 21:09:10 dialing manager at 10.128.0.105:37477
2019/10/30 21:09:11 syscalls: 2540
2019/10/30 21:09:11 code coverage: enabled
2019/10/30 21:09:11 comparison tracing: enabled
2019/10/30 21:09:11 extra coverage: extra coverage is not supported by the kernel
2019/10/30 21:09:11 setuid sandbox: enabled
2019/10/30 21:09:11 namespace sandbox: enabled
2019/10/30 21:09:11 Android sandbox: /sys/fs/selinux/policy does not exist
2019/10/30 21:09:11 fault injection: enabled
2019/10/30 21:09:11 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/10/30 21:09:11 net packet injection: enabled
2019/10/30 21:09:11 net device setup: enabled
2019/10/30 21:09:11 concurrency sanitizer: enabled
2019/10/30 21:09:18 adding functions to KCSAN blacklist: 'ext4_free_inode' 'tick_sched_do_timer' 'update_defense_level' '__d_lookup_done' 'generic_fillattr' 'tomoyo_supervisor' 'tick_do_update_jiffies64' 'ktime_get_real_seconds' 'generic_permission' 'dd_has_work' 'run_timer_softirq' 'generic_write_end' '__tcp_select_window' 'find_next_bit' 'ep_poll' 'add_timer' 'tcp_add_backlog' '__nf_ct_refresh_acct' '__nf_conntrack_find_get' '__ext4_new_inode' 'do_nanosleep' 'tcp_poll' 'taskstats_exit' 'inode_permission' 'pipe_poll' '__hrtimer_run_queues' 'task_dump_owner' 'xas_clear_mark' 'pid_update_inode' 'blk_mq_sched_dispatch_requests' 'futex_wait_queue_me' 'mod_timer' 'shmem_file_read_iter' 'ext4_has_free_clusters' 
21:09:39 executing program 0:
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
close(r0)
r1 = socket(0x11, 0x800000003, 0x81)
bind(r1, &(0x7f0000000000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0)
ftruncate(r2, 0x2008002)
syz_open_dev$media(0x0, 0x0, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x10, r3, 0x0)
sendmsg$TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f0000001680)={0x0, 0xfe2a, &(0x7f0000001640)={&(0x7f00000001c0)={0x13, 0x0, 0x121}, 0x260}}, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(r3, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x50, 0x0, 0x0, 0x70bd27, 0x25dfdbfc, {}, [@TIPC_NLA_LINK={0x3c, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
sendfile(r0, r2, 0x0, 0x200fff)

syzkaller login: [   77.817564][ T7230] IPVS: ftp: loaded support on port[0] = 21
21:09:39 executing program 1:
r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$setstatus(r0, 0x4, 0x42000)
add_key$keyring(&(0x7f0000000100)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffb)
r1 = socket$inet6(0xa, 0x40000080806, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e20}, 0x1c)
listen(r1, 0x7ff)
syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x0, 0x90400)
r2 = socket$inet6(0xa, 0x6, 0x0)
connect$inet6(r2, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @dev={0xfe, 0x80, [], 0xf}, 0x3}, 0x1c)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, 0x0, 0x0)

[   77.955624][ T7230] chnl_net:caif_netlink_parms(): no params data found
[   78.022243][ T7230] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.029716][ T7230] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.038375][ T7230] device bridge_slave_0 entered promiscuous mode
[   78.054899][ T7233] IPVS: ftp: loaded support on port[0] = 21
[   78.061424][ T7230] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.069278][ T7230] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.083532][ T7230] device bridge_slave_1 entered promiscuous mode
[   78.118744][ T7230] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   78.132301][ T7230] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   78.161581][ T7230] team0: Port device team_slave_0 added
[   78.172097][ T7230] team0: Port device team_slave_1 added
21:09:39 executing program 2:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x10f, 0x10}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70)

[   78.258381][ T7230] device hsr_slave_0 entered promiscuous mode
[   78.296728][ T7230] device hsr_slave_1 entered promiscuous mode
[   78.427385][ T7235] IPVS: ftp: loaded support on port[0] = 21
[   78.492255][ T7233] chnl_net:caif_netlink_parms(): no params data found
[   78.528558][ T7230] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.535716][ T7230] bridge0: port 2(bridge_slave_1) entered forwarding state
[   78.543247][ T7230] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.550423][ T7230] bridge0: port 1(bridge_slave_0) entered forwarding state
[   78.783332][ T7233] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.815416][ T7233] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.823731][ T7233] device bridge_slave_0 entered promiscuous mode
[   78.870501][ T7233] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.885456][ T7233] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.926582][ T7233] device bridge_slave_1 entered promiscuous mode
[   78.981240][   T42] bridge0: port 1(bridge_slave_0) entered disabled state
[   79.005658][   T42] bridge0: port 2(bridge_slave_1) entered disabled state
21:09:40 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$setpipe(r0, 0x407, 0x7)
r1 = perf_event_open(&(0x7f0000000440)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000, 0x0, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10008, 0x20}, 0x0, 0xfffffffffffffffe, 0xffffffffffffffff, 0x1)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x8)
r2 = syz_open_procfs(0x0, 0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x2827c0, 0x0)
ioctl$IOC_PR_PREEMPT(r3, 0x401870cb, &(0x7f0000000080)={0x200000000000, 0x3, 0x9, 0xfffffff7})
lseek(r2, 0x20408005, 0x0)
ioctl$VIDIOC_QUERYMENU(r2, 0xc02c5625, &(0x7f0000000300)={0xff, 0x400, @name="851958a93ac0b1858faac28b60cd1bc85d9d791987e737a81f766fdee178fef8"})
creat(&(0x7f0000000100)='./file0\x00', 0x0)
r4 = creat(&(0x7f0000000100)='./file0\x00', 0x0)
fallocate(r4, 0x0, 0x0, 0x84003ff)
ioctl$sock_SIOCDELDLCI(0xffffffffffffffff, 0x8981, &(0x7f00000002c0)={'bcsf0\x00'})
sendto$unix(0xffffffffffffffff, &(0x7f0000000140)="c56b7bed322911a9521a5a3d4301c838797a10a0d22868e435ffd2d362e55e5730f586106c98d4d18623fb22a074c46d70ab74296a5ab55ac23ade751ccabf0176697743ec932b2d1dc76f2e50c84cd2a6c6e0f17a13e3d57d8f70e159325ce468e4bb5ceccbef46a2a77f10034f6691a1e60a6af5219a111cfdc3fd9dc5a7ea6e08982a4f24c6084fca59d94d9e3a66240dba550f04b72899455cb9763d8e4a7e9c1e704ca65506aa46cae366a33449e39ab0738434805fa1f818b6789a31883ee92687ff9893a09ad37c69450ff95f64de71", 0xd3, 0x4040000, &(0x7f0000000240)=@file={0x0, './file0\x00'}, 0x6e)

[   79.101263][ T7233] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   79.158695][ T7230] 8021q: adding VLAN 0 to HW filter on device bond0
[   79.176740][ T7233] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   79.213211][ T7230] 8021q: adding VLAN 0 to HW filter on device team0
[   79.257285][   T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   79.285954][   T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   79.338108][ T7235] chnl_net:caif_netlink_parms(): no params data found
[   79.349140][ T3006] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   79.366150][ T3006] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   79.407510][ T3006] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.414636][ T3006] bridge0: port 1(bridge_slave_0) entered forwarding state
[   79.466335][ T3006] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   79.498060][ T3006] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   79.526094][ T3006] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.533173][ T3006] bridge0: port 2(bridge_slave_1) entered forwarding state
[   79.597654][ T3006] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   79.618290][ T3006] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   79.660717][ T7264] IPVS: ftp: loaded support on port[0] = 21
[   79.693389][ T7260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   79.702830][ T7260] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   79.748890][ T7260] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   79.788527][ T7260] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   79.808994][ T7260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   79.848695][ T7260] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   79.875996][ T7260] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   79.908185][ T7260] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   79.937156][ T7233] team0: Port device team_slave_0 added
[   79.954959][ T7230] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   80.000505][ T7260] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   80.030113][ T7233] team0: Port device team_slave_1 added
[   80.115956][ T7235] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.123121][ T7235] bridge0: port 1(bridge_slave_0) entered disabled state
[   80.166428][ T7235] device bridge_slave_0 entered promiscuous mode
[   80.195985][ T7235] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.203065][ T7235] bridge0: port 2(bridge_slave_1) entered disabled state
21:09:41 executing program 4:
r0 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="bf16000000000000b7070000010000054070000000000000bc700000000000009500000000000000dbf7cc4d2fa28bb14b0f6250144e517483486b8059eded6027310b685019079c6aab16511aa06a6bcb5af4184420bcf861f48195766b2ae8b941f124cf4d3fa6ef80b3f50b66d8582b7714fd3a85c33271fb0a2aebb6ba08618a6cca4d68c9ed14133b25b3f07f71946a28cfbab6af8034cefd76a911c0248a0f82ce3e8051b23bd03176293bff7525592cc2bd23cc72ec434e18f46ce5de99dd52d2c4ab65167e304e24a9b1287f8bffb095e75ab6f27dafe77fc81762d4ba881b9c3289523cc5e0ee620b613c019b66075ad901d3a64172765ec03b18dcad186cd3c82fe78ec6509f6c30de43"], &(0x7f0000000140)='vS\xfdIG|\x8aL[\xf2\'\x9c\xea\xb1\xc0\xb1\x19\x91\x9d/Q\xd9\xe3T\xce\xdax;\x02%\xc5\x1c\xd5GA\xad[(\xbblZ\x01\x1dF\x92#]%sj\xd0i\xc6C\x1f&\xe2\xc5\xa5z\x7f\xe1 \xfb\xc27\x03\x84\x8e\xef\x82-\xfc$$\xaf\v\xbd\x95\x1e\x0f\xbeVI\xec\r!\f\x86\xf5\xfb[Y\x1e\xd4\xdfc\xb1\xc8\xa2\xc1/5\xffr\x1f\x80@\xb8F\xea\xde\x93\xa1\xcb6\xee\xf2\xce\x95\xf2\xfdxR\x17F\xad\xc1~\xa2\x97=O^o\"\xbb\xa8\x9746'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r1, 0x0, 0x13, 0x0, &(0x7f0000000200)="dc5756d13edb16d7941efafd204ed5f7cbdcbb", 0x0, 0xbe5b}, 0x28)

[   80.236261][ T7235] device bridge_slave_1 entered promiscuous mode
[   80.338275][ T7233] device hsr_slave_0 entered promiscuous mode
[   80.377916][ T7233] device hsr_slave_1 entered promiscuous mode
[   80.417581][ T7233] debugfs: Directory 'hsr0' with parent '/' already present!
[   80.471548][ T7235] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   80.497760][ T7230] 8021q: adding VLAN 0 to HW filter on device batadv0
[   80.530540][ T7235] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   80.728933][ T7235] team0: Port device team_slave_0 added
[   80.786733][ T7235] team0: Port device team_slave_1 added
[   80.823501][ T7264] chnl_net:caif_netlink_parms(): no params data found
[   80.989625][ T7289] IPVS: ftp: loaded support on port[0] = 21
[   81.048315][ T7235] device hsr_slave_0 entered promiscuous mode
[   81.066365][    C0] hrtimer: interrupt took 34770 ns
[   81.145652][ T7235] device hsr_slave_1 entered promiscuous mode
[   81.185737][ T7235] debugfs: Directory 'hsr0' with parent '/' already present!
[   81.208915][ T7233] 8021q: adding VLAN 0 to HW filter on device bond0
[   81.271982][ T7233] 8021q: adding VLAN 0 to HW filter on device team0
[   81.347481][ T7260] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   81.378804][ T7260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   81.406066][ T7264] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.413171][ T7264] bridge0: port 1(bridge_slave_0) entered disabled state
[   81.423787][   T25] kauditd_printk_skb: 3 callbacks suppressed
[   81.423811][   T25] audit: type=1800 audit(1572469783.107:31): pid=7303 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.0" name="bus" dev="sda1" ino=16517 res=0
[   81.449704][ T7264] device bridge_slave_0 entered promiscuous mode
[   81.486654][ T7264] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.493801][ T7264] bridge0: port 2(bridge_slave_1) entered disabled state
21:09:43 executing program 0:
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
close(r0)
r1 = socket(0x11, 0x800000003, 0x81)
bind(r1, &(0x7f0000000000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0)
ftruncate(r2, 0x2008002)
syz_open_dev$media(0x0, 0x0, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x10, r3, 0x0)
sendmsg$TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f0000001680)={0x0, 0xfe2a, &(0x7f0000001640)={&(0x7f00000001c0)={0x13, 0x0, 0x121}, 0x260}}, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(r3, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x50, 0x0, 0x0, 0x70bd27, 0x25dfdbfc, {}, [@TIPC_NLA_LINK={0x3c, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
sendfile(r0, r2, 0x0, 0x200fff)

[   81.571685][ T7264] device bridge_slave_1 entered promiscuous mode
[   81.636773][ T3006] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   81.679019][ T3006] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
21:09:43 executing program 5:
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
close(r0)
r1 = socket(0x11, 0x800000003, 0x81)
bind(r1, &(0x7f0000000000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0)
ftruncate(r2, 0x2008002)
syz_open_dev$media(0x0, 0x0, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x10, r3, 0x0)
sendmsg$TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f0000001680)={0x0, 0xfe2a, &(0x7f0000001640)={&(0x7f00000001c0)={0x13, 0x0, 0x121}, 0x260}}, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(r3, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x50, 0x0, 0x0, 0x70bd27, 0x25dfdbfc, {}, [@TIPC_NLA_LINK={0x3c, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
sendfile(r0, r2, 0x0, 0x200fff)

[   81.725027][ T3006] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.732166][ T3006] bridge0: port 1(bridge_slave_0) entered forwarding state
[   81.829666][ T3006] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   81.900301][ T3006] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   81.998574][ T3006] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.005689][ T3006] bridge0: port 2(bridge_slave_1) entered forwarding state
[   82.075399][   T10] ==================================================================
[   82.083537][   T10] BUG: KCSAN: data-race in rcu_gp_fqs_check_wake / rcu_note_context_switch
[   82.092124][   T10] 
[   82.094449][   T10] write to 0xffffffff85a7d490 of 8 bytes by task 7324 on cpu 0:
[   82.102083][   T10]  rcu_note_context_switch+0x6f6/0x760
[   82.107543][   T10]  __schedule+0xa4/0x640
[   82.111782][   T10]  preempt_schedule_irq+0x57/0x90
[   82.116808][   T10]  restore_regs_and_return_to_kernel+0x0/0x25
[   82.122957][   T10]  __kcsan_setup_watchpoint+0x81/0x4a0
[   82.128411][   T10]  __tsan_read4+0x2c/0x30
[   82.132738][   T10]  pid_getattr+0xde/0x1a0
[   82.137062][   T10]  vfs_getattr_nosec+0x12e/0x170
[   82.142000][   T10]  vfs_getattr+0x54/0x70
[   82.146251][   T10]  vfs_statx+0x102/0x190
[   82.150491][   T10]  __do_sys_newstat+0x51/0xb0
[   82.155164][   T10]  __x64_sys_newstat+0x3a/0x50
[   82.159930][   T10]  do_syscall_64+0xcc/0x370
[   82.164429][   T10]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   82.170311][   T10] 
[   82.172638][   T10] read to 0xffffffff85a7d490 of 8 bytes by task 10 on cpu 1:
[   82.180028][   T10]  rcu_gp_fqs_check_wake+0x93/0xd0
[   82.185145][   T10]  rcu_gp_fqs_loop+0x1df/0x580
[   82.189905][   T10]  rcu_gp_kthread+0x143/0x230
[   82.194580][   T10]  kthread+0x1d4/0x200
[   82.198643][   T10]  ret_from_fork+0x1f/0x30
[   82.203036][   T10] 
[   82.205361][   T10] Reported by Kernel Concurrency Sanitizer on:
[   82.211529][   T10] CPU: 1 PID: 10 Comm: rcu_preempt Not tainted 5.4.0-rc3+ #0
[   82.218885][   T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   82.228944][   T10] ==================================================================
[   82.236993][   T10] Kernel panic - not syncing: panic_on_warn set ...
[   82.243580][   T10] CPU: 1 PID: 10 Comm: rcu_preempt Not tainted 5.4.0-rc3+ #0
[   82.250944][   T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   82.260995][   T10] Call Trace:
[   82.264289][   T10]  dump_stack+0xf5/0x159
[   82.268538][   T10]  panic+0x210/0x640
[   82.272436][   T10]  ? vprintk_func+0x8d/0x140
[   82.277028][   T10]  kcsan_report.cold+0xc/0x10
[   82.281727][   T10]  __kcsan_setup_watchpoint+0x32e/0x4a0
[   82.287357][   T10]  ? __tsan_read4+0x2c/0x30
[   82.291853][   T10]  __tsan_read8+0x2c/0x30
[   82.296174][   T10]  rcu_gp_fqs_check_wake+0x93/0xd0
[   82.301281][   T10]  rcu_gp_fqs_loop+0x1df/0x580
[   82.306042][   T10]  rcu_gp_kthread+0x143/0x230
[   82.310807][   T10]  kthread+0x1d4/0x200
[   82.315301][   T10]  ? rcu_gp_cleanup+0x520/0x520
[   82.320139][   T10]  ? kthread_stop+0x2d0/0x2d0
[   82.324811][   T10]  ret_from_fork+0x1f/0x30
[   82.330561][   T10] Kernel Offset: disabled
[   82.334887][   T10] Rebooting in 86400 seconds..