[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   35.769652][   T25] audit: type=1800 audit(1571661371.671:25): pid=7029 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2447 res=0
[   35.813620][   T25] audit: type=1800 audit(1571661371.681:26): pid=7029 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0
[   35.840003][   T25] audit: type=1800 audit(1571661371.681:27): pid=7029 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.104' (ECDSA) to the list of known hosts.
2019/10/21 12:36:22 fuzzer started
2019/10/21 12:36:23 dialing manager at 10.128.0.105:39747
2019/10/21 12:36:24 syscalls: 2524
2019/10/21 12:36:24 code coverage: enabled
2019/10/21 12:36:24 comparison tracing: enabled
2019/10/21 12:36:24 extra coverage: extra coverage is not supported by the kernel
2019/10/21 12:36:24 setuid sandbox: enabled
2019/10/21 12:36:24 namespace sandbox: enabled
2019/10/21 12:36:24 Android sandbox: /sys/fs/selinux/policy does not exist
2019/10/21 12:36:24 fault injection: enabled
2019/10/21 12:36:24 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/10/21 12:36:24 net packet injection: enabled
2019/10/21 12:36:24 net device setup: enabled
2019/10/21 12:36:24 concurrency sanitizer: enabled
12:36:25 executing program 0:
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000))
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000004fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = socket$inet6_sctp(0xa, 0x80000000000001, 0x84)
getsockopt$inet6_int(r1, 0x29, 0x10, 0x0, &(0x7f0000013000)=0xffffffffffffff85)
mmap(&(0x7f0000000000/0xfe3000)=nil, 0xfe3000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
close(r0)
write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0)

12:36:26 executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff})
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$inet(0x10, 0x2, 0x0)
sendmsg(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000001c0)="24000000190007041dfffd946f6105000af80200fe0200000002080008001e000400ff7e280000001100ffffba16a0aa1c0900000000000012000000000000eff24d8238cfa47e23f7efbf54", 0x4c}], 0x1}, 0x0)

syzkaller login: [   50.241421][ T7201] IPVS: ftp: loaded support on port[0] = 21
[   50.409571][ T7204] IPVS: ftp: loaded support on port[0] = 21
[   50.409819][ T7201] chnl_net:caif_netlink_parms(): no params data found
[   50.476641][ T7201] bridge0: port 1(bridge_slave_0) entered blocking state
[   50.483934][ T7201] bridge0: port 1(bridge_slave_0) entered disabled state
[   50.492024][ T7201] device bridge_slave_0 entered promiscuous mode
[   50.502275][ T7201] bridge0: port 2(bridge_slave_1) entered blocking state
[   50.509439][ T7201] bridge0: port 2(bridge_slave_1) entered disabled state
[   50.517543][ T7201] device bridge_slave_1 entered promiscuous mode
[   50.548821][ T7201] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   50.584253][ T7201] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
12:36:26 executing program 2:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x21, 0x0, &(0x7f0000000040))

[   50.621851][ T7204] chnl_net:caif_netlink_parms(): no params data found
[   50.632997][ T7201] team0: Port device team_slave_0 added
[   50.640851][ T7201] team0: Port device team_slave_1 added
[   50.716032][ T7204] bridge0: port 1(bridge_slave_0) entered blocking state
[   50.729853][ T7204] bridge0: port 1(bridge_slave_0) entered disabled state
[   50.749819][ T7204] device bridge_slave_0 entered promiscuous mode
[   50.804229][ T7201] device hsr_slave_0 entered promiscuous mode
[   50.881735][ T7201] device hsr_slave_1 entered promiscuous mode
12:36:26 executing program 3:
openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/sync_refresh_period\x00', 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000000c0)=@ipx, 0x80, 0x0}}], 0x3fffffffffffe7e, 0x0, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = syz_open_procfs(0x0, &(0x7f0000000180)='statm\x00')
socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00\x11\x00', 0x19, 0x1, 0x0, [0x200005c0, 0x0, 0x0, 0x200005f0, 0x20000620], 0x0, 0x0}, 0x78)
preadv(r2, &(0x7f00000017c0), 0x199, 0x0)

[   50.930058][ T7204] bridge0: port 2(bridge_slave_1) entered blocking state
[   50.937216][ T7204] bridge0: port 2(bridge_slave_1) entered disabled state
[   50.946026][ T7204] device bridge_slave_1 entered promiscuous mode
[   50.967855][ T7204] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   50.980728][ T7204] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   51.021755][ T7207] IPVS: ftp: loaded support on port[0] = 21
[   51.047528][ T7204] team0: Port device team_slave_0 added
[   51.075019][ T7201] bridge0: port 2(bridge_slave_1) entered blocking state
[   51.082126][ T7201] bridge0: port 2(bridge_slave_1) entered forwarding state
[   51.089454][ T7201] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.096561][ T7201] bridge0: port 1(bridge_slave_0) entered forwarding state
[   51.109300][ T7204] team0: Port device team_slave_1 added
12:36:27 executing program 4:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(r0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0x1)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r4, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe4a)

[   51.252875][ T7204] device hsr_slave_0 entered promiscuous mode
[   51.281871][ T7204] device hsr_slave_1 entered promiscuous mode
[   51.341306][ T7204] debugfs: Directory 'hsr0' with parent '/' already present!
[   51.379483][ T7210] IPVS: ftp: loaded support on port[0] = 21
[   51.483951][ T7204] bridge0: port 2(bridge_slave_1) entered blocking state
[   51.491071][ T7204] bridge0: port 2(bridge_slave_1) entered forwarding state
[   51.498386][ T7204] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.505527][ T7204] bridge0: port 1(bridge_slave_0) entered forwarding state
[   51.552012][ T7209] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.570423][ T7209] bridge0: port 2(bridge_slave_1) entered disabled state
[   51.592269][ T7209] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.600856][ T7209] bridge0: port 2(bridge_slave_1) entered disabled state
[   51.619204][ T7201] 8021q: adding VLAN 0 to HW filter on device bond0
[   51.634824][ T7207] chnl_net:caif_netlink_parms(): no params data found
[   51.657362][ T7201] 8021q: adding VLAN 0 to HW filter on device team0
[   51.677031][ T7213] IPVS: ftp: loaded support on port[0] = 21
[   51.695993][ T7209] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
12:36:27 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x223, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x40000080806, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x33, &(0x7f0000000040)=0x7fb, 0x4)
bind$inet6(r0, &(0x7f000047b000)={0xa, 0x404e20}, 0x1c)
listen(r0, 0x400000001ffffffd)
r1 = socket$inet6(0xa, 0x6, 0x0)
r2 = socket$inet6(0xa, 0x801, 0x0)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c)
listen(r2, 0xffeffffefffffffb)
getsockopt$inet6_buf(r2, 0x29, 0x2f, &(0x7f0000000240)=""/125, &(0x7f00000002c0)=0x7d)
socket$nl_crypto(0x10, 0x3, 0x15)
r3 = socket$inet6(0xa, 0x801, 0x0)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c)
listen(r3, 0xffeffffefffffffb)
setsockopt$inet6_icmp_ICMP_FILTER(r3, 0x1, 0x1, &(0x7f0000000300)={0x1}, 0x4)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
r4 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x100000000000000}}], 0x4000000000000d0, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000180)={0x0, @in6={{0xa, 0x4e21, 0x7, @dev, 0x1}}, 0x0, 0xffff, 0x7, 0x10000, 0x2}, &(0x7f00000000c0)=0x98)

[   51.704236][ T7209] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   51.750748][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   51.762750][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   51.771570][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.778638][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   51.790543][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   51.799624][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   51.811442][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   51.818511][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   51.862784][ T7207] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.870119][ T7207] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.878087][ T7207] device bridge_slave_0 entered promiscuous mode
[   51.889151][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   51.898133][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   51.907488][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   51.917336][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   51.926131][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   51.934930][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   51.944095][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   51.952641][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   51.967346][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   51.979098][ T7204] 8021q: adding VLAN 0 to HW filter on device bond0
[   51.986304][ T7207] bridge0: port 2(bridge_slave_1) entered blocking state
[   51.993559][ T7207] bridge0: port 2(bridge_slave_1) entered disabled state
[   52.001745][ T7207] device bridge_slave_1 entered promiscuous mode
[   52.025661][ T7207] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   52.035102][ T7217] IPVS: ftp: loaded support on port[0] = 21
[   52.046585][ T7204] 8021q: adding VLAN 0 to HW filter on device team0
[   52.059815][ T7207] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   52.083201][ T7209] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   52.091467][ T7209] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   52.099352][ T7209] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   52.107841][ T7209] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   52.123015][ T7201] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   52.161124][ T7207] team0: Port device team_slave_0 added
[   52.171565][ T7207] team0: Port device team_slave_1 added
[   52.179661][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   52.188385][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   52.196973][    T5] bridge0: port 1(bridge_slave_0) entered blocking state
[   52.204123][    T5] bridge0: port 1(bridge_slave_0) entered forwarding state
[   52.240190][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   52.249154][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   52.257695][   T44] bridge0: port 2(bridge_slave_1) entered blocking state
[   52.264825][   T44] bridge0: port 2(bridge_slave_1) entered forwarding state
[   52.272750][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   52.282152][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   52.291068][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   52.299853][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   52.308646][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   52.317812][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   52.326722][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   52.335521][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   52.344277][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   52.362222][ T7204] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   52.373734][ T7204] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   52.400841][ T3006] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   52.409398][ T3006] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   52.422291][ T7201] 8021q: adding VLAN 0 to HW filter on device batadv0
[   52.503247][ T7207] device hsr_slave_0 entered promiscuous mode
[   52.550160][ T7207] device hsr_slave_1 entered promiscuous mode
[   52.620031][ T7207] debugfs: Directory 'hsr0' with parent '/' already present!
[   52.652114][ T7204] 8021q: adding VLAN 0 to HW filter on device batadv0
[   52.695985][ T7210] chnl_net:caif_netlink_parms(): no params data found
[   52.760783][ T7213] chnl_net:caif_netlink_parms(): no params data found
[   52.821550][ T7213] bridge0: port 1(bridge_slave_0) entered blocking state
[   52.830504][ T7213] bridge0: port 1(bridge_slave_0) entered disabled state
[   52.838490][ T7213] device bridge_slave_0 entered promiscuous mode
[   52.886899][ T7217] chnl_net:caif_netlink_parms(): no params data found
[   52.930575][    C0] hrtimer: interrupt took 24915 ns
[   52.932664][ T7213] bridge0: port 2(bridge_slave_1) entered blocking state
[   52.945729][ T7213] bridge0: port 2(bridge_slave_1) entered disabled state
[   52.954020][ T7213] device bridge_slave_1 entered promiscuous mode
12:36:28 executing program 0:
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000))
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000004fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = socket$inet6_sctp(0xa, 0x80000000000001, 0x84)
getsockopt$inet6_int(r1, 0x29, 0x10, 0x0, &(0x7f0000013000)=0xffffffffffffff85)
mmap(&(0x7f0000000000/0xfe3000)=nil, 0xfe3000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
close(r0)
write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0)

[   52.984994][ T7210] bridge0: port 1(bridge_slave_0) entered blocking state
[   52.992672][ T7210] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.001188][ T7210] device bridge_slave_0 entered promiscuous mode
[   53.017278][ T7235] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[   53.137897][ T7210] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.151190][ T7210] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.159253][ T7210] device bridge_slave_1 entered promiscuous mode
[   53.168427][ T7213] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   53.181465][ T7213] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   53.196319][ T7207] 8021q: adding VLAN 0 to HW filter on device bond0
12:36:29 executing program 0:
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000))
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000004fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = socket$inet6_sctp(0xa, 0x80000000000001, 0x84)
getsockopt$inet6_int(r1, 0x29, 0x10, 0x0, &(0x7f0000013000)=0xffffffffffffff85)
mmap(&(0x7f0000000000/0xfe3000)=nil, 0xfe3000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
close(r0)
write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0)

[   53.248489][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   53.256671][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   53.277535][ T7234] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[   53.298775][ T7210] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   53.338944][ T7210] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
12:36:29 executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff})
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$inet(0x10, 0x2, 0x0)
sendmsg(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000001c0)="24000000190007041dfffd946f6105000af80200fe0200000002080008001e000400ff7e280000001100ffffba16a0aa1c0900000000000012000000000000eff24d8238cfa47e23f7efbf54", 0x4c}], 0x1}, 0x0)

[   53.361283][ T7217] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.368568][ T7217] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.385815][ T7217] device bridge_slave_0 entered promiscuous mode
[   53.397171][ T7217] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.425529][ T7217] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.450032][   T10] ==================================================================
[   53.450042][ T7217] device bridge_slave_1 entered promiscuous mode
[   53.451592][ T7213] team0: Port device team_slave_0 added
[   53.458169][   T10] BUG: KCSAN: data-race in rcu_gp_fqs_check_wake / rcu_preempt_deferred_qs_irqrestore
[   53.479382][ T7213] team0: Port device team_slave_1 added
[   53.479573][   T10] 
[   53.487423][   T10] write to 0xffffffff85a7d490 of 8 bytes by task 7217 on cpu 1:
[   53.495061][   T10]  rcu_preempt_deferred_qs_irqrestore+0x43d/0x580
[   53.501476][   T10]  __rcu_read_unlock+0x16a/0x3c0
[   53.506417][   T10]  batadv_hardif_get_by_netdev+0xd2/0x100
[   53.512134][   T10]  batadv_hard_if_event+0xb0/0x880
[   53.517245][   T10]  notifier_call_chain+0xd7/0x160
[   53.522269][   T10]  raw_notifier_call_chain+0x37/0x50
[   53.527556][   T10]  call_netdevice_notifiers_info+0x48/0xc0
[   53.533358][   T10]  __netdev_upper_dev_link+0x23e/0x310
[   53.538832][   T10]  netdev_master_upper_dev_link+0x43/0x60
[   53.544552][   T10]  br_add_if+0x5ed/0xdb0
[   53.548799][   T10]  br_add_slave+0x32/0x50
[   53.553131][   T10]  do_set_master+0x14e/0x170
[   53.557720][   T10]  do_setlink+0x673/0x1e30
[   53.562134][   T10]  __rtnl_newlink+0x93e/0x1010
[   53.566882][   T10] 
12:36:29 executing program 0:
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000))
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000004fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = socket$inet6_sctp(0xa, 0x80000000000001, 0x84)
getsockopt$inet6_int(r1, 0x29, 0x10, 0x0, &(0x7f0000013000)=0xffffffffffffff85)
mmap(&(0x7f0000000000/0xfe3000)=nil, 0xfe3000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
close(r0)
write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0)

[   53.569210][   T10] read to 0xffffffff85a7d490 of 8 bytes by task 10 on cpu 0:
[   53.576583][   T10]  rcu_gp_fqs_check_wake+0x93/0xd0
[   53.581696][   T10]  rcu_gp_fqs_loop+0x36c/0x580
[   53.586477][   T10]  rcu_gp_kthread+0x143/0x230
[   53.591149][   T10]  kthread+0x1d4/0x200
[   53.595484][   T10]  ret_from_fork+0x1f/0x30
[   53.599892][   T10] 
[   53.602210][   T10] Reported by Kernel Concurrency Sanitizer on:
[   53.608383][   T10] CPU: 0 PID: 10 Comm: rcu_preempt Not tainted 5.4.0-rc3+ #0
[   53.615747][   T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   53.625799][   T10] ==================================================================
[   53.633858][   T10] Kernel panic - not syncing: panic_on_warn set ...
[   53.640471][   T10] CPU: 0 PID: 10 Comm: rcu_preempt Not tainted 5.4.0-rc3+ #0
[   53.647837][   T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   53.657897][   T10] Call Trace:
[   53.661182][   T10]  dump_stack+0xf5/0x159
[   53.665416][   T10]  panic+0x210/0x640
[   53.669309][   T10]  ? vprintk_func+0x8d/0x140
[   53.673919][   T10]  kcsan_report.cold+0xc/0x10
[   53.678601][   T10]  __kcsan_setup_watchpoint+0x32e/0x4a0
[   53.684170][   T10]  __tsan_read8+0x2c/0x30
[   53.688514][   T10]  rcu_gp_fqs_check_wake+0x93/0xd0
[   53.693633][   T10]  rcu_gp_fqs_loop+0x36c/0x580
[   53.698407][   T10]  rcu_gp_kthread+0x143/0x230
[   53.703085][   T10]  kthread+0x1d4/0x200
[   53.707157][   T10]  ? rcu_gp_cleanup+0x520/0x520
[   53.712007][   T10]  ? kthread_stop+0x2d0/0x2d0
[   53.716709][   T10]  ret_from_fork+0x1f/0x30
[   53.721796][   T10] Kernel Offset: disabled
[   53.726118][   T10] Rebooting in 86400 seconds..