[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[   42.687033][   T25] audit: type=1800 audit(1575316620.517:21): pid=7402 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2452 res=0
[   42.733358][   T25] audit: type=1800 audit(1575316620.527:22): pid=7402 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2480 res=0
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.54' (ECDSA) to the list of known hosts.
2019/12/02 19:57:12 fuzzer started
2019/12/02 19:57:13 dialing manager at 10.128.0.105:39819
2019/12/02 19:57:13 syscalls: 2682
2019/12/02 19:57:13 code coverage: enabled
2019/12/02 19:57:13 comparison tracing: enabled
2019/12/02 19:57:13 extra coverage: extra coverage is not supported by the kernel
2019/12/02 19:57:13 setuid sandbox: enabled
2019/12/02 19:57:13 namespace sandbox: enabled
2019/12/02 19:57:13 Android sandbox: /sys/fs/selinux/policy does not exist
2019/12/02 19:57:13 fault injection: enabled
2019/12/02 19:57:13 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/12/02 19:57:13 net packet injection: enabled
2019/12/02 19:57:13 net device setup: enabled
2019/12/02 19:57:13 concurrency sanitizer: enabled
2019/12/02 19:57:13 devlink PCI setup: PCI device 0000:00:10.0 is not available
syzkaller login: [   57.154033][ T7574] KCSAN: could not find function: 'poll_schedule_timeout'
2019/12/02 19:57:21 adding functions to KCSAN blacklist: 'echo_char' 'generic_fillattr' 'futex_wait_queue_me' 'copy_process' 'blk_mq_sched_dispatch_requests' 'do_syslog' 'poll_schedule_timeout' 'dd_has_work' 'wbt_done' 'mm_update_next_owner' 'taskstats_exit' 'tomoyo_supervisor' 'find_next_bit' 'filemap_map_pages' '__snd_rawmidi_transmit_ack' 'n_tty_receive_buf_common' 'generic_file_read_iter' 'tick_nohz_idle_stop_tick' 'pid_update_inode' 'mod_timer' 'kcm_rfree' 'ext4_nonda_switch' 'rcu_gp_fqs_loop' 'ktime_get_real_seconds' 'ext4_free_inode' 'ep_poll' 'add_timer' 'blk_mq_get_request' 'bio_endio' 'rcu_gp_fqs_check_wake' 'blk_mq_dispatch_rq_list' '__hrtimer_run_queues' 'pipe_poll' '__ext4_new_inode' 'ext4_free_inodes_count' 'timer_clear_idle' 'tcp_add_backlog' 'tick_do_update_jiffies64' 'xas_find_marked' 'sixpack_receive_buf' 'ext4_has_free_clusters' 'do_mpage_readpage' 'run_timer_softirq' 'xas_clear_mark' 'generic_write_end' 'ext4_mb_find_by_goal' 'wbt_issue' 'tick_sched_do_timer' 'find_get_pages_range_tag' 'lruvec_lru_size' 
19:58:28 executing program 0:
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'trusted:', 'em1'}, 0xfffffffffffffff5, 0xfffffffffffffffd)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0x1f1, 0xfffffffffffffffe)

[  131.224271][ T7576] IPVS: ftp: loaded support on port[0] = 21
19:58:29 executing program 1:
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000240)={'syz1\x00', {}, 0x0, [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1]}, 0x45c)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0xaaaaaaaaaaaab31, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000010000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4d4, 0x400}], 0x1, 0x0)

[  131.310090][ T7576] chnl_net:caif_netlink_parms(): no params data found
[  131.356755][ T7576] bridge0: port 1(bridge_slave_0) entered blocking state
[  131.378383][ T7576] bridge0: port 1(bridge_slave_0) entered disabled state
[  131.386178][ T7576] device bridge_slave_0 entered promiscuous mode
[  131.419881][ T7576] bridge0: port 2(bridge_slave_1) entered blocking state
[  131.427005][ T7576] bridge0: port 2(bridge_slave_1) entered disabled state
[  131.434683][ T7576] device bridge_slave_1 entered promiscuous mode
[  131.453407][ T7576] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  131.464373][ T7576] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  131.467056][ T7579] IPVS: ftp: loaded support on port[0] = 21
[  131.483571][ T7576] team0: Port device team_slave_0 added
[  131.490853][ T7576] team0: Port device team_slave_1 added
19:58:29 executing program 2:
openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video35\x00', 0x2, 0x0)
ioctl$VIDIOC_DECODER_CMD(0xffffffffffffffff, 0xc0485660, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$inet(0xa, 0x801, 0x0)
pipe(&(0x7f0000000440)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write(r1, &(0x7f0000000340), 0x41395527)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000100)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000002cc0)='/dev/dlm-monitor\x00', 0x0, 0x0)

[  131.570516][ T7576] device hsr_slave_0 entered promiscuous mode
[  131.618599][ T7576] device hsr_slave_1 entered promiscuous mode
[  131.728938][ T7576] bridge0: port 2(bridge_slave_1) entered blocking state
[  131.736078][ T7576] bridge0: port 2(bridge_slave_1) entered forwarding state
[  131.743385][ T7576] bridge0: port 1(bridge_slave_0) entered blocking state
[  131.750442][ T7576] bridge0: port 1(bridge_slave_0) entered forwarding state
[  131.849977][ T7581] IPVS: ftp: loaded support on port[0] = 21
[  131.863430][ T7579] chnl_net:caif_netlink_parms(): no params data found
[  131.969263][ T7576] 8021q: adding VLAN 0 to HW filter on device bond0
[  131.996049][ T7579] bridge0: port 1(bridge_slave_0) entered blocking state
[  132.008414][ T7579] bridge0: port 1(bridge_slave_0) entered disabled state
[  132.028464][ T7579] device bridge_slave_0 entered promiscuous mode
[  132.073855][ T7576] 8021q: adding VLAN 0 to HW filter on device team0
[  132.089223][ T7579] bridge0: port 2(bridge_slave_1) entered blocking state
[  132.096394][ T7579] bridge0: port 2(bridge_slave_1) entered disabled state
[  132.129170][ T7579] device bridge_slave_1 entered promiscuous mode
[  132.146260][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  132.159813][    T5] bridge0: port 1(bridge_slave_0) entered disabled state
19:58:30 executing program 3:
r0 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x20011, r0, 0x0)
ioctl$SG_NEXT_CMD_LEN(r0, 0x227b, &(0x7f0000000040))

[  132.184758][    T5] bridge0: port 2(bridge_slave_1) entered disabled state
[  132.220057][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  132.306213][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  132.330389][    T5] bridge0: port 1(bridge_slave_0) entered blocking state
[  132.337465][    T5] bridge0: port 1(bridge_slave_0) entered forwarding state
[  132.398890][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  132.429455][    T5] bridge0: port 2(bridge_slave_1) entered blocking state
[  132.436529][    T5] bridge0: port 2(bridge_slave_1) entered forwarding state
[  132.502154][ T7579] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  132.538808][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  132.548116][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  132.580687][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  132.620093][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  132.659099][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  132.688951][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  132.709109][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  132.738915][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  132.774339][ T7610] IPVS: ftp: loaded support on port[0] = 21
[  132.782112][ T7581] chnl_net:caif_netlink_parms(): no params data found
[  132.803431][ T7576] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  132.839215][ T7576] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  132.870822][ T7579] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  132.880347][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  132.890190][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  132.929860][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  132.965884][ T7576] 8021q: adding VLAN 0 to HW filter on device batadv0
[  133.021352][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  133.030837][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  133.072092][ T7579] team0: Port device team_slave_0 added
[  133.100703][ T7579] team0: Port device team_slave_1 added
[  133.108265][ T7581] bridge0: port 1(bridge_slave_0) entered blocking state
[  133.115931][ T7581] bridge0: port 1(bridge_slave_0) entered disabled state
19:58:30 executing program 4:
mount(&(0x7f0000000040)=@nullb='6060A:\x00', &(0x7f0000000080)='.\x00', &(0x7f0000000000)='ceph\x00', 0x0, 0x0)

[  133.125965][ T7581] device bridge_slave_0 entered promiscuous mode
[  133.157645][ T7581] bridge0: port 2(bridge_slave_1) entered blocking state
[  133.165363][ T7581] bridge0: port 2(bridge_slave_1) entered disabled state
[  133.173515][ T7581] device bridge_slave_1 entered promiscuous mode
[  133.221942][ T7579] device hsr_slave_0 entered promiscuous mode
[  133.268642][ T7579] device hsr_slave_1 entered promiscuous mode
[  133.319891][ T7579] debugfs: Directory 'hsr0' with parent '/' already present!
[  133.395684][ T7581] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  133.403647][ T7626] IPVS: ftp: loaded support on port[0] = 21
19:58:31 executing program 5:
r0 = socket(0x10, 0x3, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000140)="2600000022004701050000000000000005006d20002b1f000a4a51f1ee839cd53400b017ca5b", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000780), 0x2bb1f36c7597d46, 0x0, 0x0)

[  133.464148][ T7581] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  133.509510][ T7610] chnl_net:caif_netlink_parms(): no params data found
[  133.602044][ T7581] team0: Port device team_slave_0 added
19:58:31 executing program 0:
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'trusted:', 'em1'}, 0xfffffffffffffff5, 0xfffffffffffffffd)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0x1f1, 0xfffffffffffffffe)

[  133.649954][ T7581] team0: Port device team_slave_1 added
[  133.668310][ T7610] bridge0: port 1(bridge_slave_0) entered blocking state
[  133.719000][ T7610] bridge0: port 1(bridge_slave_0) entered disabled state
[  133.751692][ T7610] device bridge_slave_0 entered promiscuous mode
[  133.831096][ T7579] 8021q: adding VLAN 0 to HW filter on device bond0
[  133.838157][ T7610] bridge0: port 2(bridge_slave_1) entered blocking state
[  133.861798][ T7610] bridge0: port 2(bridge_slave_1) entered disabled state
19:58:31 executing program 0:
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'trusted:', 'em1'}, 0xfffffffffffffff5, 0xfffffffffffffffd)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0x1f1, 0xfffffffffffffffe)

[  133.880948][ T7610] device bridge_slave_1 entered promiscuous mode
[  133.952910][ T7581] device hsr_slave_0 entered promiscuous mode
[  134.028638][ T7581] device hsr_slave_1 entered promiscuous mode
[  134.058370][ T7581] debugfs: Directory 'hsr0' with parent '/' already present!
[  134.075534][ T7579] 8021q: adding VLAN 0 to HW filter on device team0
[  134.125889][ T7655] IPVS: ftp: loaded support on port[0] = 21
[  134.132627][ T7606] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  134.145004][ T7606] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
19:58:32 executing program 0:
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'trusted:', 'em1'}, 0xfffffffffffffff5, 0xfffffffffffffffd)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0x1f1, 0xfffffffffffffffe)

[  134.258701][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  134.267778][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  134.318846][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  134.326095][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  134.370793][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  134.398901][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
19:58:32 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_dev$dmmidi(0x0, 0x2, 0x0)
getsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f0000000200), 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x11, &(0x7f0000000040), 0x4)
getpid()
r1 = getpid()
sched_setscheduler(r1, 0x5, &(0x7f0000000380))
getpgid(r1)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4cc74502f987c2cec6504df6ead74ed8a60ab563e98b4b2a3d27a708145a339bd57fba3da80b856445ab100621d6234555c08dc540473753cd89e9b08e3f5972fe9ca162b123e192e8c89c9dd81c796f27f537cc5a3fb54aff8eaff4f6b59c41705b9379079d0000000000000000000000000000008ce0891802ff9726e5d3ecfe2064c00c167a7c97"], 0x15)
r4 = dup(r3)
write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000400)='/dev/bt)\xe2\n\xac\x9d\x87\xd7\x15r\x16\x8b\x00', 0x40000, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})
setxattr$trusted_overlay_nlink(&(0x7f0000000180)='./file0\x00', &(0x7f0000000340)='trusted.overlay.nlink\x00', &(0x7f00000003c0)={'U+', 0x7}, 0x28, 0x0)
syz_open_dev$swradio(&(0x7f0000000440)='/dev/swradio#\x00', 0x1, 0x2)
r5 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$getflags(0xffffffffffffffff, 0x401)
accept4$tipc(0xffffffffffffffff, 0x0, &(0x7f0000000740), 0x800)
fcntl$getownex(r5, 0x10, 0x0)
getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900))
lstat(0x0, &(0x7f0000000c00))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000c80), &(0x7f0000000cc0)=0xc)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000480), &(0x7f0000001880)=0xc)
getgid()
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r6, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r7, &(0x7f0000000080)={0xa, 0x0, 0x2, @mcast2, 0x2}, 0x1c)

[  134.423755][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  134.430918][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  134.508829][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  134.530548][ T7610] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  134.586406][ T7670] 9pnet: bogus RWRITE count (2 > 1)
[  134.625239][ T3012] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  134.649686][    C1] hrtimer: interrupt took 24177 ns
[  134.658877][ T3012] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  134.705052][ T3012] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  134.707911][ T7670] 9pnet: bogus RWRITE count (2 > 1)
[  134.756209][ T3012] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  134.809238][ T3012] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  134.841090][ T3012] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  134.869465][ T3012] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  134.890530][ T3012] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
19:58:32 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_dev$dmmidi(0x0, 0x2, 0x0)
getsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f0000000200), 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x11, &(0x7f0000000040), 0x4)
getpid()
r1 = getpid()
sched_setscheduler(r1, 0x5, &(0x7f0000000380))
getpgid(r1)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4cc74502f987c2cec6504df6ead74ed8a60ab563e98b4b2a3d27a708145a339bd57fba3da80b856445ab100621d6234555c08dc540473753cd89e9b08e3f5972fe9ca162b123e192e8c89c9dd81c796f27f537cc5a3fb54aff8eaff4f6b59c41705b9379079d0000000000000000000000000000008ce0891802ff9726e5d3ecfe2064c00c167a7c97"], 0x15)
r4 = dup(r3)
write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000400)='/dev/bt)\xe2\n\xac\x9d\x87\xd7\x15r\x16\x8b\x00', 0x40000, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})
setxattr$trusted_overlay_nlink(&(0x7f0000000180)='./file0\x00', &(0x7f0000000340)='trusted.overlay.nlink\x00', &(0x7f00000003c0)={'U+', 0x7}, 0x28, 0x0)
syz_open_dev$swradio(&(0x7f0000000440)='/dev/swradio#\x00', 0x1, 0x2)
r5 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$getflags(0xffffffffffffffff, 0x401)
accept4$tipc(0xffffffffffffffff, 0x0, &(0x7f0000000740), 0x800)
fcntl$getownex(r5, 0x10, 0x0)
getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900))
lstat(0x0, &(0x7f0000000c00))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000c80), &(0x7f0000000cc0)=0xc)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000480), &(0x7f0000001880)=0xc)
getgid()
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r6, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r7, &(0x7f0000000080)={0xa, 0x0, 0x2, @mcast2, 0x2}, 0x1c)

[  134.917813][ T3012] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  134.950903][ T3012] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  134.985732][ T7626] chnl_net:caif_netlink_parms(): no params data found
[  135.041378][ T7610] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  135.071224][ T7579] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  135.094083][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  135.158164][ T7579] 8021q: adding VLAN 0 to HW filter on device batadv0
[  135.188806][ T7686] 9pnet: bogus RWRITE count (2 > 1)
[  135.254188][ T7606] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  135.264547][ T7606] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  135.340152][ T7610] team0: Port device team_slave_0 added
19:58:33 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_dev$dmmidi(0x0, 0x2, 0x0)
getsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f0000000200), 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x11, &(0x7f0000000040), 0x4)
getpid()
r1 = getpid()
sched_setscheduler(r1, 0x5, &(0x7f0000000380))
getpgid(r1)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4cc74502f987c2cec6504df6ead74ed8a60ab563e98b4b2a3d27a708145a339bd57fba3da80b856445ab100621d6234555c08dc540473753cd89e9b08e3f5972fe9ca162b123e192e8c89c9dd81c796f27f537cc5a3fb54aff8eaff4f6b59c41705b9379079d0000000000000000000000000000008ce0891802ff9726e5d3ecfe2064c00c167a7c97"], 0x15)
r4 = dup(r3)
write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000400)='/dev/bt)\xe2\n\xac\x9d\x87\xd7\x15r\x16\x8b\x00', 0x40000, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})
setxattr$trusted_overlay_nlink(&(0x7f0000000180)='./file0\x00', &(0x7f0000000340)='trusted.overlay.nlink\x00', &(0x7f00000003c0)={'U+', 0x7}, 0x28, 0x0)
syz_open_dev$swradio(&(0x7f0000000440)='/dev/swradio#\x00', 0x1, 0x2)
r5 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$getflags(0xffffffffffffffff, 0x401)
accept4$tipc(0xffffffffffffffff, 0x0, &(0x7f0000000740), 0x800)
fcntl$getownex(r5, 0x10, 0x0)
getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900))
lstat(0x0, &(0x7f0000000c00))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000c80), &(0x7f0000000cc0)=0xc)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000480), &(0x7f0000001880)=0xc)
getgid()
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r6, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r7, &(0x7f0000000080)={0xa, 0x0, 0x2, @mcast2, 0x2}, 0x1c)

[  135.397751][ T7610] team0: Port device team_slave_1 added
[  135.421751][ T7626] bridge0: port 1(bridge_slave_0) entered blocking state
[  135.458636][ T7626] bridge0: port 1(bridge_slave_0) entered disabled state
[  135.496835][ T7626] device bridge_slave_0 entered promiscuous mode
[  135.541799][ T7655] chnl_net:caif_netlink_parms(): no params data found
[  135.571673][ T7626] bridge0: port 2(bridge_slave_1) entered blocking state
[  135.581785][ T7626] bridge0: port 2(bridge_slave_1) entered disabled state
[  135.611717][ T7626] device bridge_slave_1 entered promiscuous mode
[  135.670724][ T7610] device hsr_slave_0 entered promiscuous mode
[  135.688700][ T7610] device hsr_slave_1 entered promiscuous mode
[  135.750888][ T7610] debugfs: Directory 'hsr0' with parent '/' already present!
[  135.776113][ T7581] 8021q: adding VLAN 0 to HW filter on device bond0
[  135.846750][ T7581] 8021q: adding VLAN 0 to HW filter on device team0
[  135.912905][ T7606] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  135.932024][ T7606] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  135.936488][ T7709] 9pnet: bogus RWRITE count (2 > 1)
[  135.975158][ T7626] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  136.035864][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  136.061223][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  136.129790][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  136.136871][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
19:58:34 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_dev$dmmidi(0x0, 0x2, 0x0)
getsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f0000000200), 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x11, &(0x7f0000000040), 0x4)
getpid()
r1 = getpid()
sched_setscheduler(r1, 0x5, &(0x7f0000000380))
getpgid(r1)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4cc74502f987c2cec6504df6ead74ed8a60ab563e98b4b2a3d27a708145a339bd57fba3da80b856445ab100621d6234555c08dc540473753cd89e9b08e3f5972fe9ca162b123e192e8c89c9dd81c796f27f537cc5a3fb54aff8eaff4f6b59c41705b9379079d0000000000000000000000000000008ce0891802ff9726e5d3ecfe2064c00c167a7c97"], 0x15)
r4 = dup(r3)
write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000400)='/dev/bt)\xe2\n\xac\x9d\x87\xd7\x15r\x16\x8b\x00', 0x40000, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})
setxattr$trusted_overlay_nlink(&(0x7f0000000180)='./file0\x00', &(0x7f0000000340)='trusted.overlay.nlink\x00', &(0x7f00000003c0)={'U+', 0x7}, 0x28, 0x0)
syz_open_dev$swradio(&(0x7f0000000440)='/dev/swradio#\x00', 0x1, 0x2)
r5 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$getflags(0xffffffffffffffff, 0x401)
accept4$tipc(0xffffffffffffffff, 0x0, &(0x7f0000000740), 0x800)
fcntl$getownex(r5, 0x10, 0x0)
getresgid(0x0, &(0x7f00000008c0), &(0x7f0000000900))
lstat(0x0, &(0x7f0000000c00))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000c80), &(0x7f0000000cc0)=0xc)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000480), &(0x7f0000001880)=0xc)
getgid()
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r6, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r7, &(0x7f0000000080)={0xa, 0x0, 0x2, @mcast2, 0x2}, 0x1c)

[  136.188890][ T7715] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  136.258438][ T7715] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  136.261075][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  136.341939][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  136.352105][ T7715] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 not in group (block 0)!
[  136.418904][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  136.426030][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  136.431832][ T7715] EXT4-fs (loop1): group descriptors corrupted!
[  136.455368][ T7666] ==================================================================
[  136.463484][ T7666] BUG: KCSAN: data-race in pipe_wait / put_pipe_info
[  136.470316][ T7666] 
[  136.472637][ T7666] read to 0xffff88810521034c of 4 bytes by task 7667 on cpu 0:
[  136.480165][ T7666]  pipe_wait+0xd7/0x140
[  136.484317][ T7666]  pipe_read+0x3b1/0x5e0
[  136.488552][ T7666]  new_sync_read+0x389/0x4f0
[  136.493127][ T7666]  __vfs_read+0xb1/0xc0
[  136.497257][ T7666]  vfs_read+0x143/0x2c0
[  136.501389][ T7666]  ksys_read+0xd5/0x1b0
[  136.505521][ T7666]  __x64_sys_read+0x4c/0x60
[  136.510008][ T7666]  do_syscall_64+0xcc/0x370
[  136.514500][ T7666]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  136.520366][ T7666] 
[  136.522692][ T7666] write to 0xffff88810521034c of 4 bytes by task 7666 on cpu 1:
[  136.530307][ T7666]  put_pipe_info+0x4d/0xb0
[  136.534726][ T7666]  pipe_release+0x152/0x1b0
[  136.539210][ T7666]  __fput+0x1e1/0x520
[  136.543184][ T7666]  ____fput+0x1f/0x30
[  136.547145][ T7666]  task_work_run+0xf6/0x130
[  136.551632][ T7666]  exit_to_usermode_loop+0x2b4/0x2c0
[  136.556895][ T7666]  do_syscall_64+0x353/0x370
[  136.561466][ T7666]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  136.567328][ T7666] 
[  136.569635][ T7666] Reported by Kernel Concurrency Sanitizer on:
[  136.575784][ T7666] CPU: 1 PID: 7666 Comm: ps Not tainted 5.4.0-syzkaller #0
[  136.582965][ T7666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  136.593014][ T7666] ==================================================================
[  136.601228][ T7666] Kernel panic - not syncing: panic_on_warn set ...
[  136.607925][ T7666] CPU: 1 PID: 7666 Comm: ps Not tainted 5.4.0-syzkaller #0
[  136.615097][ T7666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  136.625142][ T7666] Call Trace:
[  136.628422][ T7666]  dump_stack+0x11d/0x181
[  136.632740][ T7666]  panic+0x210/0x640
[  136.636637][ T7666]  ? vprintk_func+0x8d/0x140
[  136.641218][ T7666]  kcsan_report.cold+0xc/0xd
[  136.645837][ T7666]  kcsan_setup_watchpoint+0x3fe/0x460
[  136.652170][ T7666]  __tsan_unaligned_write4+0xc4/0x100
[  136.657536][ T7666]  put_pipe_info+0x4d/0xb0
[  136.661948][ T7666]  pipe_release+0x152/0x1b0
[  136.666432][ T7666]  __fput+0x1e1/0x520
[  136.670401][ T7666]  ? put_pipe_info+0xb0/0xb0
[  136.674977][ T7666]  ____fput+0x1f/0x30
[  136.678946][ T7666]  task_work_run+0xf6/0x130
[  136.683434][ T7666]  exit_to_usermode_loop+0x2b4/0x2c0
[  136.688711][ T7666]  do_syscall_64+0x353/0x370
[  136.693292][ T7666]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  136.699163][ T7666] RIP: 0033:0x7f112547a2b0
[  136.703656][ T7666] Code: 40 75 0b 31 c0 48 83 c4 08 e9 0c ff ff ff 48 8d 3d c5 32 08 00 e8 c0 07 02 00 83 3d 45 a3 2b 00 00 75 10 b8 03 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 ce 8a 01 00 48 89 04 24
[  136.723338][ T7666] RSP: 002b:00007ffc2e7da288 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  136.731738][ T7666] RAX: 0000000000000000 RBX: 00007f112572f7a0 RCX: 00007f112547a2b0
[  136.739704][ T7666] RDX: 00007f1125730df0 RSI: 0000000000000001 RDI: 0000000000000001
[  136.747667][ T7666] RBP: 0000000000000000 R08: 00007f1125b73700 R09: 00007f1125b73700
[  136.755623][ T7666] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[  136.763579][ T7666] R13: 0000000000000001 R14: 0000000000ebc160 R15: 0000000000000000
[  136.772424][ T7666] Kernel Offset: disabled
[  136.776862][ T7666] Rebooting in 86400 seconds..