[   36.337206][   T26] audit: type=1800 audit(1572470495.417:24): pid=7175 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="sudo" dev="sda1" ino=2487 res=0
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c.
[   37.011730][   T26] audit: type=1800 audit(1572470496.177:25): pid=7175 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2447 res=0
[   37.049549][   T26] audit: type=1800 audit(1572470496.177:26): pid=7175 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.1.53' (ECDSA) to the list of known hosts.
2019/10/30 21:21:46 fuzzer started
2019/10/30 21:21:48 dialing manager at 10.128.0.105:37477
2019/10/30 21:21:50 syscalls: 2540
2019/10/30 21:21:50 code coverage: enabled
2019/10/30 21:21:50 comparison tracing: enabled
2019/10/30 21:21:50 extra coverage: extra coverage is not supported by the kernel
2019/10/30 21:21:50 setuid sandbox: enabled
2019/10/30 21:21:50 namespace sandbox: enabled
2019/10/30 21:21:50 Android sandbox: /sys/fs/selinux/policy does not exist
2019/10/30 21:21:50 fault injection: enabled
2019/10/30 21:21:50 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/10/30 21:21:50 net packet injection: enabled
2019/10/30 21:21:50 net device setup: enabled
2019/10/30 21:21:50 concurrency sanitizer: enabled
2019/10/30 21:21:59 adding functions to KCSAN blacklist: 'futex_wait_queue_me' 'pid_update_inode' 'blk_mq_sched_dispatch_requests' 'ext4_has_free_clusters' 'ktime_get_seconds' 'mod_timer' 'shmem_file_read_iter' 'update_defense_level' '__d_lookup_done' 'generic_fillattr' 'ext4_free_inode' 'tick_sched_do_timer' 'ktime_get_real_seconds' 'generic_permission' 'dd_has_work' 'run_timer_softirq' 'generic_write_end' 'echo_char' 'tomoyo_supervisor' 'tick_do_update_jiffies64' 'tick_nohz_idle_stop_tick' 'ep_poll' 'add_timer' '__tcp_select_window' 'find_next_bit' '__nf_conntrack_find_get' '__ext4_new_inode' 'rcu_gp_fqs_check_wake' 'tcp_add_backlog' '__nf_ct_refresh_acct' 'taskstats_exit' 'inode_permission' 'pipe_poll' 'timer_clear_idle' '__splice_from_pipe' 'do_nanosleep' 'tcp_poll' 'xas_clear_mark' 'p9_poll_workfn' 'blk_mq_dispatch_rq_list' '__hrtimer_run_queues' 'task_dump_owner' 
21:22:22 executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup2(r1, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
write$P9_RRENAMEAT(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
clock_getres(0x0, &(0x7f0000000000))
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000500)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r5, 0xae80, 0x0)

21:22:22 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/0\x00yFAtz\x9b\x88\xb3\x04\x04\xd7a<i^P\xd9\xf5\xaaV\x8a\xa4c\x1c\xdf\xafr\xa03?s\xde\xa2\r\xec\xe0;<V\xec\xd1\xe2B\x10RUr\x95Kk\x80e\xa9\xa6\xf6\x89v\xfa\x17?\xd7\xafb_\xf3\r_\x05\xdf\x021\x904\xb0\x85\x86\x8c\x96J\x8dI\x9d\xe3z\xf0\xf9\x95\x85*\xb0W|p\xd9\xd4\x9aO\x83Om\xa8\xd8E\xf8}\\z\xb7\x8c\xb6\a\xc1\x80\xebc:;p\xe3+~\x99F\xcft]Fz\xbe]\xc0f\x1f\xd3\t\x86ik~\xe0c\x98\xfd\xb1\xdf\xab\xde\xdc\xc6\x89sp\xca\xbc\xcf\xc4\x85\x04\xb1v\x96\x05>7\x1a\x86N\b\xb2h-ex\xb4\x13\x89\xc1\xc6_\xd9\xb3<^\xfe\b\x10\f\xad\xf6\xd6J\th\xeb;!o\xa2\xcf\xc18)\xa29\xca#9\xbc$\xfd\xef~\x12\x81\xd4\xc5~c\b\xb1\xb091\xbe\xe0%k\x83\xeen\xa6R\xab`:{\x97rg\xd3.\x13\x10\xaf]\xc1\xf7\xec\xcdz\xb2\x00W\xd5G\xff\x9c\xa4Z\xac\x85')
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0)
dup3(r1, r0, 0x0)

syzkaller login: [   83.782506][ T7343] IPVS: ftp: loaded support on port[0] = 21
[   83.915444][ T7345] IPVS: ftp: loaded support on port[0] = 21
[   83.923347][ T7343] chnl_net:caif_netlink_parms(): no params data found
[   83.980305][ T7343] bridge0: port 1(bridge_slave_0) entered blocking state
[   83.987458][ T7343] bridge0: port 1(bridge_slave_0) entered disabled state
[   83.995440][ T7343] device bridge_slave_0 entered promiscuous mode
[   84.009578][ T7343] bridge0: port 2(bridge_slave_1) entered blocking state
[   84.017576][ T7343] bridge0: port 2(bridge_slave_1) entered disabled state
[   84.025624][ T7343] device bridge_slave_1 entered promiscuous mode
21:22:23 executing program 2:
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5)
openat$null(0xffffffffffffff9c, &(0x7f0000000440)='/dev/null\x00', 0x0, 0x0)
setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x0, 0x0, 0x400000000000000]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[   84.061061][ T7343] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   84.073318][ T7343] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   84.105332][ T7343] team0: Port device team_slave_0 added
[   84.155974][ T7343] team0: Port device team_slave_1 added
[   84.214716][ T7345] chnl_net:caif_netlink_parms(): no params data found
[   84.269822][ T7343] device hsr_slave_0 entered promiscuous mode
[   84.297040][ T7343] device hsr_slave_1 entered promiscuous mode
21:22:23 executing program 3:
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00008feff0)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x4, 0x0, &(0x7f00008feff0)={&(0x7f0000000440)=ANY=[@ANYBLOB="020d0000100000000000000000000000030006000100000002000000e0000001000000f5000000000800120002000200000000000000000030006c0002ef0000ff3f567b000000200a0000c4bb152c000000000000000001020014bb00000000000000000000000003000500000000000200ed00e0f48049915ac7aa8ee1d3a9c9e1066814c34918a29ea4daf97c5d0d130afc5f5c91551b840df6c9fa5fb5f7258ce9695986226a112e6933c8579aca026c30c5398763867c40802d9b024a928c7e69bc002554fc4a90364deda1a5d70a7b50a11bbdc6c459561fd0d879a6bcf93796b2ea49654f080bb91f6ea02dad26a316f497d8822e4cf6f42506fcef6a6687f5f55fac59f9e350c51439650dcb9ec8af1a4eae0c9b62f9f8fa86e7cf88646c764ebf2c6f94bbc82bb7405c098cb7bc6d4ef52adf15e00b35902b891f421c332f31c2f5805bc0e77575eec4390b7b0de047f78d183b906b85f63239688e0774c003ff994e74df763c9d5fbdc59b17adc0fc73458d3abef0cba43d4510e3f1820717d1fdd239908a53530bf2205911ac8e76c4599429caf126c29ae87be52996fed8bcd6e0a84d70562102ed35ef272ccac5b5c0161598039c1ba68cd2cef220c2d8ae309e09741ee288edf58d2239818530a706860de4e84070897329f9a962c81e381bc2047cd992cde49e1f1be288de2205ba4763109b95ccb83e29d4c73cb02d978c4f086d068316b5c7bfe36afa7b11ef574d04c79edb3735cc8c7d67a1894eb9fc6c216c96916b0e526cf19557491cc1263ea445d4ca8586af000000000000000000"], 0x80}}, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
sendmmsg(r0, &(0x7f0000000180), 0x400024c, 0x0)

[   84.436239][ T7349] IPVS: ftp: loaded support on port[0] = 21
[   84.540473][ T7345] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.568197][ T7345] bridge0: port 1(bridge_slave_0) entered disabled state
[   84.626694][ T7345] device bridge_slave_0 entered promiscuous mode
[   84.643819][ T7345] bridge0: port 2(bridge_slave_1) entered blocking state
[   84.692023][ T7345] bridge0: port 2(bridge_slave_1) entered disabled state
[   84.717534][ T7345] device bridge_slave_1 entered promiscuous mode
[   84.790211][ T7345] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   84.811224][ T7343] bridge0: port 2(bridge_slave_1) entered blocking state
[   84.818339][ T7343] bridge0: port 2(bridge_slave_1) entered forwarding state
[   84.825661][ T7343] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.833092][ T7343] bridge0: port 1(bridge_slave_0) entered forwarding state
[   84.924507][ T7370] IPVS: ftp: loaded support on port[0] = 21
[   84.944401][   T44] bridge0: port 1(bridge_slave_0) entered disabled state
[   84.978533][   T44] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.013791][ T7345] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   85.124961][ T7345] team0: Port device team_slave_0 added
[   85.227771][ T7345] team0: Port device team_slave_1 added
[   85.301404][ T7343] 8021q: adding VLAN 0 to HW filter on device bond0
21:22:24 executing program 4:
r0 = socket$inet6(0xa, 0x803, 0x2)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x7}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in=@loopback, @in, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x80000000000001}, {{@in6=@empty, 0x0, 0x6c}, 0x0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x4, 0x0, 0x2}}, 0xe8)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000008440)=[{{0x0, 0x1aa, 0x0}}], 0x400000000000107, 0x0)

[   85.421493][ T7345] device hsr_slave_0 entered promiscuous mode
[   85.477058][ T7345] device hsr_slave_1 entered promiscuous mode
[   85.526774][ T7345] debugfs: Directory 'hsr0' with parent '/' already present!
[   85.539562][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   85.567544][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   85.607296][ T7349] chnl_net:caif_netlink_parms(): no params data found
[   85.619492][ T7343] 8021q: adding VLAN 0 to HW filter on device team0
[   85.747793][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   85.781213][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   85.823043][   T17] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.830225][   T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[   85.887522][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   85.920682][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   85.957573][   T17] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.964645][   T17] bridge0: port 2(bridge_slave_1) entered forwarding state
[   86.017357][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   86.139178][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   86.171131][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   86.227577][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   86.297855][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   86.360651][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   86.400580][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   86.457640][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   86.506667][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   86.515658][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   86.575759][ T7383] IPVS: ftp: loaded support on port[0] = 21
[   86.585556][ T7370] chnl_net:caif_netlink_parms(): no params data found
[   86.627436][ T7343] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   86.667265][ T3005] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   86.679482][ T7349] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.686546][ T7349] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.747663][ T7349] device bridge_slave_0 entered promiscuous mode
21:22:26 executing program 5:
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000480)='/proc/sys/net/ipv4/vs/sync_version\x00', 0x2, 0x0)
write$cgroup_pid(r0, &(0x7f00000036c0), 0x12)

[   86.894619][ T7349] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.939856][ T7349] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.968999][ T7349] device bridge_slave_1 entered promiscuous mode
[   87.135166][ T7343] 8021q: adding VLAN 0 to HW filter on device batadv0
[   87.244157][ T7349] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   87.292610][ T7370] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.309537][ T7370] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.363136][ T7370] device bridge_slave_0 entered promiscuous mode
[   87.401142][ T7349] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   87.424922][ T7370] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.445994][ T7370] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.477681][ T7370] device bridge_slave_1 entered promiscuous mode
[   87.536329][ T7412] IPVS: ftp: loaded support on port[0] = 21
[   87.550151][ T7345] 8021q: adding VLAN 0 to HW filter on device bond0
[   87.721525][ T7349] team0: Port device team_slave_0 added
[   87.751061][ T7370] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   87.804283][ T7349] team0: Port device team_slave_1 added
[   87.816673][ T7370] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   87.827889][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   87.832462][ T7417] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   87.835799][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   87.972835][ T7345] 8021q: adding VLAN 0 to HW filter on device team0
[   88.066927][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   88.079227][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
21:22:27 executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup2(r1, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
write$P9_RRENAMEAT(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
clock_getres(0x0, &(0x7f0000000000))
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000500)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r5, 0xae80, 0x0)

[   88.117579][ T3505] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.124996][ T3505] bridge0: port 1(bridge_slave_0) entered forwarding state
[   88.263297][ T7349] device hsr_slave_0 entered promiscuous mode
[   88.349991][ T7349] device hsr_slave_1 entered promiscuous mode
[   88.399463][ T7349] debugfs: Directory 'hsr0' with parent '/' already present!
[   88.420398][ T3010] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   88.447890][ T7370] team0: Port device team_slave_0 added
[   88.455576][ T7370] team0: Port device team_slave_1 added
[   88.526514][ T7345] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   88.566698][ T7345] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   88.608829][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   88.622418][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   88.655881][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.663069][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   88.704109][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   88.758211][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   88.798201][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   88.820035][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   88.851780][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   88.895572][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   88.937951][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   88.970789][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   89.011582][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   89.020592][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   89.051042][ T7383] chnl_net:caif_netlink_parms(): no params data found
[   89.117050][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   89.135471][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   89.349873][ T7370] device hsr_slave_0 entered promiscuous mode
[   89.387017][ T7370] device hsr_slave_1 entered promiscuous mode
[   89.416674][ T7370] debugfs: Directory 'hsr0' with parent '/' already present!
[   89.427028][ T7345] 8021q: adding VLAN 0 to HW filter on device batadv0
[   89.499432][ T7412] chnl_net:caif_netlink_parms(): no params data found
21:22:28 executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup2(r1, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
write$P9_RRENAMEAT(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
clock_getres(0x0, &(0x7f0000000000))
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000500)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r5, 0xae80, 0x0)

[   89.654515][ T7383] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.672643][ T7383] bridge0: port 1(bridge_slave_0) entered disabled state
[   89.723607][ T7383] device bridge_slave_0 entered promiscuous mode
[   89.954306][ T7383] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.970779][ T7383] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.022666][ T7383] device bridge_slave_1 entered promiscuous mode
[   90.145762][ T7412] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.190464][ T7412] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.271091][ T7412] device bridge_slave_0 entered promiscuous mode
[   90.393076][ T7383] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   90.542950][ T7412] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.556716][ T7412] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.565023][ T7412] device bridge_slave_1 entered promiscuous mode
[   90.689526][ T7383] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   90.814182][ T7412] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   90.989021][ T7412] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   91.100806][ T7383] team0: Port device team_slave_0 added
[   91.121822][ T7349] 8021q: adding VLAN 0 to HW filter on device bond0
[   91.167152][ T7412] team0: Port device team_slave_0 added
[   91.174979][ T7383] team0: Port device team_slave_1 added
[   91.204146][ T7370] 8021q: adding VLAN 0 to HW filter on device bond0
[   91.263294][ T7412] team0: Port device team_slave_1 added
[   91.294683][ T7349] 8021q: adding VLAN 0 to HW filter on device team0
[   91.366086][ T7370] 8021q: adding VLAN 0 to HW filter on device team0
[   91.414942][ T3005] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   91.452665][ T3005] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   91.517487][ T3005] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   91.571752][ T3005] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   91.719740][ T7412] device hsr_slave_0 entered promiscuous mode
[   91.797040][ T7412] device hsr_slave_1 entered promiscuous mode
[   91.846696][ T7412] debugfs: Directory 'hsr0' with parent '/' already present!
[   91.911821][ T3005] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   91.957349][ T3005] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   91.976894][ T3005] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.986642][ T3005] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.996435][ T3005] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
21:22:31 executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup2(r1, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
write$P9_RRENAMEAT(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
clock_getres(0x0, &(0x7f0000000000))
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000500)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r5, 0xae80, 0x0)

21:22:31 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/0\x00yFAtz\x9b\x88\xb3\x04\x04\xd7a<i^P\xd9\xf5\xaaV\x8a\xa4c\x1c\xdf\xafr\xa03?s\xde\xa2\r\xec\xe0;<V\xec\xd1\xe2B\x10RUr\x95Kk\x80e\xa9\xa6\xf6\x89v\xfa\x17?\xd7\xafb_\xf3\r_\x05\xdf\x021\x904\xb0\x85\x86\x8c\x96J\x8dI\x9d\xe3z\xf0\xf9\x95\x85*\xb0W|p\xd9\xd4\x9aO\x83Om\xa8\xd8E\xf8}\\z\xb7\x8c\xb6\a\xc1\x80\xebc:;p\xe3+~\x99F\xcft]Fz\xbe]\xc0f\x1f\xd3\t\x86ik~\xe0c\x98\xfd\xb1\xdf\xab\xde\xdc\xc6\x89sp\xca\xbc\xcf\xc4\x85\x04\xb1v\x96\x05>7\x1a\x86N\b\xb2h-ex\xb4\x13\x89\xc1\xc6_\xd9\xb3<^\xfe\b\x10\f\xad\xf6\xd6J\th\xeb;!o\xa2\xcf\xc18)\xa29\xca#9\xbc$\xfd\xef~\x12\x81\xd4\xc5~c\b\xb1\xb091\xbe\xe0%k\x83\xeen\xa6R\xab`:{\x97rg\xd3.\x13\x10\xaf]\xc1\xf7\xec\xcdz\xb2\x00W\xd5G\xff\x9c\xa4Z\xac\x85')
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0)
dup3(r1, r0, 0x0)

[   92.010471][ T3005] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   92.021424][ T3005] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.028723][ T3005] bridge0: port 1(bridge_slave_0) entered forwarding state
[   92.110133][ T3005] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   92.131019][ T3005] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   92.203040][ T3005] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.213785][ T3005] bridge0: port 2(bridge_slave_1) entered forwarding state
[   92.346161][ T3005] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   92.445423][ T3005] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   92.527346][ T3005] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.534674][ T3005] bridge0: port 2(bridge_slave_1) entered forwarding state
[   92.618170][ T3005] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   92.677865][ T3005] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   92.739538][ T3005] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   92.789801][ T3005] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   92.831025][ T3005] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   92.887506][ T3005] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   92.969958][ T7383] device hsr_slave_0 entered promiscuous mode
[   93.037043][ T7383] device hsr_slave_1 entered promiscuous mode
[   93.067148][ T7383] debugfs: Directory 'hsr0' with parent '/' already present!
[   93.101785][ T3005] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   93.148727][ T3005] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   93.200195][ T3005] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   93.270753][ T3005] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   93.365583][ T7370] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   93.474296][ T7370] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   93.577146][ T3010] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   93.585720][ T3010] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   93.677902][ T3010] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   93.733653][ T3010] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   93.791607][ T3010] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   93.894675][ T3010] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   93.917589][ T3010] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   93.973702][ T3010] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   94.003911][ T7534] ==================================================================
[   94.012130][ T7534] BUG: KCSAN: data-race in __rb_rotate_set_parents / vm_area_dup
[   94.019928][ T7534] 
[   94.022298][ T7534] write to 0xffff888124df7508 of 8 bytes by task 7533 on cpu 1:
[   94.030565][ T7534]  __rb_rotate_set_parents+0x5c/0xf0
[   94.036811][ T7534]  __rb_insert_augmented+0x109/0x370
[   94.042283][ T7534]  vma_interval_tree_insert_after+0x14b/0x170
[   94.049502][ T7534]  dup_mm+0x53e/0xba0
[   94.053575][ T7534]  copy_process+0x36f3/0x3b50
[   94.058253][ T7534]  _do_fork+0xfe/0x6e0
[   94.062329][ T7534]  __x64_sys_clone+0x12b/0x160
[   94.067617][ T7534]  do_syscall_64+0xcc/0x370
[   94.072384][ T7534]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   94.078858][ T7534] 
[   94.081208][ T7534] read to 0xffff888124df74b0 of 200 bytes by task 7534 on cpu 0:
[   94.090158][ T7534]  vm_area_dup+0x70/0xf0
[   94.094498][ T7534]  dup_mm+0x330/0xba0
[   94.098995][ T7534]  copy_process+0x36f3/0x3b50
[   94.104483][ T7534]  _do_fork+0xfe/0x6e0
[   94.109198][ T7534]  __x64_sys_clone+0x12b/0x160
[   94.113968][ T7534]  do_syscall_64+0xcc/0x370
[   94.118883][ T7534]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   94.125732][ T7534] 
[   94.128065][ T7534] Reported by Kernel Concurrency Sanitizer on:
[   94.134424][ T7534] CPU: 0 PID: 7534 Comm: net.agent Not tainted 5.4.0-rc3+ #0
[   94.142580][ T7534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   94.154884][ T7534] ==================================================================
[   94.166752][ T7534] Kernel panic - not syncing: panic_on_warn set ...
[   94.175789][ T7534] CPU: 0 PID: 7534 Comm: net.agent Not tainted 5.4.0-rc3+ #0
[   94.183260][ T7534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   94.194298][ T7534] Call Trace:
[   94.197596][ T7534]  dump_stack+0xf5/0x159
[   94.202189][ T7534]  panic+0x210/0x640
[   94.206193][ T7534]  ? vprintk_func+0x8d/0x140
[   94.211316][ T7534]  kcsan_report.cold+0xc/0x10
[   94.216120][ T7534]  __kcsan_setup_watchpoint+0x32e/0x4a0
[   94.221669][ T7534]  ? __kcsan_setup_watchpoint+0x6b/0x4a0
[   94.227312][ T7534]  __tsan_read_range+0x2c/0x40
[   94.232205][ T7534]  vm_area_dup+0x70/0xf0
[   94.236455][ T7534]  dup_mm+0x330/0xba0
[   94.240449][ T7534]  copy_process+0x36f3/0x3b50
[   94.245123][ T7534]  ? __tsan_read4+0x2c/0x30
[   94.249944][ T7534]  _do_fork+0xfe/0x6e0
[   94.254455][ T7534]  ? __kcsan_setup_watchpoint+0x6b/0x4a0
[   94.260345][ T7534]  ? __kcsan_setup_watchpoint+0x6b/0x4a0
[   94.266051][ T7534]  __x64_sys_clone+0x12b/0x160
[   94.271535][ T7534]  do_syscall_64+0xcc/0x370
[   94.276554][ T7534]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   94.282444][ T7534] RIP: 0033:0x7ff11f684f46
[   94.287658][ T7534] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 14 25 10 00 00 00 31 d2 49 81 c2 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 31 01 00 00 85 c0 41 89 c4 0f 85 3b 01 00
[   94.309070][ T7534] RSP: 002b:00007ffebe5b6440 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[   94.319002][ T7534] RAX: ffffffffffffffda RBX: 00007ffebe5b6440 RCX: 00007ff11f684f46
[   94.327783][ T7534] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[   94.336447][ T7534] RBP: 00007ffebe5b6480 R08: 0000000000001d6e R09: 0000000000001d6e
[   94.346154][ T7534] R10: 00007ff11fb7b9d0 R11: 0000000000000246 R12: 0000000000000000
[   94.356597][ T7534] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   94.367814][ T7534] Kernel Offset: disabled
[   94.375052][ T7534] Rebooting in 86400 seconds..