[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 35.150678][ T25] audit: type=1800 audit(1572773797.223:25): pid=7080 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2447 res=0 [ 35.170377][ T25] audit: type=1800 audit(1572773797.223:26): pid=7080 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 [ 35.190395][ T25] audit: type=1800 audit(1572773797.233:27): pid=7080 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.12' (ECDSA) to the list of known hosts. 2019/11/03 09:36:47 fuzzer started 2019/11/03 09:36:48 dialing manager at 10.128.0.105:43165 2019/11/03 09:36:49 syscalls: 2554 2019/11/03 09:36:49 code coverage: enabled 2019/11/03 09:36:49 comparison tracing: enabled 2019/11/03 09:36:49 extra coverage: extra coverage is not supported by the kernel 2019/11/03 09:36:49 setuid sandbox: enabled 2019/11/03 09:36:49 namespace sandbox: enabled 2019/11/03 09:36:49 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/03 09:36:49 fault injection: enabled 2019/11/03 09:36:49 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/03 09:36:49 net packet injection: enabled 2019/11/03 09:36:49 net device setup: enabled 2019/11/03 09:36:49 concurrency sanitizer: enabled 2019/11/03 09:36:55 adding functions to KCSAN blacklist: 'do_nanosleep' '__nf_conntrack_find_get' '__ext4_new_inode' 'ep_poll' 'update_defense_level' '__splice_from_pipe' 'tcp_add_backlog' 'rcu_gp_fqs_loop' 'snd_seq_check_queue' 'ktime_get_real_seconds' '__hrtimer_run_queues' '__tcp_select_window' 'run_timer_softirq' 'tcp_poll' 'generic_permission' '__nf_ct_refresh_acct' 'find_next_bit' 'tick_sched_do_timer' 'task_dump_owner' 'tomoyo_supervisor' 'taskstats_exit' 09:37:01 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000200)) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f00000001c0)) 09:37:02 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_pid(r1, &(0x7f0000000000), 0x10000000d) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) syzkaller login: [ 60.161732][ T7250] IPVS: ftp: loaded support on port[0] = 21 [ 60.321384][ T7252] IPVS: ftp: loaded support on port[0] = 21 [ 60.330703][ T7250] chnl_net:caif_netlink_parms(): no params data found 09:37:02 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000800)=@newsa={0x180, 0x10, 0x621, 0x0, 0x0, {{@in=@empty, @in6=@mcast1}, {@in6=@ipv4={[], [], @multicast1}, 0x0, 0x6c}, @in=@broadcast, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @algo_auth={0x48, 0x1, {{'sha256-avx\x00'}}}]}, 0x180}}, 0x0) [ 60.406970][ T7250] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.417211][ T7250] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.425725][ T7250] device bridge_slave_0 entered promiscuous mode [ 60.442294][ T7250] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.450384][ T7250] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.458871][ T7250] device bridge_slave_1 entered promiscuous mode [ 60.537481][ T7250] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.556415][ T7250] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.572781][ T7252] chnl_net:caif_netlink_parms(): no params data found [ 60.613492][ T7250] team0: Port device team_slave_0 added [ 60.620426][ T7250] team0: Port device team_slave_1 added [ 60.658993][ T7252] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.666567][ T7252] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.676645][ T7252] device bridge_slave_0 entered promiscuous mode 09:37:02 executing program 3: r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@mcast2, 0x800, 0x0, 0xff, 0x100000000000001}, 0x20) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x6}, 0x1c) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000080)={0x0, 0xffffffffffffff7c, &(0x7f00000bfff0)={&(0x7f0000006440)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}}, 0xb8}}, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000040)={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa4ffffff]}, 0x800, 0x0, 0xff, 0x2}, 0x20) [ 60.756220][ T7250] device hsr_slave_0 entered promiscuous mode [ 60.883482][ T7250] device hsr_slave_1 entered promiscuous mode 09:37:03 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="320000002f008163e4ff3b00005d2ef40801c7b1e12ed32a000000000b0f0000000078ac4cc91b4d08000000000000002b38", 0x32}], 0x1}, 0x0) [ 61.037945][ T7252] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.064976][ T7252] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.073548][ T7252] device bridge_slave_1 entered promiscuous mode [ 61.101412][ T7258] IPVS: ftp: loaded support on port[0] = 21 [ 61.124475][ T7256] IPVS: ftp: loaded support on port[0] = 21 [ 61.251503][ T7250] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.258736][ T7250] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.266172][ T7250] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.273283][ T7250] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.394185][ T7252] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.434815][ T7252] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.483001][ T3503] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.534911][ T3503] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.600862][ T7281] IPVS: ftp: loaded support on port[0] = 21 [ 61.649347][ T7252] team0: Port device team_slave_0 added [ 61.708093][ T7252] team0: Port device team_slave_1 added 09:37:04 executing program 5: r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) fcntl$setlease(r0, 0x400, 0x1) mkdir(&(0x7f0000000280)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) renameat2(r1, &(0x7f0000000440)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f0000000340)='./file0\x00', 0x2) [ 61.907916][ T7252] device hsr_slave_0 entered promiscuous mode [ 61.953454][ T7252] device hsr_slave_1 entered promiscuous mode [ 61.984736][ T7252] debugfs: Directory 'hsr0' with parent '/' already present! [ 61.996071][ T7250] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.073200][ T7250] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.096215][ T2826] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 62.114143][ T2826] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.217860][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 62.255436][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 62.295206][ T44] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.302369][ T44] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.355347][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 62.395426][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 62.435466][ T44] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.442547][ T44] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.585224][ T7256] chnl_net:caif_netlink_parms(): no params data found [ 62.619182][ T7275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 62.631825][ T7275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 62.684498][ T7275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 62.723545][ T7275] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 62.732987][ T7275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 62.824360][ T7275] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 62.882873][ T7250] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 62.898697][ T7299] IPVS: ftp: loaded support on port[0] = 21 [ 62.941168][ T7250] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 63.016972][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 63.046094][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 63.115274][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 63.155720][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 63.224312][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 63.287061][ T2826] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 63.296752][ T7258] chnl_net:caif_netlink_parms(): no params data found [ 63.328277][ T7281] chnl_net:caif_netlink_parms(): no params data found [ 63.600026][ T7250] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.674831][ T7256] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.681909][ T7256] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.753195][ T7256] device bridge_slave_0 entered promiscuous mode [ 63.796658][ T7281] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.813287][ T7281] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.856595][ T7281] device bridge_slave_0 entered promiscuous mode [ 63.914175][ T7256] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.921343][ T7256] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.994247][ T7256] device bridge_slave_1 entered promiscuous mode [ 64.006553][ T7281] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.043159][ T7281] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.063202][ T7281] device bridge_slave_1 entered promiscuous mode [ 64.196003][ T7258] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.203581][ T7258] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.211950][ T7258] device bridge_slave_0 entered promiscuous mode [ 64.262635][ T7252] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.329216][ T7256] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.381672][ T7281] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.420636][ T7258] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.444690][ T7258] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.475306][ T7258] device bridge_slave_1 entered promiscuous mode [ 64.517232][ T7256] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.540191][ T7281] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.578134][ T7275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 64.598249][ T7275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 09:37:06 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000200)) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f00000001c0)) [ 64.650314][ T7252] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.734390][ T7281] team0: Port device team_slave_0 added [ 64.796702][ T7258] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.829971][ T7256] team0: Port device team_slave_0 added [ 64.843157][ T7275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 64.851951][ T7275] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 64.869361][ T7275] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.876543][ T7275] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.901431][ T7275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 64.920301][ T7275] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 64.949119][ T7275] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.956274][ T7275] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.999104][ T7275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 65.019775][ T7275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 65.040355][ T7281] team0: Port device team_slave_1 added [ 65.059440][ T7258] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 65.088356][ T7256] team0: Port device team_slave_1 added [ 65.110946][ T7252] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 65.138005][ T7252] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network 09:37:07 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000200)) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f00000001c0)) [ 65.161772][ T2826] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 65.170575][ T2826] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 65.179512][ T2826] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 65.208214][ T2826] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 65.226906][ T2826] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 65.236974][ T2826] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 65.245652][ T2826] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 65.257734][ T2826] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 65.266311][ T2826] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 65.276199][ T2826] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 65.284635][ T2826] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 09:37:07 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000200)) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f00000001c0)) [ 65.366596][ T7256] device hsr_slave_0 entered promiscuous mode [ 65.413456][ T7256] device hsr_slave_1 entered promiscuous mode [ 65.463166][ T7256] debugfs: Directory 'hsr0' with parent '/' already present! [ 65.480842][ T7299] chnl_net:caif_netlink_parms(): no params data found [ 65.491559][ T7258] team0: Port device team_slave_0 added 09:37:07 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r2, 0x4, 0x2000) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) connect(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_MRT6_DEL_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd3, &(0x7f0000000180)={{0xa, 0x0, 0x80, @mcast1, 0x70000}, {0xa, 0x4e20, 0x0, @mcast1}, 0x0, [0x0, 0x0, 0x0, 0x24, 0x0, 0x8]}, 0x5c) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000013000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) [ 65.549989][ T7252] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.558932][ T7258] team0: Port device team_slave_1 added [ 65.636145][ T7281] device hsr_slave_0 entered promiscuous mode [ 65.673512][ T7281] device hsr_slave_1 entered promiscuous mode [ 65.718766][ T7362] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 65.743561][ T7281] debugfs: Directory 'hsr0' with parent '/' already present! [ 65.803468][ C0] hrtimer: interrupt took 32820 ns [ 66.016142][ T7258] device hsr_slave_0 entered promiscuous mode [ 66.050638][ T7362] ================================================================== [ 66.058763][ T7362] BUG: KCSAN: data-race in install_new_memslots / mmio_info_in_cache [ 66.066820][ T7362] [ 66.069151][ T7362] write to 0xffff8881018e0000 of 8 bytes by task 7365 on cpu 0: [ 66.076780][ T7362] install_new_memslots+0xef/0x130 [ 66.081890][ T7362] __kvm_set_memory_region+0xeea/0x1380 [ 66.087428][ T7362] kvm_set_memory_region+0x36/0x60 [ 66.092546][ T7362] kvm_vm_ioctl+0x6d0/0x1190 [ 66.097130][ T7362] do_vfs_ioctl+0x991/0xc60 [ 66.101645][ T7362] ksys_ioctl+0xbd/0xe0 [ 66.105812][ T7362] __x64_sys_ioctl+0x4c/0x60 [ 66.110412][ T7362] do_syscall_64+0xcc/0x370 [ 66.114934][ T7362] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 66.120808][ T7362] [ 66.123139][ T7362] read to 0xffff8881018e0000 of 8 bytes by task 7362 on cpu 1: [ 66.130689][ T7362] mmio_info_in_cache+0x13f/0x1e0 [ 66.135714][ T7362] kvm_mmu_page_fault+0x1b8/0xbc0 [ 66.140741][ T7362] handle_ept_misconfig+0xbf/0x1f0 [ 66.145848][ T7362] vmx_handle_exit+0x1c2/0xd60 [ 66.150605][ T7362] vcpu_enter_guest+0xc1f/0x3820 [ 66.155548][ T7362] kvm_arch_vcpu_ioctl_run+0x2a2/0xdc0 [ 66.161006][ T7362] kvm_vcpu_ioctl+0x752/0xa30 [ 66.165675][ T7362] do_vfs_ioctl+0x991/0xc60 [ 66.170176][ T7362] ksys_ioctl+0xbd/0xe0 [ 66.174335][ T7362] __x64_sys_ioctl+0x4c/0x60 [ 66.178941][ T7362] do_syscall_64+0xcc/0x370 [ 66.183443][ T7362] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 66.189315][ T7362] [ 66.191631][ T7362] Reported by Kernel Concurrency Sanitizer on: [ 66.197784][ T7362] CPU: 1 PID: 7362 Comm: syz-executor.0 Not tainted 5.4.0-rc3+ #0 [ 66.205581][ T7362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.215643][ T7362] ================================================================== [ 66.223696][ T7362] Kernel panic - not syncing: panic_on_warn set ... [ 66.230274][ T7362] CPU: 1 PID: 7362 Comm: syz-executor.0 Not tainted 5.4.0-rc3+ #0 [ 66.238063][ T7362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.248116][ T7362] Call Trace: [ 66.251412][ T7362] dump_stack+0xf5/0x159 [ 66.255653][ T7362] panic+0x210/0x640 [ 66.259605][ T7362] ? ksys_ioctl+0xbd/0xe0 [ 66.263940][ T7362] ? vprintk_func+0x8d/0x140 [ 66.268532][ T7362] kcsan_report.cold+0xc/0x10 [ 66.273214][ T7362] __kcsan_setup_watchpoint+0x32e/0x4a0 [ 66.278764][ T7362] __tsan_read8+0x2c/0x30 [ 66.283093][ T7362] mmio_info_in_cache+0x13f/0x1e0 [ 66.288120][ T7362] kvm_mmu_page_fault+0x1b8/0xbc0 [ 66.293153][ T7362] handle_ept_misconfig+0xbf/0x1f0 [ 66.298270][ T7362] ? handle_wbinvd+0x30/0x30 [ 66.302856][ T7362] vmx_handle_exit+0x1c2/0xd60 [ 66.307622][ T7362] vcpu_enter_guest+0xc1f/0x3820 [ 66.312562][ T7362] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 66.318241][ T7362] kvm_arch_vcpu_ioctl_run+0x2a2/0xdc0 [ 66.323697][ T7362] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 66.329586][ T7362] kvm_vcpu_ioctl+0x752/0xa30 [ 66.334263][ T7362] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 66.339903][ T7362] ? kvm_dev_ioctl+0xc40/0xc40 [ 66.344664][ T7362] do_vfs_ioctl+0x991/0xc60 [ 66.349164][ T7362] ? __tsan_read8+0x2c/0x30 [ 66.353663][ T7362] ksys_ioctl+0xbd/0xe0 [ 66.357816][ T7362] __x64_sys_ioctl+0x4c/0x60 [ 66.362405][ T7362] do_syscall_64+0xcc/0x370 [ 66.366908][ T7362] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 66.372795][ T7362] RIP: 0033:0x459f49 [ 66.376685][ T7362] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 66.396285][ T7362] RSP: 002b:00007fa6a902dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 66.404693][ T7362] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f49 [ 66.412669][ T7362] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 66.420631][ T7362] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 66.428598][ T7362] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa6a902e6d4 [ 66.436566][ T7362] R13: 00000000004c359a R14: 00000000004d7810 R15: 00000000ffffffff [ 66.445887][ T7362] Kernel Offset: disabled [ 66.450305][ T7362] Rebooting in 86400 seconds..