Warning: Permanently added '[localhost]:25378' (ECDSA) to the list of known hosts. syzkaller login: [ 101.935445][ T48] kauditd_printk_skb: 7 callbacks suppressed [ 101.935456][ T48] audit: type=1400 audit(1605122659.846:42): avc: denied { map } for pid=9685 comm="syz-fuzzer" path="/syz-fuzzer" dev="sda1" ino=16526 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 2020/11/11 19:24:19 fuzzer started 2020/11/11 19:24:20 dialing manager at 10.0.2.10:37439 2020/11/11 19:24:20 syscalls: 3476 2020/11/11 19:24:20 code coverage: enabled 2020/11/11 19:24:20 comparison tracing: enabled 2020/11/11 19:24:20 extra coverage: enabled 2020/11/11 19:24:20 setuid sandbox: enabled 2020/11/11 19:24:20 namespace sandbox: enabled 2020/11/11 19:24:20 Android sandbox: /sys/fs/selinux/policy does not exist 2020/11/11 19:24:20 fault injection: enabled 2020/11/11 19:24:20 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/11/11 19:24:20 net packet injection: enabled 2020/11/11 19:24:20 net device setup: enabled 2020/11/11 19:24:20 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/11/11 19:24:20 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/11/11 19:24:20 USB emulation: enabled 2020/11/11 19:24:20 hci packet injection: enabled 2020/11/11 19:24:20 wifi device emulation: enabled [ 102.623807][ T48] audit: type=1400 audit(1605122660.536:43): avc: denied { integrity } for pid=9700 comm="syz-executor" lockdown_reason="debugfs access" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1 19:25:30 executing program 0: socket(0x1e, 0x0, 0x9) [ 173.036060][ T48] audit: type=1400 audit(1605122730.946:44): avc: denied { map } for pid=9707 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=23656 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 19:25:31 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x0, 0x0) ioctl$SOUND_MIXER_WRITE_VOLUME(r0, 0xc0044d19, &(0x7f0000000000)) 19:25:31 executing program 2: r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/pid\x00') ioctl$NS_GET_USERNS(r0, 0xb701, 0x0) ioctl$NS_GET_USERNS(r0, 0xb701, 0x0) 19:25:31 executing program 3: r0 = socket$l2tp(0x2, 0x2, 0x73) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000001a80)={'wlan1\x00'}) [ 174.311508][ T9708] IPVS: ftp: loaded support on port[0] = 21 [ 174.429135][ T9708] chnl_net:caif_netlink_parms(): no params data found [ 174.501036][ T9708] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.512549][ T9708] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.525869][ T9708] device bridge_slave_0 entered promiscuous mode [ 174.542228][ T9708] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.556128][ T9708] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.570126][ T9708] device bridge_slave_1 entered promiscuous mode [ 174.602855][ T9708] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 174.618653][ T9708] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 174.639536][ T9710] IPVS: ftp: loaded support on port[0] = 21 [ 174.648606][ T9708] team0: Port device team_slave_0 added [ 174.660535][ T9708] team0: Port device team_slave_1 added [ 174.687440][ T9708] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 174.697101][ T9708] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 174.732431][ T9708] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 174.753661][ T9708] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 174.763120][ T9708] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 174.803449][ T9708] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 174.849652][ T9712] IPVS: ftp: loaded support on port[0] = 21 [ 174.861363][ T9708] device hsr_slave_0 entered promiscuous mode [ 174.875835][ T9708] device hsr_slave_1 entered promiscuous mode [ 174.965419][ T9714] IPVS: ftp: loaded support on port[0] = 21 [ 175.155163][ T9710] chnl_net:caif_netlink_parms(): no params data found [ 175.312280][ T9710] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.323906][ T9710] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.335292][ T9710] device bridge_slave_0 entered promiscuous mode [ 175.358430][ T48] audit: type=1400 audit(1605122733.276:45): avc: denied { create } for pid=9708 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 175.366166][ T9710] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.399351][ T48] audit: type=1400 audit(1605122733.276:46): avc: denied { write } for pid=9708 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 175.399372][ T48] audit: type=1400 audit(1605122733.276:47): avc: denied { read } for pid=9708 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 175.470879][ T9710] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.483246][ T9710] device bridge_slave_1 entered promiscuous mode [ 175.500377][ T9708] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 175.516232][ T9712] chnl_net:caif_netlink_parms(): no params data found [ 175.545433][ T9708] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 175.580671][ T9710] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 175.591486][ T9708] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 175.616556][ T9710] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 175.631842][ T9708] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 175.662974][ T9710] team0: Port device team_slave_0 added [ 175.670314][ T9714] chnl_net:caif_netlink_parms(): no params data found [ 175.691000][ T9710] team0: Port device team_slave_1 added [ 175.757489][ T9710] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 175.766052][ T9710] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 175.797901][ T9710] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 175.813939][ T9710] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 175.822258][ T9710] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 175.852957][ T9710] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 175.874113][ T9712] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.883833][ T9712] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.896389][ T9712] device bridge_slave_0 entered promiscuous mode [ 175.912668][ T9712] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.921596][ T9712] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.934726][ T9712] device bridge_slave_1 entered promiscuous mode [ 175.987455][ T9714] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.996153][ T9714] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.006042][ T9714] device bridge_slave_0 entered promiscuous mode [ 176.017996][ T9710] device hsr_slave_0 entered promiscuous mode [ 176.032020][ T9710] device hsr_slave_1 entered promiscuous mode [ 176.042852][ T9710] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 176.054740][ T9710] Cannot create hsr debugfs directory [ 176.068146][ T9712] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 176.086374][ T9712] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 176.162697][ T9714] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.183055][ T9714] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.202593][ T9714] device bridge_slave_1 entered promiscuous mode [ 176.235571][ T9714] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 176.256010][ T9714] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 176.295673][ T9712] team0: Port device team_slave_0 added [ 176.317923][ T3476] Bluetooth: hci0: command 0x0409 tx timeout [ 176.328144][ T9712] team0: Port device team_slave_1 added [ 176.351403][ T9714] team0: Port device team_slave_0 added [ 176.363328][ T9714] team0: Port device team_slave_1 added [ 176.371093][ T9712] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 176.379203][ T9712] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 176.410580][ T9712] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 176.429532][ T9712] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 176.438409][ T9712] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 176.470783][ T9712] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 176.505667][ T9714] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 176.515069][ T9714] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 176.547249][ T9714] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 176.582514][ T9714] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 176.591397][ T9714] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 176.625344][ T9714] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 176.638385][ T3753] Bluetooth: hci1: command 0x0409 tx timeout [ 176.661316][ T9712] device hsr_slave_0 entered promiscuous mode [ 176.669817][ T9712] device hsr_slave_1 entered promiscuous mode [ 176.678463][ T9712] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 176.687348][ T9712] Cannot create hsr debugfs directory [ 176.761894][ T9714] device hsr_slave_0 entered promiscuous mode [ 176.770760][ T9714] device hsr_slave_1 entered promiscuous mode [ 176.779169][ T9714] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 176.790595][ T9714] Cannot create hsr debugfs directory [ 176.807677][ T46] Bluetooth: hci2: command 0x0409 tx timeout [ 176.840940][ T9710] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 176.866545][ T9710] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 176.878671][ T9710] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 176.899215][ T9710] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 176.965381][ T9708] 8021q: adding VLAN 0 to HW filter on device bond0 [ 176.967150][ T3476] Bluetooth: hci3: command 0x0409 tx timeout [ 177.036294][ T3333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 177.047718][ T3333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 177.068638][ T9708] 8021q: adding VLAN 0 to HW filter on device team0 [ 177.080883][ T9712] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 177.096220][ T9712] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 177.135009][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 177.164928][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 177.186746][ T3476] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.198710][ T3476] bridge0: port 1(bridge_slave_0) entered forwarding state [ 177.221053][ T9712] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 177.238241][ T9712] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 177.253009][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 177.288514][ T9732] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 177.302204][ T9732] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 177.315825][ T9732] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.325293][ T9732] bridge0: port 2(bridge_slave_1) entered forwarding state [ 177.337123][ T9732] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 177.352366][ T9714] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 177.366712][ T9732] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 177.377381][ T9714] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 177.389339][ T9714] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 177.400496][ T9714] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 177.418832][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 177.428877][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 177.466163][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 177.481755][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 177.534418][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 177.561689][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 177.573772][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 177.586163][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 177.597081][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 177.645424][ T9710] 8021q: adding VLAN 0 to HW filter on device bond0 [ 177.678895][ T3071] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 177.690660][ T3071] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 177.703761][ T3071] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 177.717649][ T3071] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 177.740833][ T9708] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 177.752968][ T9710] 8021q: adding VLAN 0 to HW filter on device team0 [ 177.771140][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 177.781953][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 177.793456][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.803165][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 177.814485][ T9744] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 177.837470][ T3071] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 177.850505][ T3071] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 177.868313][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 177.878950][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 177.889882][ T34] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.899913][ T34] bridge0: port 2(bridge_slave_1) entered forwarding state [ 177.910853][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 177.937257][ T9712] 8021q: adding VLAN 0 to HW filter on device bond0 [ 177.958514][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 177.971567][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 177.982766][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 177.993595][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 178.016663][ T9714] 8021q: adding VLAN 0 to HW filter on device bond0 [ 178.044715][ T9732] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 178.055983][ T9732] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 178.084125][ T9712] 8021q: adding VLAN 0 to HW filter on device team0 [ 178.094620][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 178.104656][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 178.114550][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 178.127452][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 178.139507][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 178.148990][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 178.167308][ T9708] device veth0_vlan entered promiscuous mode [ 178.179022][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 178.190355][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 178.209118][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 178.220278][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 178.231474][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 178.245164][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 178.263931][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.281096][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 178.293529][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 178.309077][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 178.321663][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 178.341473][ T9714] 8021q: adding VLAN 0 to HW filter on device team0 [ 178.360192][ T9710] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 178.399949][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 178.403115][ T9732] Bluetooth: hci0: command 0x041b tx timeout [ 178.432009][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 178.474730][ T3753] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.498801][ T3753] bridge0: port 2(bridge_slave_1) entered forwarding state [ 178.521399][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 178.538733][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 178.553072][ T3753] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.565888][ T3753] bridge0: port 1(bridge_slave_0) entered forwarding state [ 178.588851][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 178.604996][ T9708] device veth1_vlan entered promiscuous mode [ 178.629864][ T9744] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 178.639949][ T9744] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 178.649849][ T9744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 178.659877][ T9744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 178.672084][ T9744] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 178.685516][ T9744] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.699437][ T9744] bridge0: port 2(bridge_slave_1) entered forwarding state [ 178.709498][ T9744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 178.717296][ T9732] Bluetooth: hci1: command 0x041b tx timeout [ 178.720402][ T9744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 178.764540][ T9712] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 178.779082][ T9712] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 178.802309][ T3333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 178.815670][ T3333] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 178.830289][ T3333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 178.841603][ T3333] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 178.852127][ T3333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 178.862839][ T3333] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 178.877186][ T3071] Bluetooth: hci2: command 0x041b tx timeout [ 178.880468][ T3333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 178.908608][ T3333] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 178.945581][ T3333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 178.959989][ T3333] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 178.976704][ T3333] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 179.029150][ T9710] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 179.037843][ T9732] Bluetooth: hci3: command 0x041b tx timeout [ 179.098424][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 179.099647][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 179.141464][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 179.161127][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 179.174337][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 179.186534][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 179.202851][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 179.217469][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 179.232051][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 179.258414][ T9714] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 179.273838][ T9714] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 179.292657][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 179.304488][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 179.317453][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 179.328182][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 179.340243][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 179.375159][ T9712] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 179.401921][ T3071] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 179.428986][ T3071] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 179.443461][ T3071] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 179.458853][ T3071] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 179.482449][ T9710] device veth0_vlan entered promiscuous mode [ 179.494961][ T9708] device veth0_macvtap entered promiscuous mode [ 179.516436][ T9708] device veth1_macvtap entered promiscuous mode [ 179.529376][ T9744] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 179.543786][ T9744] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 179.557588][ T9744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 179.569577][ T9744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 179.580530][ T9744] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 179.591399][ T9744] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 179.613051][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 179.623618][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 179.641805][ T9710] device veth1_vlan entered promiscuous mode [ 179.660157][ T9714] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 179.678515][ T9708] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 179.693560][ T9708] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 179.709111][ T3333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 179.721631][ T3333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 179.732664][ T3333] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 179.744542][ T3333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 179.757615][ T3333] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 179.770692][ T3333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 179.793273][ T9708] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.807724][ T9708] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.819328][ T9708] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.832937][ T9708] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.870752][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 179.881597][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 179.894208][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 179.907624][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 179.920814][ T9712] device veth0_vlan entered promiscuous mode [ 179.961105][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 179.987656][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 180.003804][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 180.016307][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 180.038305][ T9712] device veth1_vlan entered promiscuous mode [ 180.051608][ T9710] device veth0_macvtap entered promiscuous mode [ 180.098610][ T9710] device veth1_macvtap entered promiscuous mode [ 180.129407][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 180.141694][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 180.159960][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 180.176333][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 180.189422][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 180.202892][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 180.224395][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 180.236063][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 180.251969][ T9714] device veth0_vlan entered promiscuous mode [ 180.282579][ T9740] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 180.294929][ T9740] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 180.296271][ T9710] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 180.338470][ T9710] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 180.356765][ T9710] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 180.375955][ T9710] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 180.394839][ T9710] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 180.414351][ T9710] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 180.440088][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 180.458389][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 180.477940][ T28] Bluetooth: hci0: command 0x040f tx timeout [ 180.478828][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 180.519373][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 180.546437][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 180.564492][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 180.578005][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 180.600243][ T9714] device veth1_vlan entered promiscuous mode [ 180.630837][ T9712] device veth0_macvtap entered promiscuous mode [ 180.650724][ T9710] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 180.662287][ T9710] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 180.673778][ T9710] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 180.687805][ T9710] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 180.703331][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 180.718289][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 180.729219][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 180.747460][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 180.749349][ T9712] device veth1_macvtap entered promiscuous mode [ 180.762273][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 180.788431][ T9712] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 180.797311][ T9732] Bluetooth: hci1: command 0x040f tx timeout [ 180.812440][ T9712] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 180.850013][ T9712] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 180.875252][ T9712] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 180.893393][ T9712] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 180.918731][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 180.931989][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 180.943864][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 180.972799][ T3476] Bluetooth: hci2: command 0x040f tx timeout [ 180.976233][ T48] audit: type=1400 audit(1605122738.886:48): avc: denied { associate } for pid=9708 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 181.043814][ T9712] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 181.060145][ T9712] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 181.072640][ T9712] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 181.087135][ T9712] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 181.103170][ T9712] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 181.124008][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 181.137340][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 181.151680][ T9708] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 181.157550][ T9714] device veth0_macvtap entered promiscuous mode [ 181.184692][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 181.223314][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 181.245290][ T28] Bluetooth: hci3: command 0x040f tx timeout [ 181.249836][ T9712] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 181.269531][ T9712] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 19:25:39 executing program 0: shmget$private(0x0, 0x3000, 0x1001, &(0x7f0000ffa000/0x3000)=nil) [ 181.292022][ T9712] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 181.314267][ T9712] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 181.337298][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready 19:25:39 executing program 0: openat$pfkey(0xffffffffffffff9c, &(0x7f0000000380)='/proc/self/net/pfkey\x00', 0x90800, 0x0) [ 181.368920][ T9714] device veth1_macvtap entered promiscuous mode 19:25:39 executing program 0: syz_open_dev$vim2m(&(0x7f0000000240)='/dev/video#\x00', 0x0, 0x2) [ 181.442532][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 181.460995][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 181.475402][ T9714] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 19:25:39 executing program 0: ioctl$SNDCTL_SEQ_NRMIDIS(0xffffffffffffffff, 0x8004510b, 0x0) [ 181.490377][ T9714] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 181.502044][ T9714] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 19:25:39 executing program 0: shmget(0x0, 0x2000, 0x0, &(0x7f0000ffd000/0x2000)=nil) [ 181.513929][ T9714] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 181.525821][ T9714] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 181.538716][ T9714] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 181.556039][ T9714] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 181.567743][ T9744] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 181.578189][ T9744] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 181.587765][ T9744] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 181.599570][ T9744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 181.630889][ T9714] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 181.647034][ T9714] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 181.666998][ T9714] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 181.683554][ T9714] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 181.700440][ T9714] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 181.720378][ T9714] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 181.736275][ T9714] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 181.756146][ T2956] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 181.756307][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 181.775963][ T2956] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 181.783733][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 181.804550][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 181.825236][ T9714] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 181.843521][ T9714] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 181.878423][ T9714] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 181.899426][ T9714] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 181.950440][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 181.966637][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 181.988729][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 182.018203][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 182.031252][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 19:25:39 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={0x0}}, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f00000005c0)='TIPC\x00') [ 182.051098][ T9744] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 182.075897][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 182.093926][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 182.116092][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 182.128086][ T9764] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 182.140569][ T9764] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 182.154225][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 19:25:40 executing program 2: syz_open_dev$sg(&(0x7f00000006c0)='/dev/sg#\x00', 0xf30, 0x46441) 19:25:40 executing program 0: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000180)="6001b2d7a7532f903870ccd87271dfb38f5d891f27d40b5fcf7ac320617b9735c2351e956e2f8c407f498e2fd24b82496fe202411f91b684af7c43ffe061e30a783b610cc3570736362bc7560354a5f1e63ff9a32bddb841b8d44904ea3f516a7e075debf2c1fe60f7a61dbca0b87fa325b2ede4a73dba04ab7d53c39583495f7b8d43e329ae7ebe2c70129c67add2de69d37601d29558caac89470ffc5702df703c60299bfcf9f72c6bb3b7d06dff2899dae1c8242026e4ee518b265c2c817261eb9aa91c060e914119512cbb035616add73993d1afbf24a881dd5792186b7bd0f22bdd48d601c518185634e16c7425bccc36e8d4f870b0011660eef0bc2a404c70775f7e9a7ddeb29e76c144cf94239f7ea885ce50f26c7efdbe6e38a36ba04f6113efb5dd7f23f80364314a52e938dc", 0x131}], 0x2}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b19, &(0x7f0000000000)={'wlan1\x00'}) 19:25:40 executing program 1: ioctl$vim2m_VIDIOC_QUERYBUF(0xffffffffffffffff, 0xc0585609, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0x4, &(0x7f0000000200)=@framed={{}, [@alu]}, &(0x7f0000000280)='GPL\x00', 0xa2cd, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000003c0), 0x8, 0x10, &(0x7f0000000400), 0x10}, 0x78) bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0) 19:25:40 executing program 3: r0 = socket$l2tp(0x2, 0x2, 0x73) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000001a80)={'wlan1\x00'}) 19:25:40 executing program 2: syz_open_dev$sg(&(0x7f00000006c0)='/dev/sg#\x00', 0xf30, 0x46441) 19:25:40 executing program 1: socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000580)="8f", 0x1}, {&(0x7f0000000680)="83", 0x1}, {&(0x7f0000000740)="14", 0x1}], 0x3, &(0x7f0000000a00)="8f1c0ff7085705e33cfaae9922fb24973a51e429b36b54f8527a6109dd39346ee87a4f76eb", 0x25}, 0x0) [ 182.244743][ T48] audit: type=1400 audit(1605122740.156:49): avc: denied { prog_load } for pid=9783 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 19:25:40 executing program 3: r0 = socket(0x2000000011, 0x4000000000080002, 0x0) sendmmsg(r0, &(0x7f0000000380)=[{{&(0x7f0000000040)=@l2={0x1f, 0x0, @fixed}, 0x80, 0x0}}, {{&(0x7f0000000040)=@caif=@dgm={0x25, 0x7}, 0x80, 0x0}}], 0x2, 0x0) 19:25:40 executing program 2: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0x6, &(0x7f0000000200)=@framed={{}, [@alu, @initr0]}, &(0x7f0000000280)='GPL\x00', 0xa2cd, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 19:25:40 executing program 0: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000180)="6001b2d7a7532f903870ccd87271dfb38f5d891f27d40b5fcf7ac320617b9735c2351e956e2f8c407f498e2fd24b82496fe202411f91b684af7c43ffe061e30a783b610cc3570736362bc7560354a5f1e63ff9a32bddb841b8d44904ea3f516a7e075debf2c1fe60f7a61dbca0b87fa325b2ede4a73dba04ab7d53c39583495f7b8d43e329ae7ebe2c70129c67add2de69d37601d29558caac89470ffc5702df703c60299bfcf9f72c6bb3b7d06dff2899dae1c8242026e4ee518b265c2c817261eb9aa91c060e914119512cbb035616add73993d1afbf24a881dd5792186b7bd0f22bdd48d601c518185634e16c7425bccc36e8d4f870b0011660eef0bc2a404c70775f7e9a7ddeb29e76c144cf94239f7ea885ce50f26c7efdbe6e38a36ba04f6113efb5dd7f23f80364314a52e938dc", 0x131}], 0x2}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b19, &(0x7f0000000000)={'wlan1\x00'}) [ 182.313497][ T48] audit: type=1400 audit(1605122740.156:50): avc: denied { bpf } for pid=9783 comm="syz-executor.1" capability=39 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 19:25:40 executing program 1: openat$pfkey(0xffffffffffffff9c, &(0x7f0000000380)='/proc/self/net/pfkey\x00', 0x90800, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000440)='/proc/self/net/pfkey\x00', 0x18400, 0x0) [ 182.376332][ T48] audit: type=1400 audit(1605122740.156:51): avc: denied { ioctl } for pid=9782 comm="syz-executor.0" path="socket:[39722]" dev="sockfs" ino=39722 ioctlcmd=0x8b19 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 19:25:40 executing program 0: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000180)="6001b2d7a7532f903870ccd87271dfb38f5d891f27d40b5fcf7ac320617b9735c2351e956e2f8c407f498e2fd24b82496fe202411f91b684af7c43ffe061e30a783b610cc3570736362bc7560354a5f1e63ff9a32bddb841b8d44904ea3f516a7e075debf2c1fe60f7a61dbca0b87fa325b2ede4a73dba04ab7d53c39583495f7b8d43e329ae7ebe2c70129c67add2de69d37601d29558caac89470ffc5702df703c60299bfcf9f72c6bb3b7d06dff2899dae1c8242026e4ee518b265c2c817261eb9aa91c060e914119512cbb035616add73993d1afbf24a881dd5792186b7bd0f22bdd48d601c518185634e16c7425bccc36e8d4f870b0011660eef0bc2a404c70775f7e9a7ddeb29e76c144cf94239f7ea885ce50f26c7efdbe6e38a36ba04f6113efb5dd7f23f80364314a52e938dc", 0x131}], 0x2}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b19, &(0x7f0000000000)={'wlan1\x00'}) 19:25:40 executing program 1: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000003c0), 0x8, 0x10, 0x0}, 0x78) 19:25:40 executing program 2: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0x0, 0x0, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 19:25:40 executing program 3: r0 = syz_io_uring_setup(0x87, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ee8000/0x2000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) r3 = syz_open_dev$video(&(0x7f0000000c80)='/dev/video#\x00', 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd=r3}, 0x0) io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x0) 19:25:40 executing program 1: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 19:25:40 executing program 1: r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000066230f40ef170372dde100eada010902240001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000008c0)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x40, 0xb, 0x2, "ab65"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000440)={0x2c, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000200), 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000002c0)={0x1c, &(0x7f0000000300)=ANY=[], 0x0, 0x0}) [ 182.471696][ T48] audit: type=1400 audit(1605122740.386:52): avc: denied { perfmon } for pid=9811 comm="syz-executor.1" capability=38 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 [ 182.519427][ T9819] ------------[ cut here ]------------ 19:25:40 executing program 0: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000180)="6001b2d7a7532f903870ccd87271dfb38f5d891f27d40b5fcf7ac320617b9735c2351e956e2f8c407f498e2fd24b82496fe202411f91b684af7c43ffe061e30a783b610cc3570736362bc7560354a5f1e63ff9a32bddb841b8d44904ea3f516a7e075debf2c1fe60f7a61dbca0b87fa325b2ede4a73dba04ab7d53c39583495f7b8d43e329ae7ebe2c70129c67add2de69d37601d29558caac89470ffc5702df703c60299bfcf9f72c6bb3b7d06dff2899dae1c8242026e4ee518b265c2c817261eb9aa91c060e914119512cbb035616add73993d1afbf24a881dd5792186b7bd0f22bdd48d601c518185634e16c7425bccc36e8d4f870b0011660eef0bc2a404c70775f7e9a7ddeb29e76c144cf94239f7ea885ce50f26c7efdbe6e38a36ba04f6113efb5dd7f23f80364314a52e938dc", 0x131}], 0x2}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b19, &(0x7f0000000000)={'wlan1\x00'}) 19:25:40 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000008c0)='./file0\x00', 0x200000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000d5f4655fd5f4655f0100ffff53ef010001000000d4f4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000091b73ef4b8d944c4be6aeaa0d6c47e6c010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000012600)="ed41000000100000d4f4655fd5f4655fd5f4655f000000000000040080", 0x1d, 0x4400}], 0x0, &(0x7f0000000040)=ANY=[]) syz_mount_image$tmpfs(&(0x7f0000000040)='tmpfs\x00', &(0x7f0000000380)='./file0\x00', 0x0, 0x0, 0x0, 0x2014861, &(0x7f00000003c0)={[], [{@fowner_gt={'fowner>'}}]}) [ 182.528407][ T9816] [ 182.528411][ T9816] ============================= [ 182.528413][ T9816] WARNING: suspicious RCU usage [ 182.528419][ T9816] 5.10.0-rc3-syzkaller #0 Not tainted [ 182.528421][ T9816] ----------------------------- [ 182.528428][ T9816] kernel/sched/core.c:7264 Illegal context switch in RCU-sched read-side critical section! [ 182.528430][ T9816] [ 182.528430][ T9816] other info that might help us debug this: [ 182.528430][ T9816] [ 182.528435][ T9816] [ 182.528435][ T9816] rcu_scheduler_active = 2, debug_locks = 0 [ 182.528439][ T9816] 2 locks held by udevd/9816: [ 182.528442][ T9816] #0: ffff8880124f5b40 (&sig->cred_guard_mutex){+.+.}-{3:3}, at: bprm_execve+0x1c6/0x1b70 [ 182.528537][ T9816] #1: ffff8880124f5bd0 (&sig->exec_update_mutex){+.+.}-{3:3}, at: begin_new_exec+0xa89/0x2ac0 [ 182.528556][ T9816] [ 182.528556][ T9816] stack backtrace: [ 182.528564][ T9816] CPU: 1 PID: 9816 Comm: udevd Not tainted 5.10.0-rc3-syzkaller #0 [ 182.528569][ T9816] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 182.528571][ T9816] Call Trace: [ 182.528580][ T9816] dump_stack+0x107/0x163 [ 182.528588][ T9816] ___might_sleep+0x25d/0x2b0 [ 182.528598][ T9816] unmap_page_range+0xfd2/0x2640 [ 182.528611][ T9816] ? vm_normal_page_pmd+0x510/0x510 [ 182.528620][ T9816] ? lock_downgrade+0x6d0/0x6d0 [ 182.528627][ T9816] ? uprobe_munmap+0x1c/0x560 [ 182.528635][ T9816] unmap_single_vma+0x198/0x300 [ 182.528648][ T9816] unmap_vmas+0x168/0x2e0 [ 182.528657][ T9816] ? zap_vma_ptes+0x100/0x100 [ 182.528666][ T9816] exit_mmap+0x2b1/0x530 [ 182.528674][ T9816] ? __ia32_sys_remap_file_pages+0x150/0x150 [ 182.528684][ T9816] __mmput+0x122/0x470 [ 182.528690][ T9816] mmput+0x53/0x60 [ 182.528698][ T9816] begin_new_exec+0xdc3/0x2ac0 [ 182.528707][ T9816] load_elf_binary+0x159d/0x4a60 [ 182.528717][ T9816] ? find_held_lock+0x2d/0x110 [ 182.528725][ T9816] ? bprm_execve+0x9bc/0x1b70 [ 182.528731][ T9816] ? elf_core_dump+0x3440/0x3440 [ 182.528738][ T9816] ? do_raw_read_unlock+0x3b/0x70 [ 182.528746][ T9816] ? _raw_read_unlock+0x24/0x40 [ 182.528755][ T9816] ? load_misc_binary+0x605/0xb70 [ 182.528763][ T9816] bprm_execve+0x9d7/0x1b70 [ 182.528771][ T9816] ? open_exec+0x70/0x70 [ 182.528778][ T9816] ? copy_strings.isra.0+0x65d/0x850 [ 182.528787][ T9816] do_execveat_common+0x626/0x7c0 [ 182.528795][ T9816] ? bprm_execve+0x1b70/0x1b70 [ 182.528804][ T9816] ? getname_flags.part.0+0x1dd/0x4f0 [ 182.528812][ T9816] __x64_sys_execve+0x8f/0xc0 [ 182.528820][ T9816] do_syscall_64+0x2d/0x70 [ 182.528827][ T9816] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 182.528868][ T9816] RIP: 0033:0x7f13375e8207 [ 182.528927][ T9816] Code: Unable to access opcode bytes at RIP 0x7f13375e81dd. [ 182.528932][ T9816] RSP: 002b:00007ffc9f06eb68 EFLAGS: 00000202 ORIG_RAX: 000000000000003b [ 182.528941][ T9816] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f13375e8207 [ 182.528945][ T9816] RDX: 0000000001df1ee0 RSI: 00007ffc9f06ec60 RDI: 00007ffc9f06fc70 [ 182.528950][ T9816] RBP: 0000000000625500 R08: 00000000000025c3 R09: 00000000000025c3 [ 182.528955][ T9816] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000001df1ee0 [ 182.528959][ T9816] R13: 0000000000000007 R14: 0000000001c60030 R15: 0000000000000005 [ 182.978314][ T9819] WARNING: CPU: 3 PID: 9819 at include/linux/cpumask.h:137 try_to_wake_up+0xd5e/0x1300 [ 182.978314][ T9819] Modules linked in: [ 182.978314][ T9819] CPU: 3 PID: 9819 Comm: io_wq_manager Not tainted 5.10.0-rc3-syzkaller #0 [ 182.978314][ T9819] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 182.978314][ T9819] RIP: 0010:try_to_wake_up+0xd5e/0x1300 [ 182.978314][ T9819] Code: 70 02 00 00 65 ff 0d 71 97 b5 7e 4c 8d 75 40 0f 85 da f8 ff ff e8 21 ed b3 ff e9 d0 f8 ff ff 41 bd 01 00 00 00 e9 6e f3 ff ff <0f> 0b e9 2d f6 ff ff 48 8d bd 98 01 00 00 48 b8 00 00 00 00 00 fc [ 182.978314][ T9819] RSP: 0018:ffffc900013c7d50 EFLAGS: 00010002 [ 182.978314][ T9819] RAX: dffffc0000000000 RBX: 1ffff92000278faf RCX: ffff88806d119df0 [ 182.978314][ T9819] RDX: 1ffff1100da233bd RSI: ffffffff83b566eb RDI: 0000000000000006 [ 182.978314][ T9819] RBP: ffff88806d119a80 R08: 0000000000000008 R09: ffffffff8cecaf0f [ 182.978314][ T9819] R10: 0000000000000040 R11: 0000000000000000 R12: 0000000000000206 [ 183.379369][ T9819] R13: ffff88806d11a2b0 R14: ffff88806d119ac0 R15: ffff88806d119de8 [ 183.388703][ T9819] FS: 0000000000000000(0000) GS:ffff88802cd00000(0000) knlGS:0000000000000000 [ 183.394100][ T9819] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 183.394100][ T9819] CR2: 0000000001695394 CR3: 00000000691de000 CR4: 0000000000350ee0 [ 183.411646][ T9819] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 183.426455][ T9819] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 183.426455][ T9819] Call Trace: [ 183.426455][ T9819] ? lock_downgrade+0x6d0/0x6d0 [ 183.426455][ T9819] ? migrate_swap_stop+0x9f0/0x9f0 [ 183.426455][ T9819] ? rwlock_bug.part.0+0x90/0x90 [ 183.426455][ T9819] ? _raw_spin_unlock_irq+0x1f/0x40 [ 183.426455][ T9819] create_io_worker+0x590/0x8d0 [ 183.426455][ T9819] io_wq_manager+0x16b/0xb80 [ 183.426455][ T9819] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 183.426455][ T9819] ? lockdep_hardirqs_on+0x79/0x100 [ 183.426455][ T9819] ? io_wq_for_each_worker.isra.0+0x370/0x370 [ 183.426455][ T9819] ? __kthread_parkme+0x13f/0x1e0 [ 183.426455][ T9819] ? io_wq_for_each_worker.isra.0+0x370/0x370 [ 183.426455][ T9819] kthread+0x3af/0x4a0 [ 183.426455][ T9819] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 183.528178][ T9819] ret_from_fork+0x1f/0x30 [ 183.528178][ T9819] Kernel panic - not syncing: panic_on_warn set ... [ 183.528178][ T9819] CPU: 3 PID: 9819 Comm: io_wq_manager Not tainted 5.10.0-rc3-syzkaller #0 [ 183.528178][ T9819] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 183.528178][ T9819] Call Trace: [ 183.528178][ T9819] dump_stack+0x107/0x163 [ 183.528178][ T9819] panic+0x306/0x73d [ 183.528178][ T9819] ? __warn_printk+0xf3/0xf3 [ 183.528178][ T9819] ? __warn.cold+0x1d/0xbb [ 183.528178][ T9819] ? __warn.cold+0x14/0xbb [ 183.528178][ T9819] ? try_to_wake_up+0xd5e/0x1300 [ 183.528178][ T9819] __warn.cold+0x38/0xbb [ 183.528178][ T9819] ? try_to_wake_up+0xd5e/0x1300 [ 183.528178][ T9819] report_bug+0x1bd/0x210 [ 183.630762][ T9819] handle_bug+0x3c/0x60 [ 183.630762][ T9819] exc_invalid_op+0x14/0x40 [ 183.630762][ T9819] asm_exc_invalid_op+0x12/0x20 [ 183.630762][ T9819] RIP: 0010:try_to_wake_up+0xd5e/0x1300 [ 183.630762][ T9819] Code: 70 02 00 00 65 ff 0d 71 97 b5 7e 4c 8d 75 40 0f 85 da f8 ff ff e8 21 ed b3 ff e9 d0 f8 ff ff 41 bd 01 00 00 00 e9 6e f3 ff ff <0f> 0b e9 2d f6 ff ff 48 8d bd 98 01 00 00 48 b8 00 00 00 00 00 fc [ 183.630762][ T9819] RSP: 0018:ffffc900013c7d50 EFLAGS: 00010002 [ 183.630762][ T9819] RAX: dffffc0000000000 RBX: 1ffff92000278faf RCX: ffff88806d119df0 [ 183.630762][ T9819] RDX: 1ffff1100da233bd RSI: ffffffff83b566eb RDI: 0000000000000006 [ 183.630762][ T9819] RBP: ffff88806d119a80 R08: 0000000000000008 R09: ffffffff8cecaf0f [ 183.630762][ T9819] R10: 0000000000000040 R11: 0000000000000000 R12: 0000000000000206 [ 183.732911][ T9819] R13: ffff88806d11a2b0 R14: ffff88806d119ac0 R15: ffff88806d119de8 [ 183.732911][ T9819] ? find_first_bit+0x8b/0xb0 [ 183.732911][ T9819] ? lock_downgrade+0x6d0/0x6d0 [ 183.732911][ T9819] ? migrate_swap_stop+0x9f0/0x9f0 [ 183.732911][ T9819] ? rwlock_bug.part.0+0x90/0x90 [ 183.732911][ T9819] ? _raw_spin_unlock_irq+0x1f/0x40 [ 183.732911][ T9819] create_io_worker+0x590/0x8d0 [ 183.732911][ T9819] io_wq_manager+0x16b/0xb80 [ 183.732911][ T9819] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 183.732911][ T9819] ? lockdep_hardirqs_on+0x79/0x100 [ 183.732911][ T9819] ? io_wq_for_each_worker.isra.0+0x370/0x370 [ 183.732911][ T9819] ? __kthread_parkme+0x13f/0x1e0 [ 183.853187][ T9819] ? io_wq_for_each_worker.isra.0+0x370/0x370 [ 183.861790][ T9819] kthread+0x3af/0x4a0 [ 183.861790][ T9819] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 183.861790][ T9819] ret_from_fork+0x1f/0x30 [ 183.861790][ T9819] [ 183.861790][ T9819] ====================================================== [ 183.861790][ T9819] WARNING: possible circular locking dependency detected [ 183.861790][ T9819] 5.10.0-rc3-syzkaller #0 Not tainted [ 183.861790][ T9819] ------------------------------------------------------ [ 183.861790][ T9819] io_wq_manager/9819 is trying to acquire lock: [ 183.861790][ T9819] ffffffff8b328458 ((console_sem).lock){-...}-{2:2}, at: down_trylock+0xe/0x60 [ 183.861790][ T9819] [ 183.861790][ T9819] but task is already holding lock: [ 183.861790][ T9819] ffff88806d11a2c8 (&p->pi_lock){-.-.}-{2:2}, at: try_to_wake_up+0x98/0x1300 [ 183.861790][ T9819] [ 183.861790][ T9819] which lock already depends on the new lock. [ 183.861790][ T9819] [ 183.861790][ T9819] [ 183.861790][ T9819] the existing dependency chain (in reverse order) is: [ 183.861790][ T9819] [ 183.861790][ T9819] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 183.861790][ T9819] _raw_spin_lock_irqsave+0x39/0x50 [ 183.861790][ T9819] try_to_wake_up+0x98/0x1300 [ 183.861790][ T9819] up+0x75/0xb0 [ 183.861790][ T9819] __up_console_sem+0x4a/0x80 [ 183.861790][ T9819] console_unlock+0x591/0xbb0 [ 183.861790][ T9819] vga_remove_vgacon.cold+0x99/0x9e [ 183.861790][ T9819] virtio_gpu_probe.cold+0x10d/0x1df [ 183.861790][ T9819] virtio_dev_probe+0x445/0x6f0 [ 183.861790][ T9819] really_probe+0x291/0xde0 [ 183.861790][ T9819] driver_probe_device+0x26b/0x3d0 [ 183.861790][ T9819] device_driver_attach+0x228/0x290 [ 183.861790][ T9819] __driver_attach+0x15b/0x2f0 [ 183.861790][ T9819] bus_for_each_dev+0x147/0x1d0 [ 183.861790][ T9819] bus_add_driver+0x3a9/0x630 [ 183.861790][ T9819] driver_register+0x220/0x3a0 [ 183.861790][ T9819] do_one_initcall+0x103/0x650 [ 183.861790][ T9819] kernel_init_freeable+0x600/0x684 [ 183.861790][ T9819] kernel_init+0xd/0x1b8 [ 183.861790][ T9819] ret_from_fork+0x1f/0x30 [ 183.861790][ T9819] [ 183.861790][ T9819] -> #0 ((console_sem).lock){-...}-{2:2}: [ 183.861790][ T9819] __lock_acquire+0x2828/0x5590 [ 183.861790][ T9819] lock_acquire+0x2a3/0x8c0 [ 183.861790][ T9819] _raw_spin_lock_irqsave+0x39/0x50 [ 183.861790][ T9819] down_trylock+0xe/0x60 [ 183.861790][ T9819] __down_trylock_console_sem+0x3e/0xd0 [ 183.861790][ T9819] vprintk_emit+0x14f/0x4c0 [ 183.861790][ T9819] vprintk_func+0x8d/0x1e0 [ 183.861790][ T9819] printk+0xba/0xed [ 183.861790][ T9819] report_bug.cold+0x72/0xab [ 183.861790][ T9819] handle_bug+0x3c/0x60 [ 183.861790][ T9819] exc_invalid_op+0x14/0x40 [ 183.861790][ T9819] asm_exc_invalid_op+0x12/0x20 [ 183.861790][ T9819] try_to_wake_up+0xd5e/0x1300 [ 183.861790][ T9819] create_io_worker+0x590/0x8d0 [ 183.861790][ T9819] io_wq_manager+0x16b/0xb80 [ 183.861790][ T9819] kthread+0x3af/0x4a0 [ 183.861790][ T9819] ret_from_fork+0x1f/0x30 [ 183.861790][ T9819] [ 183.861790][ T9819] other info that might help us debug this: [ 183.861790][ T9819] [ 183.861790][ T9819] Possible unsafe locking scenario: [ 183.861790][ T9819] [ 183.861790][ T9819] CPU0 CPU1 [ 183.861790][ T9819] ---- ---- [ 183.861790][ T9819] lock(&p->pi_lock); [ 183.861790][ T9819] lock((console_sem).lock); [ 183.861790][ T9819] lock(&p->pi_lock); [ 183.861790][ T9819] lock((console_sem).lock); [ 183.861790][ T9819] [ 183.861790][ T9819] *** DEADLOCK *** [ 183.861790][ T9819] [ 183.861790][ T9819] 1 lock held by io_wq_manager/9819: [ 183.861790][ T9819] #0: ffff88806d11a2c8 (&p->pi_lock){-.-.}-{2:2}, at: try_to_wake_up+0x98/0x1300 [ 183.861790][ T9819] [ 183.861790][ T9819] stack backtrace: [ 183.861790][ T9819] CPU: 3 PID: 9819 Comm: io_wq_manager Not tainted 5.10.0-rc3-syzkaller #0 [ 183.861790][ T9819] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 183.861790][ T9819] Call Trace: [ 183.861790][ T9819] dump_stack+0x107/0x163 [ 183.861790][ T9819] check_noncircular+0x25f/0x2e0 [ 183.861790][ T9819] ? print_circular_bug+0x360/0x360 [ 183.861790][ T9819] ? lockdep_lock+0xea/0x200 [ 183.861790][ T9819] ? alloc_chain_hlocks+0x230/0x770 [ 183.861790][ T9819] __lock_acquire+0x2828/0x5590 [ 183.861790][ T9819] ? info_print_ext_header.constprop.0+0x280/0x280 [ 183.861790][ T9819] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 183.861790][ T9819] lock_acquire+0x2a3/0x8c0 [ 183.861790][ T9819] ? down_trylock+0xe/0x60 [ 183.861790][ T9819] ? lock_release+0x710/0x710 [ 183.861790][ T9819] ? find_held_lock+0x2d/0x110 [ 183.861790][ T9819] ? vprintk_emit+0xdf/0x4c0 [ 183.861790][ T9819] ? lock_downgrade+0x6d0/0x6d0 [ 183.861790][ T9819] ? vprintk_func+0x8d/0x1e0 [ 183.861790][ T9819] _raw_spin_lock_irqsave+0x39/0x50 [ 183.861790][ T9819] ? down_trylock+0xe/0x60 [ 183.861790][ T9819] down_trylock+0xe/0x60 [ 183.861790][ T9819] ? vprintk_func+0x8d/0x1e0 [ 183.861790][ T9819] __down_trylock_console_sem+0x3e/0xd0 [ 183.861790][ T9819] vprintk_emit+0x14f/0x4c0 [ 183.861790][ T9819] vprintk_func+0x8d/0x1e0 [ 183.861790][ T9819] printk+0xba/0xed [ 183.861790][ T9819] ? record_print_text.cold+0x16/0x16 [ 183.861790][ T9819] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 183.861790][ T9819] ? report_bug.cold+0x66/0xab [ 183.861790][ T9819] ? report_bug+0x192/0x210 [ 183.861790][ T9819] ? try_to_wake_up+0xd5e/0x1300 [ 183.861790][ T9819] report_bug.cold+0x72/0xab [ 183.861790][ T9819] handle_bug+0x3c/0x60 [ 183.861790][ T9819] exc_invalid_op+0x14/0x40 [ 183.861790][ T9819] asm_exc_invalid_op+0x12/0x20 [ 183.861790][ T9819] RIP: 0010:try_to_wake_up+0xd5e/0x1300 [ 183.861790][ T9819] Code: 70 02 00 00 65 ff 0d 71 97 b5 7e 4c 8d 75 40 0f 85 da f8 ff ff e8 21 ed b3 ff e9 d0 f8 ff ff 41 bd 01 00 00 00 e9 6e f3 ff ff <0f> 0b e9 2d f6 ff ff 48 8d bd 98 01 00 00 48 b8 00 00 00 00 00 fc [ 183.861790][ T9819] RSP: 0018:ffffc900013c7d50 EFLAGS: 00010002 [ 183.861790][ T9819] RAX: dffffc0000000000 RBX: 1ffff92000278faf RCX: ffff88806d119df0 [ 183.861790][ T9819] RDX: 1ffff1100da233bd RSI: ffffffff83b566eb RDI: 0000000000000006 [ 183.861790][ T9819] RBP: ffff88806d119a80 R08: 0000000000000008 R09: ffffffff8cecaf0f [ 183.861790][ T9819] R10: 0000000000000040 R11: 0000000000000000 R12: 0000000000000206 [ 183.861790][ T9819] R13: ffff88806d11a2b0 R14: ffff88806d119ac0 R15: ffff88806d119de8 [ 183.861790][ T9819] ? find_first_bit+0x8b/0xb0 [ 183.861790][ T9819] ? lock_downgrade+0x6d0/0x6d0 [ 183.861790][ T9819] ? migrate_swap_stop+0x9f0/0x9f0 [ 183.861790][ T9819] ? rwlock_bug.part.0+0x90/0x90 [ 183.861790][ T9819] ? _raw_spin_unlock_irq+0x1f/0x40 [ 183.861790][ T9819] create_io_worker+0x590/0x8d0 [ 183.861790][ T9819] io_wq_manager+0x16b/0xb80 [ 183.861790][ T9819] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 183.861790][ T9819] ? lockdep_hardirqs_on+0x79/0x100 [ 183.861790][ T9819] ? io_wq_for_each_worker.isra.0+0x370/0x370 [ 183.861790][ T9819] ? __kthread_parkme+0x13f/0x1e0 [ 183.861790][ T9819] ? io_wq_for_each_worker.isra.0+0x370/0x370 [ 183.861790][ T9819] kthread+0x3af/0x4a0 [ 183.861790][ T9819] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 183.861790][ T9819] ret_from_fork+0x1f/0x30 [ 183.861790][ T9819] Kernel Offset: disabled [ 183.861790][ T9819] Rebooting in 86400 seconds.. VM DIAGNOSIS: 19:25:41 Registers: info registers vcpu 0 RAX=00000058e2c2ccaa RBX=0000000000000000 RCX=00000000000006e0 RDX=0000000000000058 RSI=ffff88802ca1fa00 RDI=000000000023bebd RBP=ffff88802ca1fa00 RSP=ffffc90000007eb8 R8 =0000000000000000 R9 =ffffffff8cecaf0f R10=0000000000000000 R11=0000000000000000 R12=000000000023bebd R13=0000000000000000 R14=0000000000000000 R15=ffff88802ca26840 RIP=ffffffff812d9f7b RFL=00000003 [------C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802ca00000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b32723000 CR3=00000000506e9000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000380000000000000001 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=00000000000000000000000000000000 XMM05=00000000000000380000000000000001 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=000000000001709e RBX=ffffc90001417ca0 RCX=ffffc90020f08000 RDX=0000000000040000 RSI=ffffffff82014e69 RDI=ffff88806c396460 RBP=ffff88801f6a4000 RSP=ffffc90001417a10 R8 =0000000000000000 R9 =ffffea00019a74c7 R10=0000000000000000 R11=ffff888066a49ff0 R12=ffff888021292950 R13=ffff88801f6a4160 R14=ffff88801f6a4018 R15=00000000000040b3 RIP=ffffffff81700b9e RFL=00000212 [----A--] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007efcba85f700 ffffffff 00c00000 GS =0000 ffff88802cb00000 ffffffff 00c00000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe000003e000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000003c000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000001c6f308 CR3=0000000044d36000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000a60ce07b00000000cec3662e XMM01=00000000000000004a0bfa78510c26ce XMM02=00000000000000000000000000000000 XMM03=00000000000000500000000000000001 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 2 RAX=1ffff9200028af2e RBX=0000000000001d9c RCX=1ffff11007fff6e7 RDX=0000000000000000 RSI=0000000000000008 RDI=ffffc90001457970 RBP=0000000000000002 RSP=ffffc90001457550 R8 =000000000000199b R9 =0000000000000000 R10=000000000000199b R11=0000000000000001 R12=dffffc0000000000 R13=000000000000199b R14=ffff88803fffb700 R15=ffff88803fffb700 RIP=ffffffff81a8d0e1 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f7bb5239740 ffffffff 00c00000 GS =0000 ffff88802cc00000 ffffffff 00c00000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe0000079000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000077000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f7bb4e17a20 CR3=000000004e494000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=494b4c420047554245445f44494b4c42 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 3 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff840e586c RDI=ffffffff8faec8c0 RBP=ffffffff8faec880 RSP=ffffc900013c77b8 R8 =0000000000000001 R9 =0000000000000003 R10=000000000000000a R11=6465746e69612e35 R12=0000000000000020 R13=fffffbfff1f5d963 R14=fffffbfff1f5d91a R15=dffffc0000000000 RIP=ffffffff840e58c0 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802cd00000 ffffffff 00c00000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe00000b4000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000b2000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000001695394 CR3=00000000691de000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000002ac0000000000000009 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=00000000000000000000000000000000 XMM05=00000000000002ac0000000000000009 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000