[ 32.083274][ T3182] 8021q: adding VLAN 0 to HW filter on device bond0
[ 32.095067][ T3182] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
syzkaller login: [ 41.373123][ T26] kauditd_printk_skb: 37 callbacks suppressed
[ 41.373139][ T26] audit: type=1400 audit(1641382193.597:73): avc: denied { transition } for pid=3389 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 41.402010][ T26] audit: type=1400 audit(1641382193.607:74): avc: denied { write } for pid=3389 comm="sh" path="pipe:[27805]" dev="pipefs" ino=27805 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1
Warning: Permanently added '10.128.10.34' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
[ 50.250377][ T26] audit: type=1400 audit(1641382202.477:75): avc: denied { execmem } for pid=3596 comm="syz-executor148" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 50.279910][ T26] audit: type=1400 audit(1641382202.507:76): avc: denied { open } for pid=3599 comm="syz-executor148" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
executing program
executing program
[ 50.301827][ C1] hrtimer: interrupt took 31386 ns
[ 50.395229][ T26] audit: type=1400 audit(1641382202.527:77): avc: denied { perfmon } for pid=3609 comm="syz-executor148" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 50.622829][ T26] audit: type=1400 audit(1641382202.527:78): avc: denied { perfmon } for pid=3599 comm="syz-executor148" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
executing program
executing program
executing program
executing program
executing program
executing program
[ 50.687005][ T26] audit: type=1400 audit(1641382202.537:79): avc: denied { map } for pid=3609 comm="syz-executor148" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=28008 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 50.839720][ T26] audit: type=1400 audit(1641382202.537:80): avc: denied { create } for pid=3599 comm="syz-executor148" dev="anon_inodefs" ino=27021 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 51.036926][ T26] audit: type=1400 audit(1641382202.537:81): avc: denied { read write } for pid=3609 comm="syz-executor148" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=28008 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[ 58.638635][ T3878] syz-executor148: vmalloc error: size 4096, page order 0, failed to allocate pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
executing program
[ 58.750398][ T3878] CPU: 0 PID: 3878 Comm: syz-executor148 Not tainted 5.16.0-rc8-syzkaller #0
[ 58.759186][ T3878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 58.769243][ T3878] Call Trace:
[ 58.772524][ T3878]
[ 58.775452][ T3878] dump_stack_lvl+0xcd/0x134
[ 58.780084][ T3878] warn_alloc.cold+0x87/0x17a
[ 58.784772][ T3878] ? zone_watermark_ok_safe+0x290/0x290
[ 58.790324][ T3878] ? lockdep_hardirqs_on+0x79/0x100
[ 58.795543][ T3878] ? __vmalloc_node_range+0x571/0xab0
[ 58.800925][ T3878] __vmalloc_node_range+0x880/0xab0
[ 58.806132][ T3878] ? vfree_atomic+0xe0/0xe0
[ 58.810633][ T3878] ? rcu_read_lock_sched_held+0x3a/0x70
[ 58.816183][ T3878] ? kmem_cache_alloc_node+0x3ce/0x590
[ 58.821639][ T3878] ? create_io_thread+0xb6/0xf0
[ 58.826496][ T3878] copy_process+0x926/0x75a0
[ 58.831105][ T3878] ? create_io_thread+0xb6/0xf0
[ 58.835958][ T3878] ? kasan_save_stack+0x1e/0x50
[ 58.840809][ T3878] ? __kasan_kmalloc+0xa6/0xd0
[ 58.845571][ T3878] ? kmem_cache_alloc_node_trace+0x208/0x5b0
[ 58.851544][ T3878] ? create_io_worker+0x108/0x630
[ 58.856570][ T3878] ? io_wqe_enqueue+0x692/0xbc0
[ 58.861423][ T3878] ? io_queue_async_work+0x28c/0x5d0
[ 58.866709][ T3878] ? io_queue_sqe_arm_apoll+0xcf/0x1a0
[ 58.872170][ T3878] ? io_req_task_submit+0x335/0x450
[ 58.877369][ T3878] ? tctx_task_work+0x1b3/0x630
[ 58.882221][ T3878] ? task_work_run+0xdd/0x1a0
[ 58.886894][ T3878] ? exit_to_user_mode_prepare+0x256/0x290
[ 58.892699][ T3878] ? syscall_exit_to_user_mode+0x19/0x60
[ 58.898331][ T3878] ? do_syscall_64+0x42/0xb0
[ 58.902920][ T3878] ? mark_lock+0xef/0x17b0
[ 58.907337][ T3878] ? __cleanup_sighand+0xb0/0xb0
[ 58.912275][ T3878] ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 58.918426][ T3878] ? lockdep_hardirqs_on+0x79/0x100
[ 58.923622][ T3878] ? create_io_worker+0x1e3/0x630
[ 58.928644][ T3878] ? io_wqe_dec_running+0x220/0x220
[ 58.933843][ T3878] create_io_thread+0xb6/0xf0
[ 58.938524][ T3878] ? copy_init_mm+0x20/0x20
[ 58.943026][ T3878] ? io_wqe_dec_running+0x220/0x220
[ 58.948222][ T3878] ? lockdep_init_map_type+0x2c3/0x7b0
[ 58.953680][ T3878] create_io_worker+0x25c/0x630
[ 58.958534][ T3878] io_wqe_enqueue+0x692/0xbc0
[ 58.963214][ T3878] ? create_io_worker+0x630/0x630
[ 58.968238][ T3878] io_queue_async_work+0x28c/0x5d0
[ 58.973352][ T3878] io_queue_sqe_arm_apoll+0xcf/0x1a0
[ 58.978635][ T3878] io_req_task_submit+0x335/0x450
[ 58.983658][ T3878] tctx_task_work+0x1b3/0x630
[ 58.988336][ T3878] ? __io_submit_flush_completions+0x2c0/0x2c0
[ 58.994495][ T3878] ? rwlock_bug.part.0+0x90/0x90
[ 58.999437][ T3878] ? _raw_spin_unlock_irq+0x1f/0x40
[ 59.004636][ T3878] task_work_run+0xdd/0x1a0
[ 59.009137][ T3878] exit_to_user_mode_prepare+0x256/0x290
[ 59.014765][ T3878] syscall_exit_to_user_mode+0x19/0x60
[ 59.020227][ T3878] do_syscall_64+0x42/0xb0
[ 59.024639][ T3878] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 59.030534][ T3878] RIP: 0033:0x7ff164499cc9
[ 59.034939][ T3878] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 59.054541][ T3878] RSP: 002b:00007ff16444b2e8 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 59.062947][ T3878] RAX: 0000000000000100 RBX: 00007ff164521428 RCX: 00007ff164499cc9
[ 59.070912][ T3878] RDX: 0000000000000000 RSI: 0000000000002039 RDI: 0000000000000004
[ 59.078872][ T3878] RBP: 00007ff164521420 R08: 0000000000000000 R09: 0000000000000000
[ 59.086833][ T3878] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff16452142c
executing program
[ 59.094794][ T3878] R13: 00007ff1644ef074 R14: 7073642f7665642f R15: 0000000000000004
[ 59.102756][ T3878]
[ 59.106780][ C1]
[ 59.106786][ C1] ============================================
[ 59.106792][ C1] WARNING: possible recursive locking detected
[ 59.106798][ C1] 5.16.0-rc8-syzkaller #0 Not tainted
[ 59.106810][ C1] --------------------------------------------
executing program
[ 59.106816][ C1] ksoftirqd/1/19 is trying to acquire lock:
[ 59.106828][ C1] ffff88807cea4130 (&runtime->sleep){..-.}-{2:2}, at: io_poll_double_wake+0x2ba/0x7c0
[ 59.106891][ C1]
[ 59.106891][ C1] but task is already holding lock:
[ 59.106897][ C1] ffff888076461130 (&runtime->sleep){..-.}-{2:2}, at: __wake_up_common_lock+0xb4/0x130
executing program
executing program
[ 59.106952][ C1]
[ 59.106952][ C1] other info that might help us debug this:
[ 59.106958][ C1] Possible unsafe locking scenario:
[ 59.106958][ C1]
[ 59.106963][ C1] CPU0
[ 59.106967][ C1] ----
[ 59.106971][ C1] lock(&runtime->sleep);
executing program
[ 59.106985][ C1] lock(&runtime->sleep);
[ 59.106999][ C1]
[ 59.106999][ C1] *** DEADLOCK ***
[ 59.106999][ C1]
[ 59.107004][ C1] May be due to missing lock nesting notation
[ 59.107004][ C1]
[ 59.107010][ C1] 2 locks held by ksoftirqd/1/19:
executing program
[ 59.107024][ C1] #0: ffff8880245b9910 (&group->lock){..-.}-{2:2}, at: _snd_pcm_stream_lock_irqsave+0x9f/0xd0
executing program
[ 59.107087][ C1] #1: ffff888076461130 (&runtime->sleep){..-.}-{2:2}, at: __wake_up_common_lock+0xb4/0x130
executing program
[ 59.107149][ C1]
[ 59.107149][ C1] stack backtrace:
[ 59.107155][ C1] CPU: 1 PID: 19 Comm: ksoftirqd/1 Not tainted 5.16.0-rc8-syzkaller #0
[ 59.107181][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
executing program
[ 59.107195][ C1] Call Trace:
[ 59.107201][ C1]
[ 59.107209][ C1] dump_stack_lvl+0xcd/0x134
executing program
[ 59.107238][ C1] __lock_acquire.cold+0x149/0x3ab
[ 59.107270][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x400
executing program
[ 59.107302][ C1] ? lockdep_unlock+0x11c/0x290
[ 59.107328][ C1] ? __lock_acquire+0x2507/0x5470
executing program
[ 59.107357][ C1] lock_acquire+0x1ab/0x510
[ 59.107385][ C1] ? io_poll_double_wake+0x2ba/0x7c0
[ 59.107416][ C1] ? lock_release+0x720/0x720
[ 59.107464][ C1] _raw_spin_lock_irqsave+0x39/0x50
[ 59.107498][ C1] ? io_poll_double_wake+0x2ba/0x7c0
executing program
[ 59.107528][ C1] io_poll_double_wake+0x2ba/0x7c0
[ 59.107560][ C1] __wake_up_common+0x147/0x650
[ 59.107587][ C1] __wake_up_common_lock+0xd0/0x130
[ 59.107614][ C1] ? __wake_up_common+0x650/0x650
[ 59.107642][ C1] ? snd_pcm_hw_rule_ratdens+0xc50/0xc50
[ 59.107676][ C1] snd_pcm_update_state+0x46a/0x540
executing program
[ 59.107709][ C1] snd_pcm_update_hw_ptr0+0xa75/0x1a50
[ 59.107744][ C1] ? lock_release+0x720/0x720
executing program
executing program
executing program
[ 59.107772][ C1] ? snd_pcm_update_state+0x540/0x540
[ 59.107805][ C1] ? do_raw_spin_lock+0x120/0x2b0
[ 59.107835][ C1] ? rwlock_bug.part.0+0x90/0x90
[ 59.107865][ C1] ? __hrtimer_run_queues+0x51a/0xe50
executing program
[ 59.107892][ C1] ? _raw_spin_lock_irqsave+0x4e/0x50
[ 59.107926][ C1] ? dummy_pcm_copy_kernel+0x10/0x10
executing program
[ 59.107953][ C1] snd_pcm_period_elapsed_under_stream_lock+0x15a/0x230
[ 59.107990][ C1] snd_pcm_period_elapsed+0x28/0x50
[ 59.108024][ C1] dummy_hrtimer_callback+0x94/0x1b0
[ 59.108051][ C1] __hrtimer_run_queues+0x609/0xe50
[ 59.108079][ C1] ? hrtimer_sleeper_start_expires+0x80/0x80
[ 59.108108][ C1] ? ktime_get_update_offsets_now+0x3eb/0x5c0
executing program
executing program
executing program
executing program
[ 59.108141][ C1] hrtimer_run_softirq+0x17b/0x360
[ 59.108169][ C1] __do_softirq+0x29b/0x9c2
[ 59.108196][ C1] ? __irq_exit_rcu+0x180/0x180
[ 59.108227][ C1] run_ksoftirqd+0x2d/0x60
[ 59.108257][ C1] smpboot_thread_fn+0x645/0x9c0
[ 59.108286][ C1] ? __smpboot_create_thread.part.0+0x370/0x370
[ 59.108318][ C1] kthread+0x405/0x4f0
[ 59.108347][ C1] ? set_kthread_struct+0x130/0x130
[ 59.108379][ C1] ret_from_fork+0x1f/0x30
[ 59.108410][ C1]
[ 59.550369][ T3878] Mem-Info:
[ 59.550417][ T3878] active_anon:238 inactive_anon:4577 isolated_anon:0
[ 59.550417][ T3878] active_file:3399 inactive_file:8143 isolated_file:0
[ 59.550417][ T3878] unevictable:768 dirty:5918 writeback:0
[ 59.550417][ T3878] slab_reclaimable:19023 slab_unreclaimable:91149
[ 59.550417][ T3878] mapped:1985 shmem:1691 pagetables:250 bounce:0
[ 59.550417][ T3878] kernel_misc_reclaimable:0
[ 59.550417][ T3878] free:1497176 free_pcp:14844 free_cma:0
executing program
executing program
executing program
executing program
executing program
executing program
[ 59.550498][ T3878] Node 0 active_anon:944kB inactive_anon:17400kB active_file:13524kB inactive_file:32572kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:7940kB dirty:23656kB writeback:0kB shmem:4312kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB kernel_stack:7796kB pagetables:992kB all_unreclaimable? no
[ 59.551327][ T3878] Node 1 active_anon:8kB inactive_anon:908kB active_file:72kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:16kB writeback:0kB shmem:2452kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:16kB pagetables:8kB all_unreclaimable? no
executing program
executing program
executing program
executing program
[ 59.551408][ T3878] Node 0 DMA free:15360kB boost:0kB min:200kB low:248kB high:296kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
executing program
executing program
[ 59.551624][ T3878] lowmem_reserve[]: 0 2645 2645 2645 2645
[ 59.551844][ T3878] Node 0 DMA32 free:2039692kB boost:0kB min:35676kB low:44592kB high:53508kB reserved_highatomic:0KB active_anon:944kB inactive_anon:17400kB active_file:13524kB inactive_file:32572kB unevictable:1536kB writepending:23656kB present:3129332kB managed:2716804kB mlocked:0kB bounce:0kB free_pcp:44340kB local_pcp:22080kB free_cma:0kB
[ 59.551945][ T3878] lowmem_reserve[]: 0 0 0 0 0
executing program
executing program
[ 59.552085][ T3878] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:400kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
executing program
[ 59.552174][ T3878] lowmem_reserve[]: 0 0 0 0 0
executing program
[ 59.552486][ T3878] Node 1 Normal free:3933652kB boost:0kB min:54224kB low:67780kB high:81336kB reserved_highatomic:0KB active_anon:8kB inactive_anon:908kB active_file:72kB inactive_file:0kB unevictable:1536kB writepending:16kB present:4194304kB managed:4117620kB mlocked:0kB bounce:0kB free_pcp:14988kB local_pcp:6428kB free_cma:0kB
executing program
[ 59.552605][ T3878] lowmem_reserve[]: 0 0 0 0 0
executing program
[ 59.552746][ T3878] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 59.553153][ T3878] Node 0 DMA32: 73*4kB (UM) 225*8kB (UME) 154*16kB (UM) 44*32kB (UME) 13*64kB (UM) 10*128kB (UME) 4*256kB (U) 2*512kB (UM) 0*1024kB 7*2048kB (UM) 492*4096kB (M) = 2039692kB
executing program
[ 59.553889][ T3878] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 59.554267][ T3878] Node 1 Normal: 3*4kB (ME) 29*8kB (UME) 30*16kB (UM) 30*32kB (UME) 9*64kB (U) 6*128kB (UME) 2*256kB (U) 4*512kB (U) 2*1024kB (UE) 3*2048kB (UM) 957*4096kB (M) = 3933652kB
executing program
executing program
[ 59.555022][ T3878] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 59.555820][ T3878] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 59.555940][ T3878] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
executing program
executing program
[ 59.555971][ T3878] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 59.556000][ T3878] 13233 total pagecache pages
executing program
[ 59.556018][ T3878] 0 pages in swap cache
[ 59.556040][ T3878] Swap cache stats: add 0, delete 0, find 0/0
[ 59.556071][ T3878] Free swap = 0kB
[ 59.556091][ T3878] Total swap = 0kB
[ 59.556109][ T3878] 2097051 pages RAM
[ 59.556132][ T3878] 0 pages HighMem/MovableOnly
executing program
[ 59.556207][ T3878] 384505 pages reserved
[ 59.556227][ T3878] 0 pages cma reserved
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[ 68.711382][ T4028] syz-executor148[4028]: segfault at 40 ip 00007ff164496055 sp 00007ff16442a2f8 error 6 in syz-executor148275331[7ff164455000+9a000]
[ 68.809048][ T4028] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89
executing program
executing program
executing program
executing program