syzkaller login: [ 65.543958][ T38] audit: type=1400 audit(1575030333.200:41): avc: denied { map } for pid=7838 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '[localhost]:18518' (ECDSA) to the list of known hosts. [ 67.677941][ T38] audit: type=1400 audit(1575030335.340:42): avc: denied { map } for pid=7848 comm="syz-fuzzer" path="/syz-fuzzer" dev="sda1" ino=16526 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 2019/11/29 12:25:35 fuzzer started 2019/11/29 12:25:35 dialing manager at 10.0.2.10:36077 2019/11/29 12:25:36 syscalls: 2528 2019/11/29 12:25:36 code coverage: enabled 2019/11/29 12:25:36 comparison tracing: enabled 2019/11/29 12:25:36 extra coverage: extra coverage is not supported by the kernel 2019/11/29 12:25:36 setuid sandbox: enabled 2019/11/29 12:25:36 namespace sandbox: enabled 2019/11/29 12:25:36 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/29 12:25:36 fault injection: enabled 2019/11/29 12:25:36 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/29 12:25:36 net packet injection: enabled 2019/11/29 12:25:36 net device setup: enabled 2019/11/29 12:25:36 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/11/29 12:25:36 devlink PCI setup: PCI device 0000:00:10.0 is not available 12:25:41 executing program 0: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="1c0000001a009b8a14000000ff0000adf87e28000000000000000000", 0x1c) recvmmsg(r0, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400}) [ 73.537712][ T38] audit: type=1400 audit(1575030341.200:43): avc: denied { map } for pid=7871 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=97 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 12:25:41 executing program 1: creat(&(0x7f0000000300)='./file0\x00', 0x432c6ec56617cc7d) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) socket(0x0, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb), 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb), 0x0) dup(0xffffffffffffffff) getsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000740)={@initdev, @initdev}, 0x0) write$UHID_INPUT2(0xffffffffffffffff, 0x0, 0x0) mount(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000180)='devpts\x00', 0x0, &(0x7f00000001c0)=',\x10\xec]$R\xaf\xf18\'\x99\xfc\xa1\xef\xff3\xd5\x9f\x9d\xff;L\xde<\xb8\xe5\xc4\x8c\xba2A\xaa6\x1d\x97,\xa7t3\x14\x1f\x94\x1b\xebzGY\x83\xa8\x0e\xc3Q\xb81\xf4\xea\xa2D\xd3\xf4\'\xea29\x80\xd3\xd7\xc2L\x8a\xe52W$)\x0e,\xf1P\xd4\xb1|z\xe5R\xb5.\xe4\xa7\xad\xd1\xbfRB\xeduL\xa9k') r1 = gettid() tkill(r1, 0x3c) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, &(0x7f00000002c0)) recvmmsg(r3, &(0x7f0000008880), 0x33b96d8691577f5, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x34) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x400000, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0) getdents64(r6, &(0x7f0000000100)=""/79, 0x1000001b3) getsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x6cb86c33a2eb45b, &(0x7f0000000240)={@initdev, @initdev}, 0x0) 12:25:41 executing program 2: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$sock_SIOCADDDLCI(r1, 0x8980, 0x0) [ 73.847837][ T7872] IPVS: ftp: loaded support on port[0] = 21 [ 73.847844][ T7874] IPVS: ftp: loaded support on port[0] = 21 [ 73.900534][ T7876] IPVS: ftp: loaded support on port[0] = 21 12:25:41 executing program 3: pipe(&(0x7f00000001c0)) r0 = socket$inet6(0xa, 0x80003, 0xff) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b2071") r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f00000000c0)=0x2c, 0x4) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) setsockopt$sock_int(r1, 0x1, 0x24, &(0x7f0000000200)=0x6, 0xff34) getsockopt$sock_buf(r1, 0x1, 0x1a, &(0x7f0000000100)=""/53, &(0x7f0000000040)=0x35) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000540)=0x195d, 0x4) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x4e22}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0x200408d4, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) [ 74.015515][ T7872] chnl_net:caif_netlink_parms(): no params data found [ 74.024080][ T7874] chnl_net:caif_netlink_parms(): no params data found [ 74.063352][ T7881] IPVS: ftp: loaded support on port[0] = 21 [ 74.104208][ T7874] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.112249][ T7874] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.120285][ T7874] device bridge_slave_0 entered promiscuous mode [ 74.129276][ T7874] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.136655][ T7874] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.144231][ T7874] device bridge_slave_1 entered promiscuous mode [ 74.168239][ T7874] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.177606][ T7872] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.184710][ T7872] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.192575][ T7872] device bridge_slave_0 entered promiscuous mode [ 74.201298][ T7872] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.208471][ T7872] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.216104][ T7872] device bridge_slave_1 entered promiscuous mode [ 74.229776][ T7874] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.242829][ T7876] chnl_net:caif_netlink_parms(): no params data found [ 74.252485][ T7872] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.265013][ T7872] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.301187][ T7872] team0: Port device team_slave_0 added [ 74.310741][ T7872] team0: Port device team_slave_1 added [ 74.317857][ T7874] team0: Port device team_slave_0 added [ 74.331338][ T7874] team0: Port device team_slave_1 added [ 74.407372][ T7872] device hsr_slave_0 entered promiscuous mode [ 74.475725][ T7872] device hsr_slave_1 entered promiscuous mode [ 74.548764][ T7876] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.555710][ T7876] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.563008][ T7876] device bridge_slave_0 entered promiscuous mode [ 74.570349][ T7876] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.577324][ T7876] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.584444][ T7876] device bridge_slave_1 entered promiscuous mode [ 74.606499][ T7876] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.620406][ T7876] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.687163][ T7874] device hsr_slave_0 entered promiscuous mode [ 74.776524][ T7874] device hsr_slave_1 entered promiscuous mode [ 74.835492][ T7874] debugfs: Directory 'hsr0' with parent '/' already present! [ 74.855426][ T7876] team0: Port device team_slave_0 added [ 74.862538][ T7876] team0: Port device team_slave_1 added [ 74.872647][ T38] audit: type=1400 audit(1575030342.530:44): avc: denied { create } for pid=7872 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 74.897195][ T38] audit: type=1400 audit(1575030342.530:45): avc: denied { write } for pid=7872 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 74.897211][ T38] audit: type=1400 audit(1575030342.530:46): avc: denied { read } for pid=7872 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 74.948977][ T7872] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 75.021140][ T7872] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 75.089418][ T7872] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 75.188278][ T7872] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 75.357270][ T7876] device hsr_slave_0 entered promiscuous mode [ 75.415617][ T7876] device hsr_slave_1 entered promiscuous mode [ 75.505410][ T7876] debugfs: Directory 'hsr0' with parent '/' already present! [ 75.525017][ T7874] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 75.587330][ T7881] chnl_net:caif_netlink_parms(): no params data found [ 75.596497][ T7874] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 75.705632][ T7874] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 75.790078][ T7874] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 75.856174][ T7876] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 75.944503][ T7876] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 76.017345][ T7876] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 76.102632][ T7876] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 76.201157][ T7881] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.209183][ T7881] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.217859][ T7881] device bridge_slave_0 entered promiscuous mode [ 76.229842][ T7881] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.237357][ T7881] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.245198][ T7881] device bridge_slave_1 entered promiscuous mode [ 76.272530][ T7881] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.289404][ T7881] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.320169][ T7881] team0: Port device team_slave_0 added [ 76.328039][ T7881] team0: Port device team_slave_1 added [ 76.352603][ T7872] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.408483][ T7881] device hsr_slave_0 entered promiscuous mode [ 76.486069][ T7881] device hsr_slave_1 entered promiscuous mode [ 76.555542][ T7881] debugfs: Directory 'hsr0' with parent '/' already present! [ 76.570574][ T1193] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 76.579325][ T1193] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 76.590116][ T7872] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.607575][ T3049] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 76.616903][ T3049] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 76.625740][ T3049] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.633153][ T3049] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.643128][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 76.670553][ T7874] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.678487][ T7880] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 76.687975][ T7880] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 76.696099][ T7880] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.702910][ T7880] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.710785][ T7881] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 76.786914][ T7881] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 76.880469][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 76.888790][ T7881] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 76.943577][ T7881] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 77.005655][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 77.014265][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 77.022184][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.029858][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 77.038652][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 77.051235][ T7874] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.058189][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 77.071538][ T7880] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 77.079751][ T7880] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 77.087833][ T7880] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.094563][ T7880] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.107521][ T7880] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 77.115246][ T7880] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 77.123801][ T7880] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 77.136828][ T7880] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 77.145082][ T7880] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 77.153366][ T7880] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.160286][ T7880] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.168532][ T7880] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 77.186412][ T7876] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.196915][ T7872] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 77.208692][ T7872] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 77.220994][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 77.229558][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 77.238682][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 77.247004][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 77.255496][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 77.270206][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 77.288515][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 77.297560][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 77.307559][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 77.315021][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 77.323949][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 77.338147][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 77.345682][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.353310][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 77.362748][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 77.373588][ T7876] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.386088][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 77.394645][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 77.406925][ T7874] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 77.418481][ T7874] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 77.426780][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 77.435263][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 77.446738][ T7872] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.454532][ T7880] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 77.463054][ T7880] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 77.471656][ T7880] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.478788][ T7880] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.487254][ T7880] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 77.504844][ T38] audit: type=1400 audit(1575030345.160:47): avc: denied { associate } for pid=7872 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 77.516349][ T7874] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.546549][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 77.554797][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 77.563006][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.569959][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.577774][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 77.586250][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 77.593430][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 77.600760][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 77.609981][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 77.618401][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 77.626858][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 77.641137][ T7884] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 77.649930][ T7884] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 77.668958][ T7876] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 77.680633][ T7876] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 77.693390][ T1193] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 77.702392][ T1193] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 77.711140][ T1193] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 77.720487][ T1193] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 77.728957][ T1193] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 77.741352][ T7881] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.755888][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 77.767736][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.777291][ T38] audit: type=1400 audit(1575030345.430:48): avc: denied { open } for pid=7891 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 [ 77.781712][ T7897] devpts: called with bogus options [ 77.803759][ T7881] 8021q: adding VLAN 0 to HW filter on device team0 12:25:45 executing program 1: creat(&(0x7f0000000300)='./file0\x00', 0x432c6ec56617cc7d) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) socket(0x0, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb), 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb), 0x0) dup(0xffffffffffffffff) getsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000740)={@initdev, @initdev}, 0x0) write$UHID_INPUT2(0xffffffffffffffff, 0x0, 0x0) mount(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000180)='devpts\x00', 0x0, &(0x7f00000001c0)=',\x10\xec]$R\xaf\xf18\'\x99\xfc\xa1\xef\xff3\xd5\x9f\x9d\xff;L\xde<\xb8\xe5\xc4\x8c\xba2A\xaa6\x1d\x97,\xa7t3\x14\x1f\x94\x1b\xebzGY\x83\xa8\x0e\xc3Q\xb81\xf4\xea\xa2D\xd3\xf4\'\xea29\x80\xd3\xd7\xc2L\x8a\xe52W$)\x0e,\xf1P\xd4\xb1|z\xe5R\xb5.\xe4\xa7\xad\xd1\xbfRB\xeduL\xa9k') r1 = gettid() tkill(r1, 0x3c) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, &(0x7f00000002c0)) recvmmsg(r3, &(0x7f0000008880), 0x33b96d8691577f5, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x34) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x400000, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0) getdents64(r6, &(0x7f0000000100)=""/79, 0x1000001b3) getsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x6cb86c33a2eb45b, &(0x7f0000000240)={@initdev, @initdev}, 0x0) [ 77.824701][ T7876] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.831982][ T38] audit: type=1400 audit(1575030345.430:49): avc: denied { kernel } for pid=7891 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 [ 77.856880][ T7903] devpts: called with bogus options 12:25:45 executing program 1: creat(&(0x7f0000000300)='./file0\x00', 0x432c6ec56617cc7d) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) socket(0x0, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb), 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb), 0x0) dup(0xffffffffffffffff) getsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000740)={@initdev, @initdev}, 0x0) write$UHID_INPUT2(0xffffffffffffffff, 0x0, 0x0) mount(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000180)='devpts\x00', 0x0, &(0x7f00000001c0)=',\x10\xec]$R\xaf\xf18\'\x99\xfc\xa1\xef\xff3\xd5\x9f\x9d\xff;L\xde<\xb8\xe5\xc4\x8c\xba2A\xaa6\x1d\x97,\xa7t3\x14\x1f\x94\x1b\xebzGY\x83\xa8\x0e\xc3Q\xb81\xf4\xea\xa2D\xd3\xf4\'\xea29\x80\xd3\xd7\xc2L\x8a\xe52W$)\x0e,\xf1P\xd4\xb1|z\xe5R\xb5.\xe4\xa7\xad\xd1\xbfRB\xeduL\xa9k') r1 = gettid() tkill(r1, 0x3c) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, &(0x7f00000002c0)) recvmmsg(r3, &(0x7f0000008880), 0x33b96d8691577f5, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x34) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x400000, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0) getdents64(r6, &(0x7f0000000100)=""/79, 0x1000001b3) getsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x6cb86c33a2eb45b, &(0x7f0000000240)={@initdev, @initdev}, 0x0) [ 77.867646][ T7884] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 77.876649][ T7884] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 77.879716][ T7909] devpts: called with bogus options [ 77.892842][ T7884] bridge0: port 1(bridge_slave_0) entered blocking state 12:25:45 executing program 1: creat(&(0x7f0000000300)='./file0\x00', 0x432c6ec56617cc7d) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) socket(0x0, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb), 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb), 0x0) dup(0xffffffffffffffff) getsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000740)={@initdev, @initdev}, 0x0) write$UHID_INPUT2(0xffffffffffffffff, 0x0, 0x0) mount(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000180)='devpts\x00', 0x0, &(0x7f00000001c0)=',\x10\xec]$R\xaf\xf18\'\x99\xfc\xa1\xef\xff3\xd5\x9f\x9d\xff;L\xde<\xb8\xe5\xc4\x8c\xba2A\xaa6\x1d\x97,\xa7t3\x14\x1f\x94\x1b\xebzGY\x83\xa8\x0e\xc3Q\xb81\xf4\xea\xa2D\xd3\xf4\'\xea29\x80\xd3\xd7\xc2L\x8a\xe52W$)\x0e,\xf1P\xd4\xb1|z\xe5R\xb5.\xe4\xa7\xad\xd1\xbfRB\xeduL\xa9k') r1 = gettid() tkill(r1, 0x3c) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, &(0x7f00000002c0)) recvmmsg(r3, &(0x7f0000008880), 0x33b96d8691577f5, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x34) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x400000, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0) getdents64(r6, &(0x7f0000000100)=""/79, 0x1000001b3) getsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x6cb86c33a2eb45b, &(0x7f0000000240)={@initdev, @initdev}, 0x0) [ 77.900238][ T7884] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.909410][ T7884] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 77.918108][ T7884] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 77.921027][ T7913] devpts: called with bogus options [ 77.927104][ T7884] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.939844][ T7884] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.948154][ T7884] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 12:25:45 executing program 1: creat(&(0x7f0000000300)='./file0\x00', 0x432c6ec56617cc7d) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) socket(0x0, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb), 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb), 0x0) dup(0xffffffffffffffff) getsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000740)={@initdev, @initdev}, 0x0) write$UHID_INPUT2(0xffffffffffffffff, 0x0, 0x0) mount(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000180)='devpts\x00', 0x0, &(0x7f00000001c0)=',\x10\xec]$R\xaf\xf18\'\x99\xfc\xa1\xef\xff3\xd5\x9f\x9d\xff;L\xde<\xb8\xe5\xc4\x8c\xba2A\xaa6\x1d\x97,\xa7t3\x14\x1f\x94\x1b\xebzGY\x83\xa8\x0e\xc3Q\xb81\xf4\xea\xa2D\xd3\xf4\'\xea29\x80\xd3\xd7\xc2L\x8a\xe52W$)\x0e,\xf1P\xd4\xb1|z\xe5R\xb5.\xe4\xa7\xad\xd1\xbfRB\xeduL\xa9k') r1 = gettid() tkill(r1, 0x3c) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, &(0x7f00000002c0)) recvmmsg(r3, &(0x7f0000008880), 0x33b96d8691577f5, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x34) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x400000, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0) getdents64(r6, &(0x7f0000000100)=""/79, 0x1000001b3) getsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x6cb86c33a2eb45b, &(0x7f0000000240)={@initdev, @initdev}, 0x0) [ 77.955718][ T7884] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 77.963499][ T7884] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 77.972350][ T7884] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 77.981973][ T7884] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 77.983163][ T7918] devpts: called with bogus options [ 77.999537][ T1193] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 78.011682][ T1193] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 78.023776][ T1193] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 78.033378][ T1193] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 78.042907][ T1193] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 78.057390][ T7881] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network 12:25:45 executing program 1: creat(&(0x7f0000000300)='./file0\x00', 0x432c6ec56617cc7d) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) socket(0x0, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb), 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb), 0x0) dup(0xffffffffffffffff) getsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000740)={@initdev, @initdev}, 0x0) write$UHID_INPUT2(0xffffffffffffffff, 0x0, 0x0) mount(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000180)='devpts\x00', 0x0, &(0x7f00000001c0)=',\x10\xec]$R\xaf\xf18\'\x99\xfc\xa1\xef\xff3\xd5\x9f\x9d\xff;L\xde<\xb8\xe5\xc4\x8c\xba2A\xaa6\x1d\x97,\xa7t3\x14\x1f\x94\x1b\xebzGY\x83\xa8\x0e\xc3Q\xb81\xf4\xea\xa2D\xd3\xf4\'\xea29\x80\xd3\xd7\xc2L\x8a\xe52W$)\x0e,\xf1P\xd4\xb1|z\xe5R\xb5.\xe4\xa7\xad\xd1\xbfRB\xeduL\xa9k') r1 = gettid() tkill(r1, 0x3c) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, &(0x7f00000002c0)) recvmmsg(r3, &(0x7f0000008880), 0x33b96d8691577f5, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x34) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x400000, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0) getdents64(r6, &(0x7f0000000100)=""/79, 0x1000001b3) getsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x6cb86c33a2eb45b, &(0x7f0000000240)={@initdev, @initdev}, 0x0) [ 78.068641][ T7881] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network 12:25:45 executing program 0: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="1c0000001a009b8a14000000ff0000adf87e28000000000000000000", 0x1c) recvmmsg(r0, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400}) [ 78.091885][ T7931] devpts: called with bogus options 12:25:45 executing program 2: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$sock_SIOCADDDLCI(r1, 0x8980, 0x0) [ 78.092321][ T3049] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 78.112836][ T3049] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 78.121592][ T3049] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 78.130135][ T3049] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 78.138665][ T3049] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 78.161430][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 78.169523][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 78.180026][ T7881] 8021q: adding VLAN 0 to HW filter on device batadv0 12:25:45 executing program 2: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$sock_SIOCADDDLCI(r1, 0x8980, 0x0) 12:25:45 executing program 3: pipe(&(0x7f00000001c0)) r0 = socket$inet6(0xa, 0x80003, 0xff) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b2071") r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f00000000c0)=0x2c, 0x4) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) setsockopt$sock_int(r1, 0x1, 0x24, &(0x7f0000000200)=0x6, 0xff34) getsockopt$sock_buf(r1, 0x1, 0x1a, &(0x7f0000000100)=""/53, &(0x7f0000000040)=0x35) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000540)=0x195d, 0x4) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x4e22}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0x200408d4, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) 12:25:45 executing program 0: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="1c0000001a009b8a14000000ff0000adf87e28000000000000000000", 0x1c) recvmmsg(r0, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400}) 12:25:46 executing program 2: pipe(&(0x7f00000001c0)) r0 = socket$inet6(0xa, 0x80003, 0xff) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b2071") r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f00000000c0)=0x2c, 0x4) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) setsockopt$sock_int(r1, 0x1, 0x24, &(0x7f0000000200)=0x6, 0xff34) getsockopt$sock_buf(r1, 0x1, 0x1a, &(0x7f0000000100)=""/53, &(0x7f0000000040)=0x35) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000540)=0x195d, 0x4) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x4e22}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0x200408d4, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) 12:25:46 executing program 3: pipe(&(0x7f00000001c0)) r0 = socket$inet6(0xa, 0x80003, 0xff) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b2071") r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f00000000c0)=0x2c, 0x4) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) setsockopt$sock_int(r1, 0x1, 0x24, &(0x7f0000000200)=0x6, 0xff34) getsockopt$sock_buf(r1, 0x1, 0x1a, &(0x7f0000000100)=""/53, &(0x7f0000000040)=0x35) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000540)=0x195d, 0x4) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x4e22}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0x200408d4, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) [ 78.710569][ C1] hrtimer: interrupt took 25252 ns [ 239.205709][ T1103] INFO: task syz-executor.0:7955 blocked for more than 143 seconds. [ 239.214883][ T1103] Not tainted 5.4.0-syzkaller #0 [ 239.221918][ T1103] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 239.230815][ T1103] syz-executor.0 D28072 7955 7872 0x00004004 [ 239.237843][ T1103] Call Trace: [ 239.241700][ T1103] __schedule+0x8e1/0x1f30 [ 239.246504][ T1103] ? __sched_text_start+0x8/0x8 [ 239.252039][ T1103] ? __kasan_check_read+0x11/0x20 [ 239.257492][ T1103] ? __lock_acquire+0x16f2/0x4a00 [ 239.262840][ T1103] ? debug_object_active_state+0x28a/0x350 [ 239.269246][ T1103] schedule+0xdc/0x2b0 [ 239.273555][ T1103] schedule_timeout+0x717/0xc50 [ 239.278853][ T1103] ? __kasan_check_read+0x11/0x20 [ 239.284283][ T1103] ? usleep_range+0x170/0x170 [ 239.290050][ T1103] ? mark_held_locks+0xa4/0xf0 [ 239.294980][ T1103] ? _raw_spin_unlock_irq+0x23/0x80 [ 239.300887][ T1103] ? wait_for_completion+0x294/0x440 [ 239.306578][ T1103] ? _raw_spin_unlock_irq+0x23/0x80 [ 239.312223][ T1103] ? lockdep_hardirqs_on+0x421/0x5e0 [ 239.318226][ T1103] ? trace_hardirqs_on+0x67/0x240 [ 239.324045][ T1103] wait_for_completion+0x29c/0x440 [ 239.330769][ T1103] ? wait_for_completion_interruptible+0x470/0x470 [ 239.338026][ T1103] ? wake_up_q+0x140/0x140 [ 239.343000][ T1103] __wait_rcu_gp+0x225/0x2f0 [ 239.348151][ T1103] synchronize_rcu.part.0+0xcf/0xe0 [ 239.353896][ T1103] ? synchronize_rcu_expedited+0x5f0/0x5f0 [ 239.360188][ T1103] ? __call_rcu+0x740/0x740 [ 239.364972][ T1103] ? rcu_gp_is_expedited+0x70/0x70 [ 239.370499][ T1103] synchronize_rcu+0x27/0xa0 [ 239.375858][ T1103] perf_trace_event_unreg.isra.0+0xcb/0x220 [ 239.382221][ T1103] perf_trace_destroy+0xbc/0x100 [ 239.387365][ T1103] tp_perf_event_destroy+0x16/0x20 [ 239.392752][ T1103] ? perf_tp_event_init+0x120/0x120 [ 239.398265][ T1103] _free_event+0x35c/0x1410 [ 239.403078][ T1103] ? ring_buffer_attach+0x650/0x650 [ 239.408765][ T1103] put_event+0x47/0x60 [ 239.412905][ T1103] perf_event_release_kernel+0x772/0xef0 [ 239.418762][ T1103] ? __perf_event_exit_context+0x170/0x170 [ 239.424889][ T1103] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 239.431600][ T1103] perf_release+0x37/0x50 [ 239.436541][ T1103] __fput+0x2ff/0x890 [ 239.441177][ T1103] ? perf_event_release_kernel+0xef0/0xef0 [ 239.447743][ T1103] ____fput+0x16/0x20 [ 239.451969][ T1103] task_work_run+0x145/0x1c0 [ 239.456789][ T1103] exit_to_usermode_loop+0x316/0x380 [ 239.462418][ T1103] do_syscall_64+0x676/0x790 [ 239.467420][ T1103] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 239.473613][ T1103] RIP: 0033:0x413d81 [ 239.478095][ T1103] Code: 89 44 24 10 e8 40 c1 04 00 48 8b 6c 24 18 48 83 c4 20 c3 48 8b 4c 24 30 48 89 0c 24 48 8b 4c 24 38 48 89 4c 24 08 48 89 44 24 <10> e8 99 0c 00 00 48 8b 44 24 40 eb b5 48 8b 44 24 40 eb ae 48 8b [ 239.499367][ T1103] RSP: 002b:00007ffcbd8ad910 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 239.508404][ T1103] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000413d81 [ 239.516892][ T1103] RDX: 0000001b2fb20000 RSI: 0000000000000000 RDI: 0000000000000003 [ 239.525692][ T1103] RBP: 000000000071c980 R08: ffffffff8133dbdf R09: 000000006ccbe139 [ 239.534801][ T1103] R10: 00007ffcbd8ada40 R11: 0000000000000293 R12: 0000000000000001 [ 239.543877][ T1103] R13: 0000000000721320 R14: 0000000000721328 R15: 00007ffcbd8ada20 [ 239.553253][ T1103] ? __do_page_fault+0x1f/0xd80 [ 239.558837][ T1103] [ 239.558837][ T1103] Showing all locks held in the system: [ 239.567553][ T1103] 1 lock held by khungtaskd/1103: [ 239.573050][ T1103] #0: ffffffff891a4080 (rcu_read_lock){....}, at: debug_show_all_locks+0x5f/0x279 [ 239.587540][ T1103] 2 locks held by getty/7816: [ 239.592924][ T1103] #0: ffff8880203a4090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 239.608474][ T1103] #1: ffffc9000400a2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 239.621988][ T1103] 2 locks held by getty/7817: [ 239.626815][ T1103] #0: ffff888029a5e090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 239.637355][ T1103] #1: ffffc900040022e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 239.652366][ T1103] 2 locks held by getty/7818: [ 239.659067][ T1103] #0: ffff88802bef7090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 239.672215][ T1103] #1: ffffc9000401a2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 239.684811][ T1103] 2 locks held by getty/7819: [ 239.690847][ T1103] #0: ffff88802a731090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 239.700849][ T1103] #1: ffffc900040222e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 239.710555][ T1103] 2 locks held by getty/7820: [ 239.715207][ T1103] #0: ffff8880254cc090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 239.726914][ T1103] #1: ffffc900040162e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 239.739979][ T1103] 2 locks held by getty/7821: [ 239.746539][ T1103] #0: ffff88802b2ad090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 239.758157][ T1103] #1: ffffc9000401e2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 239.771521][ T1103] 2 locks held by getty/7822: [ 239.777578][ T1103] #0: ffff88802af57090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 239.789628][ T1103] #1: ffffc900026f22e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 239.802136][ T1103] 1 lock held by syz-executor.1/7945: [ 239.808156][ T1103] 1 lock held by syz-executor.0/7955: [ 239.813815][ T1103] #0: ffffffff891e8e40 (event_mutex){+.+.}, at: perf_trace_destroy+0x28/0x100 [ 239.822938][ T1103] [ 239.825421][ T1103] ============================================= [ 239.825421][ T1103] [ 239.833842][ T1103] NMI backtrace for cpu 2 [ 239.838332][ T1103] CPU: 2 PID: 1103 Comm: khungtaskd Not tainted 5.4.0-syzkaller #0 [ 239.846297][ T1103] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 239.848266][ T1103] Call Trace: [ 239.848266][ T1103] dump_stack+0x197/0x210 [ 239.848266][ T1103] nmi_cpu_backtrace.cold+0x70/0xb2 [ 239.848266][ T1103] ? vprintk_func+0x86/0x189 [ 239.848266][ T1103] ? lapic_can_unplug_cpu.cold+0x3a/0x3a [ 239.848266][ T1103] nmi_trigger_cpumask_backtrace+0x23b/0x28b [ 239.848266][ T1103] arch_trigger_cpumask_backtrace+0x14/0x20 [ 239.848266][ T1103] watchdog+0xb11/0x10c0 [ 239.848266][ T1103] kthread+0x361/0x430 [ 239.848266][ T1103] ? reset_hung_task_detector+0x30/0x30 [ 239.848266][ T1103] ? kthread_mod_delayed_work+0x1f0/0x1f0 [ 239.848266][ T1103] ret_from_fork+0x24/0x30 [ 239.848266][ C2] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 239.848266][ C2] rcu: 0-....: (9842 ticks this GP) idle=5da/1/0x4000000000000002 softirq=13077/13077 fqs=4978 [ 239.848266][ C2] (detected by 2, t=10507 jiffies, g=4841, q=1673) [ 239.942386][ T1103] Sending NMI from CPU 2 to CPUs 0-1,3: [ 239.948301][ C1] NMI backtrace for cpu 1 skipped: idling at native_safe_halt+0xe/0x10 [ 239.948595][ C3] NMI backtrace for cpu 3 [ 239.948602][ C3] CPU: 3 PID: 7885 Comm: kworker/u16:3 Not tainted 5.4.0-syzkaller #0 [ 239.948609][ C3] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 239.948613][ C3] Workqueue: bat_events batadv_nc_worker [ 239.948622][ C3] RIP: 0010:rcu_dynticks_curr_cpu_in_eqs+0x6/0xb0 [ 239.948633][ C3] Code: 00 00 00 00 55 48 89 e5 e8 97 ac ff ff 65 48 8b 3c 25 c0 1e 02 00 e8 39 bd ff ff 5d c3 0f 1f 80 00 00 00 00 55 48 89 e5 41 54 <53> 48 c7 c3 40 81 03 00 48 83 ec 08 e8 e9 ba f0 01 48 ba 00 00 00 [ 239.948637][ C3] RSP: 0018:ffff88806de87cb8 EFLAGS: 00000283 [ 239.948646][ C3] RAX: ffff888029c90000 RBX: ffff8880292bfc00 RCX: ffffffff875ed2f5 [ 239.948651][ C3] RDX: 0000000000000000 RSI: ffffffff875ed673 RDI: 0000000000000001 [ 239.948654][ C3] RBP: ffff88806de87cc0 R08: ffff888029c90000 R09: fffffbfff153779d [ 239.948658][ C3] R10: ffff888029c908e8 R11: ffff888029c90000 R12: 0000000000000000 [ 239.948662][ C3] R13: 000000000000018e R14: ffff8880292dcc70 R15: dffffc0000000000 [ 239.948669][ C3] FS: 0000000000000000(0000) GS:ffff88802d500000(0000) knlGS:0000000000000000 [ 239.948673][ C3] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 239.948679][ C3] CR2: ffffffffff600400 CR3: 0000000026a8a000 CR4: 00000000003406e0 [ 239.948684][ C3] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 239.948690][ C3] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 239.948693][ C3] Call Trace: [ 239.948697][ C3] rcu_is_watching+0x10/0x30 [ 239.948701][ C3] batadv_nc_worker+0x4c8/0x760 [ 239.948705][ C3] process_one_work+0x9af/0x1740 [ 239.948709][ C3] ? pwq_dec_nr_in_flight+0x320/0x320 [ 239.948713][ C3] ? lock_acquire+0x190/0x410 [ 239.948717][ C3] worker_thread+0x98/0xe40 [ 239.948721][ C3] ? trace_hardirqs_on+0x67/0x240 [ 239.948724][ C3] kthread+0x361/0x430 [ 239.948728][ C3] ? process_one_work+0x1740/0x1740 [ 239.948733][ C3] ? kthread_mod_delayed_work+0x1f0/0x1f0 [ 239.948737][ C3] ret_from_fork+0x24/0x30 [ 239.948742][ C0] NMI backtrace for cpu 0 [ 239.948747][ C0] CPU: 0 PID: 7945 Comm: syz-executor.1 Not tainted 5.4.0-syzkaller #0 [ 239.948752][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 239.948755][ C0] RIP: 0010:preempt_schedule_irq+0xab/0x160 [ 239.948763][ C0] Code: 00 00 e8 d8 d8 d4 f9 e8 43 b5 fe f9 4c 89 f0 48 c1 e8 03 80 3c 18 00 75 7d 48 83 3d 96 81 97 01 00 74 6f fb 66 0f 1f 44 00 00 01 00 00 00 e8 0b d2 ff ff 48 c7 c0 60 34 13 89 48 c1 e8 03 80 [ 239.948765][ C0] RSP: 0018:ffff88806da3f588 EFLAGS: 00000286 [ 239.948771][ C0] RAX: 1ffffffff122668d RBX: dffffc0000000000 RCX: 0000000000000000 [ 239.948774][ C0] RDX: 0000000000000000 RSI: 0000000000000006 RDI: ffff88800bc04c14 [ 239.948778][ C0] RBP: ffff88806da3f5a8 R08: ffff88800bc04380 R09: 0000000000000000 [ 239.948781][ C0] R10: 0000000000000000 R11: 0000000000000000 R12: ffffed1001780870 [ 239.948785][ C0] R13: ffff88800bc04380 R14: ffffffff89133468 R15: 0000000000000000 [ 239.948788][ C0] FS: 00007fceb7778700(0000) GS:ffff88802d200000(0000) knlGS:0000000000000000 [ 239.948791][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 239.948795][ C0] CR2: ffffffffff600400 CR3: 000000000906d000 CR4: 00000000003406f0 [ 239.948798][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 239.948802][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 239.948804][ C0] Call Trace: [ 239.948806][ C0] retint_kernel+0x1b/0x2b [ 239.948809][ C0] RIP: 0010:free_pages_and_swap_cache+0x147/0x3f0 [ 239.948816][ C0] Code: 3c 18 00 0f 85 8d 02 00 00 4d 8b 36 48 c7 c7 ff ff ff ff 4c 89 f6 e8 f8 e9 c9 ff 49 83 fe ff 0f 84 90 01 00 00 e8 49 e8 c9 ff <48> 8b 45 c8 48 c1 e8 03 80 3c 18 00 0f 85 4c 02 00 00 49 8b 44 24 [ 239.948819][ C0] RSP: 0018:ffff88806da3f668 EFLAGS: 00010293 ORIG_RAX: ffffffffffffff13 [ 239.948825][ C0] RAX: ffff88800bc04380 RBX: dffffc0000000000 RCX: ffffffff81aaf5c8 [ 239.948828][ C0] RDX: 0000000000000000 RSI: ffffffff81aaf5d7 RDI: 0000000000000007 [ 239.948832][ C0] RBP: ffff88806da3f6c8 R08: ffff88800bc04380 R09: fffff94000069ca9 [ 239.948835][ C0] R10: fffff94000069ca8 R11: ffffea000034e547 R12: ffffea000034e580 [ 239.948839][ C0] R13: ffffea000034e580 R14: 00fffe0000000008 R15: 000000000000002a [ 239.948841][ C0] ? free_pages_and_swap_cache+0x138/0x3f0 [ 239.948844][ C0] ? free_pages_and_swap_cache+0x147/0x3f0 [ 239.948847][ C0] ? free_pages_and_swap_cache+0x147/0x3f0 [ 239.948849][ C0] tlb_flush_mmu+0x89/0x630 [ 239.948851][ C0] unmap_page_range+0x1c61/0x2ac0 [ 239.948854][ C0] ? __schedule+0x150a/0x1f30 [ 239.948856][ C0] ? vm_normal_page_pmd+0x420/0x420 [ 239.948858][ C0] ? retint_kernel+0x2b/0x2b [ 239.948861][ C0] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 239.948863][ C0] ? uprobe_munmap+0xad/0x320 [ 239.948866][ C0] unmap_single_vma+0x19d/0x300 [ 239.948868][ C0] unmap_vmas+0x184/0x2f0 [ 239.948870][ C0] ? zap_vma_ptes+0x110/0x110 [ 239.948873][ C0] ? lockdep_hardirqs_on+0x421/0x5e0 [ 239.948875][ C0] ? __kasan_check_write+0x14/0x20 [ 239.948877][ C0] exit_mmap+0x2ba/0x530 [ 239.948880][ C0] ? __ia32_sys_munmap+0x80/0x80 [ 239.948882][ C0] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 239.948885][ C0] ? __khugepaged_exit+0xcf/0x410 [ 239.948887][ C0] mmput+0x179/0x4d0 [ 239.948889][ C0] do_exit+0x806/0x2ef0 [ 239.948891][ C0] ? mm_update_next_owner+0x7c0/0x7c0 [ 239.948894][ C0] ? lock_downgrade+0x920/0x920 [ 239.948896][ C0] ? _raw_spin_unlock_irq+0x23/0x80 [ 239.948898][ C0] ? get_signal+0x392/0x24f0 [ 239.948901][ C0] ? _raw_spin_unlock_irq+0x23/0x80 [ 239.948903][ C0] do_group_exit+0x135/0x360 [ 239.948905][ C0] get_signal+0x47c/0x24f0 [ 239.948908][ C0] ? __fd_install+0x1fb/0x640 [ 239.948910][ C0] ? fd_install+0x4d/0x60 [ 239.948912][ C0] do_signal+0x87/0x1700 [ 239.948914][ C0] ? perf_event_set_output+0x4e0/0x4e0 [ 239.948917][ C0] ? setup_sigcontext+0x7d0/0x7d0 [ 239.948919][ C0] ? put_timespec64+0xda/0x140 [ 239.948922][ C0] ? exit_to_usermode_loop+0x43/0x380 [ 239.948924][ C0] ? do_syscall_64+0x676/0x790 [ 239.948926][ C0] ? exit_to_usermode_loop+0x43/0x380 [ 239.948929][ C0] ? lockdep_hardirqs_on+0x421/0x5e0 [ 239.948931][ C0] ? trace_hardirqs_on+0x67/0x240 [ 239.948934][ C0] exit_to_usermode_loop+0x286/0x380 [ 239.948936][ C0] do_syscall_64+0x676/0x790 [ 239.948939][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 239.948941][ C0] RIP: 0033:0x45a759 [ 239.948943][ C0] Code: Bad RIP value. [ 239.948945][ C0] RSP: 002b:00007fceb7777c88 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 239.948951][ C0] RAX: 0000000000000007 RBX: 000000000071c0f8 RCX: 000000000045a759 [ 239.948955][ C0] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 000000002001d000 [ 239.948958][ C0] RBP: 0000000000000005 R08: 0000000000000000 R09: 0000000000000000 [ 239.948962][ C0] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007fceb77786d4 [ 239.948965][ C0] R13: 00000000004aec17 R14: 00000000006f1cb0 R15: 00000000ffffffff [ 239.949682][ T1103] Kernel panic - not syncing: hung_task: blocked tasks [ 239.958056][ T1103] CPU: 2 PID: 1103 Comm: khungtaskd Not tainted 5.4.0-syzkaller #0 [ 239.958056][ T1103] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 239.958056][ T1103] Call Trace: [ 239.958056][ T1103] dump_stack+0x197/0x210 [ 239.958056][ T1103] panic+0x2e3/0x75c [ 239.958056][ T1103] ? add_taint.cold+0x16/0x16 [ 239.958056][ T1103] ? lapic_can_unplug_cpu.cold+0x3a/0x3a [ 239.958056][ T1103] ? ___preempt_schedule+0x16/0x18 [ 239.958056][ T1103] ? nmi_trigger_cpumask_backtrace+0x21b/0x28b [ 239.958056][ T1103] ? nmi_trigger_cpumask_backtrace+0x24c/0x28b [ 239.958056][ T1103] ? nmi_trigger_cpumask_backtrace+0x256/0x28b [ 239.958056][ T1103] ? nmi_trigger_cpumask_backtrace+0x21b/0x28b [ 239.958056][ T1103] watchdog+0xb22/0x10c0 [ 239.958056][ T1103] kthread+0x361/0x430 [ 239.958056][ T1103] ? reset_hung_task_detector+0x30/0x30 [ 239.958056][ T1103] ? kthread_mod_delayed_work+0x1f0/0x1f0 [ 239.958056][ T1103] ret_from_fork+0x24/0x30 [ 239.958056][ T1103] Kernel Offset: disabled [ 239.958056][ T1103] Rebooting in 86400 seconds..