syzkaller login: [ 63.146168][ T38] audit: type=1400 audit(1575024328.518:41): avc: denied { map } for pid=7755 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '[localhost]:22439' (ECDSA) to the list of known hosts. [ 75.822338][ T38] audit: type=1400 audit(1575024341.188:42): avc: denied { map } for pid=7772 comm="syz-fuzzer" path="/syz-fuzzer" dev="sda1" ino=16525 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 2019/11/29 10:45:41 fuzzer started 2019/11/29 10:45:42 dialing manager at 10.0.2.10:46599 2019/11/29 10:45:42 syscalls: 2543 2019/11/29 10:45:42 code coverage: enabled 2019/11/29 10:45:42 comparison tracing: enabled 2019/11/29 10:45:42 extra coverage: extra coverage is not supported by the kernel 2019/11/29 10:45:42 setuid sandbox: enabled 2019/11/29 10:45:42 namespace sandbox: enabled 2019/11/29 10:45:42 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/29 10:45:42 fault injection: enabled 2019/11/29 10:45:42 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/29 10:45:42 net packet injection: enabled 2019/11/29 10:45:42 net device setup: enabled 2019/11/29 10:45:42 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/11/29 10:45:42 devlink PCI setup: PCI device 0000:00:10.0 is not available 10:45:58 executing program 0: socket$kcm(0x2b, 0xd, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu//.\xf3l\x03@\x05:$\x92\t72\a|6\xaf\tW\xda\xea\xf2\x897~', 0x1ff) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r1 = perf_event_open(&(0x7f0000000340)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdirat$cgroup(r0, &(0x7f0000000180)='syz0\x00', 0x1ff) close(r1) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x89a0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x89a1, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x40) sendmsg$kcm(r0, &(0x7f0000002200)={&(0x7f00000003c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="800000000000000014010000f03b000014460dbd03a2113c0f986d249bf200449545a603ade3b0edc057017987dfc6d88a6ec95f3a366dc9271b8ca701583ac3fd971c6bafb4a64f6efa554712a49f94ebf763590649c41963b6041955d7f58d99d1efce47f520c8634948c2e826cddf732d0baeb6799eddd162e742fcef7eb738000000000000001f010000070000001f4a9778985d49a8a6a2184b7413a0201beb64632ea7d8ac3260bdf7caad1c13301dcacb75120000e800000000000000ff0100001f0000006c20be18a06c2adf223419c6fc9bae8064592bfb6b99d0c21153dbc22bf410d006000000abe64ddbf5806e7a86e3f61c284e1189909e2b85844221905af2cf62541e3a403b141055c32ad3d8cb320c1c5422b71c7283900a8f88c7df9af169fb7a682613d1f8129c4f00c0eb5fdcb7c58dd43b308e466d2ecebdab60d0613a641b6d196012977c363822930500000000000000fe85c19ec3863e2e06afb555673c8240a1b876e44c0b042afcec3198e23a5e12825cf70d4707f2230bf41238c6a28852af8666ac590875811985cf591b667845f0453d164898b273c592a9c6c3d33700a5b2f9fe5c6a18d7bedbf181db6fca390530bb0ce9b7cc6aa50bf4dc294f824f4a6dd3a47b06c7c53487d1a8cbe51433731d2a61ae8eca23257ed4d9f99706e568fca09d4e4aa264bded18c20e631158bc0407fd19b53e6f404ee89eca7af75ea01b2de396289ce26a5ece33f0ffe26051f4bcff9f1ce73588cccf658afdbd1f48485761a7457a9dd24300350513e84c4129cb765dc2fa75823196"], 0x20a}, 0x48010) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r2 = gettid() socket$kcm(0x29, 0x0, 0x0) r3 = gettid() bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={0xffffffffffffffff, 0xc0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=0x2000000000401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800)={0x2, 0x2, 0x4, 0x5}, &(0x7f0000000380)=0x7, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=0x10000}}, 0x10) r5 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r5) recvmsg(r5, &(0x7f0000000140)={0x0, 0x100000039, &(0x7f0000000000)=[{&(0x7f0000000380)=""/110, 0xffffffd9}], 0x1, 0x0, 0x4a}, 0x2f04) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000500)={r3, r5, 0x0, 0xd, &(0x7f0000000100)='/dev/net/tun\x00', r4}, 0x30) r6 = perf_event_open(&(0x7f0000000500)={0x5, 0x70, 0xa3, 0x3, 0x1f, 0x2, 0x0, 0x81, 0x10004, 0x4, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x2, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0xfffffff7, 0x0, @perf_config_ext={0x4, 0x1}, 0x8000, 0x7f, 0x3, 0x3, 0x800, 0x5, 0x5}, r3, 0xd, 0xffffffffffffffff, 0xc) perf_event_open(0x0, r2, 0x2, r6, 0x3) write$cgroup_subtree(r0, &(0x7f0000000040)=ANY=[@ANYPTR64], 0xff39) ioctl$TUNSETFILTEREBPF(r0, 0x6609, 0x0) [ 93.345503][ T38] audit: type=1400 audit(1575024358.718:43): avc: denied { map } for pid=7792 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=2156 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 10:45:58 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xffc7}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0100000000000000280012000c0001007665746800000000ececfac5e025573fb5926c7ae92af81800020814a79f7488f611d01cb85041b7f809000000004600006df0840107d3c3bc1747ef4939dd822dafd6037136a70f304dbcdee66ed673df5c98c00033e06a14e3b513ef72364106b249dd59b35aafee80aa0a9b2e3bbfb4941d2ed7d7fc3c3dae0a3a354339e3572311b364ba77c4e343d199812b3862a78324fd19d159913729e3afec87ff2f99746c2aed6d90fff50cc840f622b17a4a827b1a75991f90c9f4b905bba36c199b6615f31bca41e26bd754a284f1d5b0a45697de633a103c7f5c94ada8d5cc2436e9f6bca8371b6c9a7698be8528832757594a630928739d035cb506505793760350aacc93ddac01077a248b872ea0a14664865263377b586e8886915327a8fb7c5796cdc5a4e259513b02beba96f45b3d539f71508664536e", @ANYRES32=0x0, @ANYBLOB="0b4a1914200cc3ad134d722638676806c8290e7b562b6cf4fa7af6933aa62720930c5bde67868a7ae19a80ff6b106ddb9c0c311a7feda8455842b5365ce6d9082f1f056abd876b3e43df416758c774ccb2812e65015ed0b8842bd64eaedb3091495364373194c8291924cde4eb65b0168d36955facea07381b9a4e74fa4c0f111cc2fbf6cd1ea6877a05e7d76dc889950a0af8a3842cf9e6364c087a3d48f2dfc7e7f89b7aa5060d8e3c2e7630e2a22d7e017e36c2e9fcd5e64ba064ca4f8e00a658f5fefd6b640a426762cd0f8368575b72e7b5a6431e3e326a41614b2f54f06fa19d4a475b9da7f71d8bdc5e22c3e9e6ddfe7b23706ad4e0e97bef4388bbbdb5e2cb77e43eb48248565888a7a67a38fe5344e4d43ddccca47ad855d1174aed891ab7cb13c7773d32cee8d2a16aca453da8165308f03920d7fd3c360ebb9451374df5632af7bcadf36fd435da0c0217370b4c9a6e1d63e0fa0ccaaee41f1f885ea0e9e58e9828a4b8ba15adf788ec35a8b7812ec90544402f24fd4aa56d6b6cc69503e0b9937ba71bd84d4ad99d88d26ebe9d2d1634f5db9ae05d89fcffd8aea9e4d611fde1ce2b86c0e738a88254f9b55dac78a4cc4fba181da2a30d235de529b13e53d8d89a0000"], 0x48}}, 0x0) ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, &(0x7f0000000080)={@remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68]}, @dev, @local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100018, r4}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000140)={@local, @rand_addr="6409c0b80e989ba29fb30dc012b97603", @ipv4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400003, r4}) [ 93.501226][ T7793] IPVS: ftp: loaded support on port[0] = 21 [ 93.579455][ T7795] IPVS: ftp: loaded support on port[0] = 21 [ 93.579602][ T7793] chnl_net:caif_netlink_parms(): no params data found [ 93.626922][ T7793] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.635365][ T7793] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.643261][ T7793] device bridge_slave_0 entered promiscuous mode [ 93.654657][ T7793] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.662731][ T7793] bridge0: port 2(bridge_slave_1) entered disabled state 10:45:59 executing program 2: r0 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0) open_by_handle_at(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a000000010000001809"], 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) open_by_handle_at(r1, 0x0, 0x0) getsockopt$netlink(0xffffffffffffffff, 0x10e, 0x0, 0x0, &(0x7f0000000080)) r2 = syz_open_procfs(0x0, &(0x7f0000000380)='fd/4\x00\xa7$\xbf\x05l\xb8\t\xd0\x06\xae\b\x86$nV\x92M%\xfd)0m6Z\x05\xae\xa7\rM\bp\xa6Q\x871B\x973\xfe\x05\x12\xf3\xd496\xf9\x1aM6\xb2|\xc5\x05\xbc\xe71g\xe4<&\xd2\xd8g\xb6\xa2U\xae\x9a\x17F\xa5xi\xe8_\xa8R\x96d\x99\xf6_E\xd0\x8f<\xa840\xd6\x84\xd0\x17\xafP\'\xdc{\b\x94\x00Y+\x18N\xc6\x96Y\xf7\xd3`\\\xc9\x1f\a\xf9X\x125\xb9\xd6\xbf\x1a4V\x10\xa6Uq\xceN\xeb\xa8M\xb2?\xda\xfb\xb1\x9d\x94\x13O\xab\xde\xc0t\x8c\")\x05~\x0f\xb8\xf3\xf6d\xbe\xad\xee\"\xaa\x91\x05\xcb9A\x1a\x8d&\x9e\x81\xcf\x9eWvT\x8a\xbfl\x8a\x83%\xec\x94\xfd\x90\xeb\xb3\xa3\xa8\x90\x90\xdb\xc2X\xf48\xd1\x83Eu\xe5c\xd7\xb7qe\xab\xae\xef*\x9e\x95\xde\xa0\x894r[\\\xc4?\xb7\xcfo\xdb\xbeR\xc5\xbc\xb34\xbe}\xf7n/4}\xbc.t\x94\x1c%\xcb\x93\xea\"Aa(\xd6FX\xd8\b\xd1\x10N{\xe8\xbc)\xc8\x1e6\xff\x95\xa3\xf3\x84\xf4\xa5\xe8f\xc2@\x1f7h\xb3\xd6\xab\x9a\x03\x95>V\\\xc4%T\x94M\xc7`\x83\xa1\xa0\xc8gn\xe3\xfe\xef[\xb3\xbd\x18R\x1b=\xab\x97$\x03\xaa\x84C\x0eWD\xeea\xf5\xb9\x82\xea\xbd5:\"\xf6f/\xa1\x8f%8\xa8\x1e\xcf\xb6\xa7\xe1\x1b1\x94\xc1G\xf9\xfc\xc77\x1c\x00'/376) write$apparmor_exec(r2, &(0x7f0000000600)={'\x9bH\x1b]P\x0e\x06C\xc3MY\x1d\x9b9%\a\x16\xb1\x9b=cy\xeaU\x0e3\\C6\x9bmwH_\xcb\xaa\xc7\xa6\x10&\xb0A\tim\x9bL\xd21\xd2\xbe\xddEf \xa0\xa6v\xf7\xe7\x89\xec\xbf\xc8\x97\xb37\xf0\x10\xcd\xd9\xaf;\xec\xccT\x9e\xe0\xbaw3\xc4K\v\x0e\xca\xdb\xa5\xe6\x91\xdc\x8d3\xf8\xec/\xa4U\x87\x02g\x06k\x9fW[.c\xb1\xd4y\xd4\xca=\f\xd8Q[\xacb\xa3f4\x9el\x90\x878[\x00\xd9\x04\x1a\xa6\xa4\x17\xa6(\x05tl\x17\xef\x1bU\xfbD\xec\x88\xd4\xa0&\xdb\x95wp\xfb\x01[\x8c\xc4(\xbb)\xf3\xa9\x1b\tt\xd3W\x11t\x1f\xa4n\xfd:\x90${\xc5\x16\xa5\x96\x88\xc78\xc0g\xb9\xbe\xbd1\x11}\x8d\'\x15+\xfe\x91\xed\x1e\xeb]\xfa\x9dS\xe6\x12\x9f\r\xc8\x81\xca\xd9\f\xfd\xc8/\xb99\xaa\x1a\r\x92\xae\xb6\xd2\xb8\xb7\f[\xd8y\xc6O\xcfE\xb4\xe6\x16\x1fT\x1e\x9b\x9c\f\x8d\xed1\x96\"\x83\x98\xb1S`\xc7\'\xc2\xbf\xb7', 'fd/4\x00\xa7$\xbf\x05l\xb8\t\xd0\x06\xae\b\x86$dV\x92M%\xfd)0m6Z\x05\xae\xa7\rM\bp\xa6Q\x9b\x0fJ\x973\xfe\x05\x12\xf3\xd496\xf9\x1aM6\xb2|\xc5\x05\xbc\xe71g\xe4<&\xd2\xd8g\xb6\xa2U\xae\x9a\x17F\xa5xi\xe8_\xa8R\x96d\x99\xf6_E\xd0\x8f<\xa840\xd6\x84\xd0\x17\xafP\'\xdc{\b\x94\x00Y+\x18N\\\xc9\x1f\a\xf9X\x125\xb9\xd6\xbf\x1a4V\x10\xa6Uq\xceN\xeb\xa8M\xb2?\xda\xfb\xb1\x9d\x94\x13O\xab\xde\xc0t\x8c\")\x05~\x0f\xb8\xf3\xf6d\xbe\xad\xee\"\xaa\x91\x05\xcb9A\x1a\x8d&\x9e\x81\xcf\x9eWvT\x8a\xbfl\x8a\x83%\xec\x94\xfd\x90\xeb\xb3\xa3\xa8\x90\x90\xdb\xc2X\xf48\xd1\x83Eu\xe5c\xd7\xb7qe\xab\xae\xef*\x9e\x95\xde\xa0\x894r[\\\xc4?\xb7\xcfo\xdb\xbeR\xc5\xbc\xb34\xbe}\xf7n/4}\xbc.t\x94\x1c%\xcb\x93\xea\"Aa(\xd6FX\xd8\b\xd1\x10N{\xe8\xbc)\xc8\x1e6\xff\x95\xa3\xf3\x84\xf4\xa5\xe8f\xc2@\x1f7h\xb3\xd6\xab\x9a\x03\x95>V\\\xc4%T\x94M\xc7`\x83\xa1\xa0\xc8gn\xe3\xfe\xef[\xb3\xbd\x18R\x1b=\xab\x97$\x03\xaa\x84C\x0eWD\xeea\xf5\xb9\x82\xea\xbd5:\"\xf6f/\xa1\x8f%8\xa8\x1e\xcf\xb6\xa7\xe1\x1b1\x94\xc1G\xf9\xfc\xc77\x1c\x00'}, 0x50f) ioctl$RTC_WIE_ON(0xffffffffffffffff, 0x700f) [ 93.672049][ T7793] device bridge_slave_1 entered promiscuous mode [ 93.697009][ T7793] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.708954][ T7793] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.733526][ T7793] team0: Port device team_slave_0 added [ 93.742002][ T7793] team0: Port device team_slave_1 added [ 93.761518][ T7799] IPVS: ftp: loaded support on port[0] = 21 10:45:59 executing program 3: r0 = socket(0x10, 0x803, 0x2) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(r0, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000002c0)={0x0}}, 0x0) [ 93.826120][ T7793] device hsr_slave_0 entered promiscuous mode [ 93.924224][ T7793] device hsr_slave_1 entered promiscuous mode 10:45:59 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000040)=0x4, 0x4) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000012c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet6(r0, 0x0, 0x0, 0x20000013, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @empty}, 0x1c) [ 93.997772][ T7795] chnl_net:caif_netlink_parms(): no params data found [ 94.021851][ T7802] IPVS: ftp: loaded support on port[0] = 21 [ 94.059385][ T7804] IPVS: ftp: loaded support on port[0] = 21 [ 94.068039][ T38] audit: type=1400 audit(1575024359.438:44): avc: denied { create } for pid=7793 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 94.068508][ T38] audit: type=1400 audit(1575024359.438:45): avc: denied { write } for pid=7793 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 10:45:59 executing program 5: r0 = socket$inet6(0xa, 0x80003, 0x1) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="0805b5055e0bcfe8474071") r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000080)={'lo:\x05\xe6\r\x00\x00\x85\x01\x00\x00\x00\x12\x03\x00', {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}) socket$inet_tcp(0x2, 0x1, 0x0) [ 94.119346][ T38] audit: type=1400 audit(1575024359.468:46): avc: denied { read } for pid=7793 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 94.166723][ T7793] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.251368][ T7793] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.305637][ T7795] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.312690][ T7795] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.320441][ T7795] device bridge_slave_0 entered promiscuous mode [ 94.327620][ T7795] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.334698][ T7795] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.342446][ T7795] device bridge_slave_1 entered promiscuous mode [ 94.360878][ T7793] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 94.427053][ T7793] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.517491][ T7795] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.518298][ T7806] IPVS: ftp: loaded support on port[0] = 21 [ 94.534408][ T7795] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.579338][ T7795] team0: Port device team_slave_0 added [ 94.588445][ T7795] team0: Port device team_slave_1 added [ 94.594559][ T7799] chnl_net:caif_netlink_parms(): no params data found [ 94.705038][ T7795] device hsr_slave_0 entered promiscuous mode [ 94.763277][ T7795] device hsr_slave_1 entered promiscuous mode [ 94.843032][ T7795] debugfs: Directory 'hsr0' with parent '/' already present! [ 94.906380][ T7799] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.914938][ T7799] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.924074][ T7799] device bridge_slave_0 entered promiscuous mode [ 94.943989][ T7802] chnl_net:caif_netlink_parms(): no params data found [ 94.964484][ T7799] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.973236][ T7799] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.982083][ T7799] device bridge_slave_1 entered promiscuous mode [ 95.046178][ T7799] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.059250][ T7799] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.078527][ T7802] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.085696][ T7802] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.093705][ T7802] device bridge_slave_0 entered promiscuous mode [ 95.129765][ T7802] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.138066][ T7802] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.147703][ T7802] device bridge_slave_1 entered promiscuous mode [ 95.154597][ T7795] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 95.224681][ T7804] chnl_net:caif_netlink_parms(): no params data found [ 95.232835][ T7795] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 95.278031][ T7795] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 95.377891][ T7795] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 95.486095][ T7799] team0: Port device team_slave_0 added [ 95.492803][ T7806] chnl_net:caif_netlink_parms(): no params data found [ 95.503220][ T7799] team0: Port device team_slave_1 added [ 95.521852][ T7802] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.546805][ T7802] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.575369][ T7802] team0: Port device team_slave_0 added [ 95.583820][ T7802] team0: Port device team_slave_1 added [ 95.664811][ T7799] device hsr_slave_0 entered promiscuous mode [ 95.703247][ T7799] device hsr_slave_1 entered promiscuous mode [ 95.773025][ T7799] debugfs: Directory 'hsr0' with parent '/' already present! [ 95.810842][ T7804] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.818477][ T7804] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.826157][ T7804] device bridge_slave_0 entered promiscuous mode [ 95.856871][ T7806] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.864580][ T7806] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.872164][ T7806] device bridge_slave_0 entered promiscuous mode [ 95.881945][ T7793] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.888992][ T7804] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.896503][ T7804] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.904310][ T7804] device bridge_slave_1 entered promiscuous mode [ 95.915220][ T7799] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 95.955044][ T7799] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 96.054472][ T7806] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.061791][ T7806] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.069773][ T7806] device bridge_slave_1 entered promiscuous mode [ 96.085821][ T7806] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.100825][ T7806] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.164791][ T7802] device hsr_slave_0 entered promiscuous mode [ 96.224588][ T7802] device hsr_slave_1 entered promiscuous mode [ 96.283125][ T7802] debugfs: Directory 'hsr0' with parent '/' already present! [ 96.291983][ T7799] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 96.344816][ T7799] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 96.408216][ T7804] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.418921][ T7804] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.430026][ T7806] team0: Port device team_slave_0 added [ 96.439641][ T7806] team0: Port device team_slave_1 added [ 96.469638][ T2971] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 96.477909][ T2971] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 96.498378][ T7804] team0: Port device team_slave_0 added [ 96.509805][ T7793] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.527036][ T7804] team0: Port device team_slave_1 added [ 96.532828][ T7802] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 96.584567][ T7802] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 96.634645][ T7802] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 96.766533][ T7806] device hsr_slave_0 entered promiscuous mode [ 96.813162][ T7806] device hsr_slave_1 entered promiscuous mode [ 96.863152][ T7806] debugfs: Directory 'hsr0' with parent '/' already present! [ 96.879467][ T7802] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 96.946116][ T2971] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 96.955099][ T2971] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 96.966932][ T2971] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.974310][ T2971] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.989773][ T7814] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 96.998167][ T7814] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 97.007024][ T7814] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 97.018103][ T7814] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.025337][ T7814] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.104922][ T7804] device hsr_slave_0 entered promiscuous mode [ 97.143250][ T7804] device hsr_slave_1 entered promiscuous mode [ 97.183042][ T7804] debugfs: Directory 'hsr0' with parent '/' already present! [ 97.208186][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 97.227375][ T7795] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.237181][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 97.260082][ T7806] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 97.316640][ T7806] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 97.394635][ T7806] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 97.457619][ T1346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 97.466830][ T1346] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 97.482655][ T7806] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 97.524570][ T7804] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 97.584453][ T1346] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 97.592304][ T1346] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 97.601090][ T1346] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 97.614210][ T7793] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 97.625385][ T7793] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 97.644056][ T7804] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 97.714461][ T7814] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 97.722718][ T7814] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 97.731742][ T7814] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 97.740657][ T7814] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 97.749192][ T7814] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 97.757689][ T7814] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 97.765954][ T7814] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 97.783740][ T7793] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.794968][ T7795] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.805299][ T7804] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 97.844809][ T2784] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 97.852399][ T2784] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 97.867120][ T7799] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.873098][ T38] audit: type=1400 audit(1575024363.238:47): avc: denied { associate } for pid=7793 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 97.877530][ T7804] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 97.951939][ T1347] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 97.960870][ T1347] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 97.972587][ T1347] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.979858][ T1347] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.999281][ T7807] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 98.013215][ T38] audit: type=1400 audit(1575024363.378:48): avc: denied { open } for pid=7819 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 [ 98.037377][ T7807] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 98.045925][ T7807] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 98.058755][ T7807] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.066076][ T7807] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.074200][ T7807] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 98.096308][ T1347] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 98.104987][ T1347] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 98.113627][ T1347] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 98.121843][ T1347] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 98.129066][ T38] audit: type=1400 audit(1575024363.498:49): avc: denied { kernel } for pid=7819 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 [ 98.134507][ T1347] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 98.165659][ T7799] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.179739][ T7807] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 98.188172][ T7807] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 98.196188][ T7807] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 98.204449][ T7807] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 98.213310][ T7807] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 98.221742][ T7807] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.229057][ T7807] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.237581][ T7807] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 98.261008][ T4279] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 98.269357][ T4279] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 98.278327][ T4279] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.285121][ T4279] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.292643][ T4279] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 98.302508][ T4279] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 98.311195][ T4279] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 98.655475][ C3] hrtimer: interrupt took 56633 ns [ 104.222745][ T7802] 8021q: adding VLAN 0 to HW filter on device bond0 [ 104.237514][ T7802] 8021q: adding VLAN 0 to HW filter on device team0 [ 104.262556][ T7802] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 104.273108][ T7802] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 104.294850][ T7802] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 162.319338][ T1346] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 162.329225][ T1346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 162.337146][ T1346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 162.345879][ T1346] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 162.354797][ T1346] bridge0: port 1(bridge_slave_0) entered blocking state [ 162.362322][ T1346] bridge0: port 1(bridge_slave_0) entered forwarding state [ 162.370206][ T1346] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 162.378778][ T1346] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 162.387179][ T1346] bridge0: port 2(bridge_slave_1) entered blocking state [ 162.394343][ T1346] bridge0: port 2(bridge_slave_1) entered forwarding state [ 162.401922][ T1346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 162.410818][ T1346] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 162.419715][ T1346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 162.428774][ T1346] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 162.437505][ T1346] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 162.446139][ T1346] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 162.454855][ T1346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 162.463132][ T1346] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 162.471706][ T1346] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 162.479929][ T1346] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 162.488110][ T1346] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 162.495978][ T1346] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 162.504071][ T1346] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 162.512745][ T1346] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 162.520973][ T1346] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 208.822538][ T7807] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 316.782882][ C2] rcu: INFO: rcu_preempt self-detected stall on CPU [ 316.783042][ C2] rcu: 2-....: (1 GPs behind) idle=f02/1/0x4000000000000004 softirq=15110/15120 fqs=5142 [ 316.792963][ C2] (t=10502 jiffies g=5389 q=405) [ 316.802957][ C2] NMI backtrace for cpu 2 [ 316.802957][ C2] CPU: 2 PID: 7822 Comm: syz-executor.0 Not tainted 5.4.0-syzkaller #0 [ 316.813018][ C2] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 [ 316.813018][ C2] Call Trace: [ 316.813018][ C2] [ 316.813018][ C2] dump_stack+0x197/0x210 [ 316.813018][ C2] nmi_cpu_backtrace.cold+0x70/0xb2 [ 316.813018][ C2] ? lapic_can_unplug_cpu.cold+0x3a/0x3a [ 316.813018][ C2] nmi_trigger_cpumask_backtrace+0x23b/0x28b [ 316.813018][ C2] arch_trigger_cpumask_backtrace+0x14/0x20 [ 316.813018][ C2] rcu_dump_cpu_stacks+0x183/0x1cf [ 316.813018][ C2] ? find_next_bit+0x107/0x130 [ 316.813018][ C2] rcu_sched_clock_irq.cold+0x509/0xc02 [ 316.813018][ C2] ? raise_softirq+0x138/0x340 [ 316.813018][ C2] update_process_times+0x2d/0x70 [ 316.813018][ C2] tick_sched_handle+0xa2/0x190 [ 316.813018][ C2] tick_sched_timer+0x53/0x140 [ 316.813018][ C2] __hrtimer_run_queues+0x364/0xe40 [ 316.813018][ C2] ? tick_sched_do_timer+0x1b0/0x1b0 [ 316.813018][ C2] ? hrtimer_init+0x330/0x330 [ 316.813018][ C2] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 316.813018][ C2] ? ktime_get_update_offsets_now+0x2ce/0x430 [ 316.813018][ C2] hrtimer_interrupt+0x314/0x770 [ 316.813018][ C2] smp_apic_timer_interrupt+0x160/0x610 [ 316.813018][ C2] apic_timer_interrupt+0xf/0x20 [ 316.813018][ C2] RIP: 0010:addrconf_mod_rs_timer+0x40/0x140 [ 316.813018][ C2] Code: 48 8d bb f0 02 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 e3 00 00 00 48 83 bb f0 02 00 00 00 <74> 44 e8 89 c2 03 fb 48 c7 c0 00 90 00 89 48 ba 00 00 00 00 00 fc [ 316.813018][ C2] RSP: 0018:ffff88802d709c10 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 316.813018][ C2] RAX: dffffc0000000000 RBX: ffff88807b6f8000 RCX: ffffffff8672989e [ 316.813018][ C2] RDX: 1ffff1100f6df05e RSI: ffffffff86711b66 RDI: ffff88807b6f82f0 [ 316.813018][ C2] RBP: ffff88802d709c30 R08: ffff888013424080 R09: ffffed1005ae1376 [ 316.813018][ C2] R10: ffffed1005ae1375 R11: 0000000000000003 R12: 000000000000389a [ 316.813018][ C2] R13: ffff88807b6f8168 R14: 000000000000389a R15: ffff88807b6f8000 [ 316.813018][ C2] ? apic_timer_interrupt+0xa/0x20 [ 316.813018][ C2] ? addrconf_rs_timer+0x47e/0x6e0 [ 316.813018][ C2] ? addrconf_mod_rs_timer+0x16/0x140 [ 316.813018][ C2] addrconf_rs_timer+0x4a5/0x6e0 [ 316.813018][ C2] ? ipv6_get_lladdr+0x490/0x490 [ 316.813018][ C2] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 316.813018][ C2] call_timer_fn+0x1ac/0x780 [ 316.813018][ C2] ? ipv6_get_lladdr+0x490/0x490 [ 316.813018][ C2] ? msleep_interruptible+0x150/0x150 [ 316.813018][ C2] ? run_timer_softirq+0x6b1/0x1790 [ 316.813018][ C2] ? trace_hardirqs_on+0x67/0x240 [ 316.813018][ C2] ? ipv6_get_lladdr+0x490/0x490 [ 316.813018][ C2] ? ipv6_get_lladdr+0x490/0x490 [ 316.813018][ C2] run_timer_softirq+0x6c3/0x1790 [ 316.813018][ C2] ? add_timer+0x930/0x930 [ 316.813018][ C2] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 316.813018][ C2] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 316.813018][ C2] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 316.813018][ C2] __do_softirq+0x262/0x98c [ 316.813018][ C2] ? sched_clock_cpu+0x14e/0x1b0 [ 316.813018][ C2] irq_exit+0x19b/0x1e0 [ 316.813018][ C2] smp_apic_timer_interrupt+0x1a3/0x610 [ 316.813018][ C2] apic_timer_interrupt+0xf/0x20 [ 316.813018][ C2] [ 316.813018][ C2] RIP: 0010:_raw_spin_unlock_irq+0x4f/0x80 [ 316.813018][ C2] Code: c0 68 34 13 89 48 ba 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 75 33 48 83 3d 12 6a 96 01 00 74 20 fb 66 0f 1f 44 00 00 01 00 00 00 e8 e7 ab d3 f9 65 8b 05 18 54 85 78 85 c0 74 06 41 [ 316.813018][ C2] RSP: 0018:ffff88801342f8d8 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 [ 316.813018][ C2] RAX: 1ffffffff122668d RBX: ffff888013424080 RCX: 0000000000000006 [ 316.813018][ C2] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff888013424914 [ 316.813018][ C2] RBP: ffff88801342f8e0 R08: 1ffffffff15377ba R09: fffffbfff15377bb [ 316.813018][ C2] R10: fffffbfff15377ba R11: ffffffff8a9bbdd7 R12: ffff88802d737380 [ 316.813018][ C2] R13: ffff88802c868380 R14: ffff88807a54e100 R15: 0000000000000000 [ 316.813018][ C2] ? _raw_spin_unlock_irq+0x23/0x80 [ 316.813018][ C2] finish_task_switch+0x147/0x750 [ 316.813018][ C2] ? finish_task_switch+0x119/0x750 [ 316.813018][ C2] __schedule+0x8e9/0x1f30 [ 316.813018][ C2] ? __sched_text_start+0x8/0x8 [ 316.813018][ C2] ? __this_cpu_preempt_check+0x35/0x190 [ 316.813018][ C2] ? retint_kernel+0x2b/0x2b [ 316.813018][ C2] ? perf_duration_warn+0x40/0x40 [ 316.813018][ C2] ? preempt_schedule+0x4b/0x60 [ 316.813018][ C2] preempt_schedule_common+0x4f/0xe0 [ 316.813018][ C2] ? __perf_event_enable+0x930/0x930 [ 316.813018][ C2] preempt_schedule+0x4b/0x60 [ 316.813018][ C2] ___preempt_schedule+0x16/0x18 [ 316.813018][ C2] ? smp_call_function_single+0x40b/0x480 [ 316.813018][ C2] smp_call_function_single+0x410/0x480 [ 316.813018][ C2] ? perf_duration_warn+0x40/0x40 [ 316.813018][ C2] ? generic_exec_single+0x4c0/0x4c0 [ 316.813018][ C2] ? __do_sys_perf_event_open+0x174c/0x2c70 [ 316.813018][ C2] ? __perf_event_enable+0x930/0x930 [ 316.813018][ C2] task_function_call+0xe9/0x180 [ 316.813018][ C2] ? perf_event_addr_filters_exec+0x310/0x310 [ 316.813018][ C2] ? __do_sys_perf_event_open+0x174c/0x2c70 [ 316.813018][ C2] ? __perf_event_enable+0x930/0x930 [ 316.813018][ C2] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 316.813018][ C2] ? exclusive_event_installable+0x257/0x320 [ 316.813018][ C2] perf_install_in_context+0x308/0x5a0 [ 316.813018][ C2] ? list_add_event+0xed0/0xed0 [ 316.813018][ C2] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 316.813018][ C2] ? __perf_event_header_size.isra.0+0x166/0x1c0 [ 316.813018][ C2] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 316.813018][ C2] __do_sys_perf_event_open+0x1cbc/0x2c70 [ 316.813018][ C2] ? perf_event_set_output+0x4e0/0x4e0 [ 316.813018][ C2] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 316.813018][ C2] ? put_timespec64+0xda/0x140 [ 316.813018][ C2] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 316.813018][ C2] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 316.813018][ C2] ? do_syscall_64+0x26/0x790 [ 316.813018][ C2] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 316.813018][ C2] ? do_syscall_64+0x26/0x790 [ 316.813018][ C2] __x64_sys_perf_event_open+0xbe/0x150 [ 316.813018][ C2] do_syscall_64+0xfa/0x790 [ 316.813018][ C2] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 316.813018][ C2] RIP: 0033:0x45a759 [ 316.813018][ C2] Code: bd b1 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 8b b1 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 316.813018][ C2] RSP: 002b:00007f4491f11c88 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 316.813018][ C2] RAX: ffffffffffffffda RBX: 000000000071bfa8 RCX: 000000000045a759 [ 316.813018][ C2] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000020000700 [ 316.813018][ C2] RBP: 0000000000000005 R08: 0000000000000000 R09: 0000000000000000 [ 316.813018][ C2] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f4491f126d4 [ 316.813018][ C2] R13: 00000000004aec17 R14: 00000000006f1cb0 R15: 00000000ffffffff [ 321.633197][ T4279] rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 2-... } 10987 jiffies s: 341 root: 0x4/. [ 321.644926][ T4279] rcu: blocking rcu_node structures: [ 321.650067][ T4279] Task dump for CPU 2: [ 321.655221][ T4279] syz-executor.0 R running task 27680 7822 7793 0x8000400e [ 321.664266][ T4279] Call Trace: [ 321.667547][ T4279] __schedule+0x8e9/0x1f30 [ 321.671651][ T4279] ? __sched_text_start+0x8/0x8 [ 321.679042][ T4279] ? __this_cpu_preempt_check+0x35/0x190 [ 321.685843][ T4279] ? retint_kernel+0x2b/0x2b [ 321.691554][ T4279] ? perf_duration_warn+0x40/0x40 [ 321.697811][ T4279] ? preempt_schedule+0x4b/0x60 [ 321.702435][ T4279] preempt_schedule_common+0x4f/0xe0 [ 321.708681][ T4279] ? __perf_event_enable+0x930/0x930 [ 321.714268][ T4279] preempt_schedule+0x4b/0x60 [ 321.718911][ T4279] ___preempt_schedule+0x16/0x18 [ 321.723825][ T4279] ? smp_call_function_single+0x40b/0x480 [ 321.729431][ T4279] smp_call_function_single+0x410/0x480 [ 321.734824][ T4279] ? perf_duration_warn+0x40/0x40 [ 321.739739][ T4279] ? generic_exec_single+0x4c0/0x4c0 [ 321.745024][ T4279] ? __do_sys_perf_event_open+0x174c/0x2c70 [ 321.750866][ T4279] ? __perf_event_enable+0x930/0x930 [ 321.756276][ T4279] task_function_call+0xe9/0x180 [ 321.761034][ T4279] ? perf_event_addr_filters_exec+0x310/0x310 [ 321.766979][ T4279] ? __do_sys_perf_event_open+0x174c/0x2c70 [ 321.772638][ T4279] ? __perf_event_enable+0x930/0x930 [ 321.778206][ T4279] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 321.784626][ T4279] ? exclusive_event_installable+0x257/0x320 [ 321.790493][ T4279] perf_install_in_context+0x308/0x5a0 [ 321.796060][ T4279] ? list_add_event+0xed0/0xed0 [ 321.800742][ T4279] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 321.806790][ T4279] ? __perf_event_header_size.isra.0+0x166/0x1c0 [ 321.812734][ T4279] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 321.819238][ T4279] __do_sys_perf_event_open+0x1cbc/0x2c70 [ 321.824724][ T4279] ? perf_event_set_output+0x4e0/0x4e0 [ 321.830082][ T4279] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 321.836085][ T4279] ? put_timespec64+0xda/0x140 [ 321.840872][ T4279] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 321.846320][ T4279] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 321.851546][ T4279] ? do_syscall_64+0x26/0x790 [ 321.856306][ T4279] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 321.862189][ T4279] ? do_syscall_64+0x26/0x790 [ 321.867218][ T4279] __x64_sys_perf_event_open+0xbe/0x150 [ 321.872368][ T4279] do_syscall_64+0xfa/0x790 [ 321.877103][ T4279] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 321.882830][ T4279] RIP: 0033:0x45a759 [ 321.887005][ T4279] Code: Bad RIP value. [ 321.890949][ T4279] RSP: 002b:00007f4491f11c88 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 321.899446][ T4279] RAX: ffffffffffffffda RBX: 000000000071bfa8 RCX: 000000000045a759 [ 321.907669][ T4279] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000020000700 [ 321.915890][ T4279] RBP: 0000000000000005 R08: 0000000000000000 R09: 0000000000000000 [ 321.923981][ T4279] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f4491f126d4 [ 321.932182][ T4279] R13: 00000000004aec17 R14: 00000000006f1cb0 R15: 00000000ffffffff