Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '[localhost]:45328' (ECDSA) to the list of known hosts. syzkaller login: [ 135.366798][ T45] kauditd_printk_skb: 7 callbacks suppressed 2020/11/07 11:28:11 fuzzer started [ 135.366844][ T45] audit: type=1400 audit(1604748491.341:42): avc: denied { map } for pid=9929 comm="syz-fuzzer" path="/syz-fuzzer" dev="sda1" ino=16526 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 2020/11/07 11:28:11 connecting to host at 10.0.2.10:36587 2020/11/07 11:28:11 checking machine... 2020/11/07 11:28:11 checking revisions... 2020/11/07 11:28:11 testing simple program... [ 135.748136][ T45] audit: type=1400 audit(1604748491.721:43): avc: denied { integrity } for pid=9929 comm="syz-fuzzer" lockdown_reason="debugfs access" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1 [ 135.806461][ T45] audit: type=1400 audit(1604748491.721:44): avc: denied { map } for pid=9929 comm="syz-fuzzer" path="/sys/kernel/debug/kcov" dev="debugfs" ino=1027 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 137.205595][ T9948] IPVS: ftp: loaded support on port[0] = 21 [ 137.320549][ T9948] chnl_net:caif_netlink_parms(): no params data found [ 137.416109][ T9948] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.428779][ T9948] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.447340][ T9948] device bridge_slave_0 entered promiscuous mode [ 137.467373][ T9948] bridge0: port 2(bridge_slave_1) entered blocking state [ 137.484241][ T9948] bridge0: port 2(bridge_slave_1) entered disabled state [ 137.500722][ T9948] device bridge_slave_1 entered promiscuous mode [ 137.533208][ T9948] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 137.556573][ T9948] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 137.586794][ T9948] team0: Port device team_slave_0 added [ 137.598317][ T9948] team0: Port device team_slave_1 added [ 137.617130][ T9948] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 137.626344][ T9948] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 137.661047][ T9948] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 137.677896][ T9948] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 137.687454][ T9948] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 137.779299][ T9948] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 137.934947][ T9948] device hsr_slave_0 entered promiscuous mode [ 137.945374][ T9948] device hsr_slave_1 entered promiscuous mode [ 138.041746][ T45] audit: type=1400 audit(1604748494.011:45): avc: denied { create } for pid=9948 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 138.045366][ T9948] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 138.077495][ T45] audit: type=1400 audit(1604748494.011:46): avc: denied { write } for pid=9948 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 138.119332][ T45] audit: type=1400 audit(1604748494.011:47): avc: denied { read } for pid=9948 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 138.125760][ T9948] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 138.186089][ T9948] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 138.219755][ T9948] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 138.285393][ T9948] bridge0: port 2(bridge_slave_1) entered blocking state [ 138.310629][ T9948] bridge0: port 2(bridge_slave_1) entered forwarding state [ 138.337148][ T9948] bridge0: port 1(bridge_slave_0) entered blocking state [ 138.359945][ T9948] bridge0: port 1(bridge_slave_0) entered forwarding state [ 138.380787][ T3075] bridge0: port 1(bridge_slave_0) entered disabled state [ 138.411769][ T3075] bridge0: port 2(bridge_slave_1) entered disabled state [ 138.490186][ T9948] 8021q: adding VLAN 0 to HW filter on device bond0 [ 138.512446][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 138.534763][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 138.560167][ T9948] 8021q: adding VLAN 0 to HW filter on device team0 [ 138.579248][ T2943] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 138.599421][ T2943] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 138.618537][ T2943] bridge0: port 1(bridge_slave_0) entered blocking state [ 138.632375][ T2943] bridge0: port 1(bridge_slave_0) entered forwarding state [ 138.654101][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 138.667602][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 138.680832][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 138.692119][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state executing program [ 138.722911][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 138.742312][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 138.755856][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 138.769143][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 138.781838][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 138.795170][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 138.811084][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 138.823414][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 138.836115][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 138.855732][ T9948] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 138.876326][ T9948] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 138.890392][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 138.906870][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 138.934293][ T2943] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 138.948285][ T2943] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 138.971039][ T9948] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 138.996581][ T3345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 139.102062][ T3345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 139.141458][ T2943] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 139.157217][ T2943] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 139.173961][ T2943] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 139.188351][ T2943] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 139.203737][ T9948] device veth0_vlan entered promiscuous mode [ 139.217060][ T48] Bluetooth: hci0: command 0x0409 tx timeout [ 139.236912][ T9948] device veth1_vlan entered promiscuous mode [ 139.271180][ T3075] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 139.290497][ T3075] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 139.308970][ T3075] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 139.331072][ T3075] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 139.357356][ T9948] device veth0_macvtap entered promiscuous mode [ 139.376234][ T9948] device veth1_macvtap entered promiscuous mode [ 139.394714][ T3075] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 139.413213][ T3075] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 139.452546][ T9948] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 139.479636][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 139.507415][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 139.544900][ T9948] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 139.566575][ T3345] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 139.608178][ T3345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 139.655978][ T9948] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 139.689132][ T9948] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 139.715715][ T9948] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 139.748655][ T9948] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 139.885998][ T9955] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 139.915375][ T9955] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 139.955413][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 139.957264][ T3345] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 139.988275][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 140.039355][ T2943] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 140.067021][ T45] audit: type=1400 audit(1604748496.041:48): avc: denied { associate } for pid=9948 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 140.096577][ T9] BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1962 [ 140.173202][ T9] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 9, name: kworker/u16:0 [ 140.205198][ T9] 4 locks held by kworker/u16:0/9: [ 140.219463][ T9] #0: ffff888026e4b938 ((wq_completion)phy3){+.+.}-{0:0}, at: process_one_work+0x821/0x15a0 [ 140.257420][ T9] #1: ffffc900003cfda8 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x15a0 [ 140.295274][ T9] #2: ffff88802b5b0d00 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0x93/0xe80 [ 140.326190][ T9] #3: ffffffff8b337060 (rcu_read_lock){....}-{1:2}, at: sta_info_insert_rcu+0x680/0x2ba0 [ 140.357844][ T9] Preemption disabled at: [ 140.358020][ T9] [] __mutex_lock+0x10f/0x10e0 [ 140.385650][ T9] CPU: 0 PID: 9 Comm: kworker/u16:0 Not tainted 5.10.0-rc2-syzkaller #0 [ 140.395511][ T9] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 140.413602][ T9] Workqueue: phy3 ieee80211_iface_work [ 140.413602][ T9] Call Trace: [ 140.413602][ T9] dump_stack+0x107/0x163 [ 140.413602][ T9] ? __mutex_lock+0x10f/0x10e0 [ 140.413602][ T9] ___might_sleep.cold+0x1e8/0x22e [ 140.413602][ T9] sta_info_move_state+0x32/0x8d0 [ 140.413602][ T9] sta_info_free+0x65/0x3b0 [ 140.413602][ T9] sta_info_insert_rcu+0x303/0x2ba0 [ 140.413602][ T9] ? find_held_lock+0x2d/0x110 [ 140.413602][ T9] ? rate_control_rate_init+0x32c/0x6a0 [ 140.413602][ T9] ? sta_info_free+0x3b0/0x3b0 [ 140.413602][ T9] ? __local_bh_enable_ip+0x9c/0x110 [ 140.413602][ T9] ? rate_control_rate_init+0x35f/0x6a0 [ 140.413602][ T9] ieee80211_ibss_finish_sta+0x212/0x390 [ 140.413602][ T9] ? ieee80211_ibss_build_presp+0x15f0/0x15f0 [ 140.413602][ T9] ? __local_bh_enable_ip+0x9c/0x110 [ 140.413602][ T9] ieee80211_ibss_work+0x2c7/0xe80 [ 140.413602][ T9] ? ieee80211_ibss_rx_queued_mgmt+0x1870/0x1870 [ 140.413602][ T9] ? mark_held_locks+0x9f/0xe0 [ 140.413602][ T9] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 140.413602][ T9] ? lockdep_hardirqs_on+0x79/0x100 [ 140.413602][ T9] ? _raw_spin_unlock_irqrestore+0x2f/0x50 [ 140.413602][ T9] ieee80211_iface_work+0x82e/0x970 [ 140.413602][ T9] process_one_work+0x933/0x15a0 [ 140.413602][ T9] ? lock_release+0x710/0x710 [ 140.413602][ T9] ? pwq_dec_nr_in_flight+0x320/0x320 [ 140.413602][ T9] ? rwlock_bug.part.0+0x90/0x90 [ 140.413602][ T9] ? _raw_spin_lock_irq+0x41/0x50 [ 140.413602][ T9] worker_thread+0x64c/0x1120 [ 140.413602][ T9] ? process_one_work+0x15a0/0x15a0 [ 140.413602][ T9] kthread+0x3af/0x4a0 [ 140.413602][ T9] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 140.413602][ T9] ret_from_fork+0x1f/0x30 [ 140.790865][ T9] [ 140.797162][ T9] ============================= [ 140.797162][ T9] [ BUG: Invalid wait context ] [ 140.797162][ T9] 5.10.0-rc2-syzkaller #0 Tainted: G W [ 140.797162][ T9] ----------------------------- [ 140.797162][ T9] kworker/u16:0/9 is trying to lock: [ 140.797162][ T9] ffff88802ac329d0 (&local->chanctx_mtx){+.+.}-{3:3}, at: ieee80211_recalc_min_chandef+0x49/0x140 [ 140.797162][ T9] other info that might help us debug this: [ 140.797162][ T9] context-{4:4} [ 140.797162][ T9] 4 locks held by kworker/u16:0/9: [ 140.797162][ T9] #0: ffff888026e4b938 ((wq_completion)phy3){+.+.}-{0:0}, at: process_one_work+0x821/0x15a0 [ 140.797162][ T9] #1: ffffc900003cfda8 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x15a0 [ 140.797162][ T9] #2: ffff88802b5b0d00 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0x93/0xe80 [ 140.797162][ T9] #3: ffffffff8b337060 (rcu_read_lock){....}-{1:2}, at: sta_info_insert_rcu+0x680/0x2ba0 [ 140.797162][ T9] stack backtrace: [ 140.797162][ T9] CPU: 0 PID: 9 Comm: kworker/u16:0 Tainted: G W 5.10.0-rc2-syzkaller #0 [ 140.797162][ T9] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 140.797162][ T9] Workqueue: phy3 ieee80211_iface_work [ 140.797162][ T9] Call Trace: [ 140.797162][ T9] dump_stack+0x107/0x163 [ 140.797162][ T9] __lock_acquire.cold+0x310/0x3a2 [ 140.797162][ T9] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 140.797162][ T9] ? find_held_lock+0x2d/0x110 [ 140.797162][ T9] lock_acquire+0x2a3/0x8c0 [ 140.797162][ T9] ? ieee80211_recalc_min_chandef+0x49/0x140 [ 140.797162][ T9] ? lock_release+0x710/0x710 [ 140.797162][ T9] __mutex_lock+0x134/0x10e0 [ 140.797162][ T9] ? ieee80211_recalc_min_chandef+0x49/0x140 [ 140.797162][ T9] ? ieee80211_recalc_min_chandef+0x49/0x140 [ 140.797162][ T9] ? mutex_lock_io_nested+0xf60/0xf60 [ 140.797162][ T9] ? ieee80211_clear_fast_rx+0x58/0x80 [ 140.797162][ T9] ? mark_held_locks+0x9f/0xe0 [ 140.797162][ T9] ieee80211_recalc_min_chandef+0x49/0x140 [ 140.797162][ T9] sta_info_move_state+0x3cf/0x8d0 [ 141.292850][ T48] Bluetooth: hci0: command 0x041b tx timeout [ 140.797162][ T9] sta_info_free+0x65/0x3b0 [ 140.797162][ T9] sta_info_insert_rcu+0x303/0x2ba0 [ 140.797162][ T9] ? find_held_lock+0x2d/0x110 [ 140.797162][ T9] ? rate_control_rate_init+0x32c/0x6a0 [ 140.797162][ T9] ? sta_info_free+0x3b0/0x3b0 [ 140.797162][ T9] ? __local_bh_enable_ip+0x9c/0x110 [ 140.797162][ T9] ? rate_control_rate_init+0x35f/0x6a0 [ 140.797162][ T9] ieee80211_ibss_finish_sta+0x212/0x390 [ 140.797162][ T9] ? ieee80211_ibss_build_presp+0x15f0/0x15f0 [ 140.797162][ T9] ? __local_bh_enable_ip+0x9c/0x110 [ 140.797162][ T9] ieee80211_ibss_work+0x2c7/0xe80 [ 140.797162][ T9] ? ieee80211_ibss_rx_queued_mgmt+0x1870/0x1870 [ 140.797162][ T9] ? mark_held_locks+0x9f/0xe0 [ 140.797162][ T9] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 140.797162][ T9] ? lockdep_hardirqs_on+0x79/0x100 [ 140.797162][ T9] ? _raw_spin_unlock_irqrestore+0x2f/0x50 [ 140.797162][ T9] ieee80211_iface_work+0x82e/0x970 [ 140.797162][ T9] process_one_work+0x933/0x15a0 [ 140.797162][ T9] ? lock_release+0x710/0x710 [ 140.797162][ T9] ? pwq_dec_nr_in_flight+0x320/0x320 [ 140.797162][ T9] ? rwlock_bug.part.0+0x90/0x90 [ 140.797162][ T9] ? _raw_spin_lock_irq+0x41/0x50 [ 140.797162][ T9] worker_thread+0x64c/0x1120 [ 140.797162][ T9] ? process_one_work+0x15a0/0x15a0 [ 140.797162][ T9] kthread+0x3af/0x4a0 [ 140.797162][ T9] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 140.797162][ T9] ret_from_fork+0x1f/0x30 [ 141.623255][ T9] BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1962 [ 141.641611][ T9] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 9, name: kworker/u16:0 [ 141.656190][ T9] INFO: lockdep is turned off. [ 141.662391][ T9] Preemption disabled at: [ 141.662409][ T9] [] preempt_schedule_thunk+0x16/0x18 [ 141.681822][ T9] CPU: 0 PID: 9 Comm: kworker/u16:0 Tainted: G W 5.10.0-rc2-syzkaller #0 [ 141.691759][ T9] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 141.691759][ T9] Workqueue: phy3 ieee80211_iface_work [ 141.691759][ T9] Call Trace: [ 141.691759][ T9] dump_stack+0x107/0x163 [ 141.691759][ T9] ? preempt_schedule_thunk+0x16/0x18 [ 141.691759][ T9] ___might_sleep.cold+0x1e8/0x22e [ 141.691759][ T9] sta_info_move_state+0x32/0x8d0 [ 141.691759][ T9] sta_info_free+0x65/0x3b0 [ 141.691759][ T9] sta_info_insert_rcu+0x303/0x2ba0 [ 141.691759][ T9] ? find_held_lock+0x2d/0x110 [ 141.691759][ T9] ? rate_control_rate_init+0x32c/0x6a0 [ 141.691759][ T9] ? sta_info_free+0x3b0/0x3b0 [ 141.691759][ T9] ? __local_bh_enable_ip+0x9c/0x110 [ 141.691759][ T9] ? rate_control_rate_init+0x35f/0x6a0 [ 141.691759][ T9] ieee80211_ibss_finish_sta+0x212/0x390 [ 141.691759][ T9] ? ieee80211_ibss_build_presp+0x15f0/0x15f0 [ 141.691759][ T9] ? __local_bh_enable_ip+0x9c/0x110 [ 141.691759][ T9] ieee80211_ibss_work+0x2c7/0xe80 [ 141.691759][ T9] ? ieee80211_ibss_rx_queued_mgmt+0x1870/0x1870 [ 141.691759][ T9] ? mark_held_locks+0x9f/0xe0 [ 141.691759][ T9] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 141.691759][ T9] ? lockdep_hardirqs_on+0x79/0x100 [ 141.691759][ T9] ? _raw_spin_unlock_irqrestore+0x2f/0x50 [ 141.892902][ T9] ieee80211_iface_work+0x82e/0x970 [ 141.892902][ T9] process_one_work+0x933/0x15a0 [ 141.902838][ T9] ? lock_release+0x710/0x710 [ 141.902838][ T9] ? pwq_dec_nr_in_flight+0x320/0x320 [ 141.923008][ T9] ? rwlock_bug.part.0+0x90/0x90 [ 141.923008][ T9] ? _raw_spin_lock_irq+0x41/0x50 [ 141.923008][ T9] worker_thread+0x64c/0x1120 [ 141.943552][ T9] ? process_one_work+0x15a0/0x15a0 [ 141.943552][ T9] kthread+0x3af/0x4a0 [ 141.943552][ T9] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 141.962928][ T9] ret_from_fork+0x1f/0x30 executing program [ 141.975174][ T9948] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation 2020/11/07 11:28:18 building call list... [ 142.092963][ T9955] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.189005][ T9955] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.310589][ T9955] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.380848][ T9955] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 143.461997][ T9955] device hsr_slave_0 left promiscuous mode [ 143.602187][ T9955] device hsr_slave_1 left promiscuous mode [ 143.637176][ T9955] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 143.666574][ T9955] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 143.690428][ T9955] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 143.719709][ T9955] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 143.758648][ T9955] device bridge_slave_1 left promiscuous mode [ 143.778324][ T9955] bridge0: port 2(bridge_slave_1) entered disabled state [ 143.806278][ T9955] device bridge_slave_0 left promiscuous mode [ 143.830476][ T9955] bridge0: port 1(bridge_slave_0) entered disabled state [ 143.860507][ T9955] device veth1_macvtap left promiscuous mode [ 143.878448][ T9955] device veth0_macvtap left promiscuous mode [ 143.893543][ T9955] device veth1_vlan left promiscuous mode [ 143.915381][ T9955] device veth0_vlan left promiscuous mode [ 144.387468][ T9955] team0 (unregistering): Port device team_slave_1 removed [ 144.421872][ T9955] team0 (unregistering): Port device team_slave_0 removed [ 144.452508][ T9955] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 144.490535][ T9955] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 144.544400][ T9955] bond0 (unregistering): Released all slaves [ 144.671096][ T9942] can: request_module (can-proto-0) failed. executing program [ 145.142448][ T9942] can: request_module (can-proto-0) failed. [ 145.169353][ T9942] can: request_module (can-proto-0) failed. [ 145.543963][ T9942] base_sock_release(00000000a2d4b8a5) sk=00000000ef422ec8 [ 145.594534][ T45] audit: type=1400 audit(1604748501.561:49): avc: denied { create } for pid=9929 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 [ 145.648691][ T45] audit: type=1400 audit(1604748501.571:50): avc: denied { create } for pid=9929 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 145.710967][ T45] audit: type=1400 audit(1604748501.571:51): avc: denied { create } for pid=9929 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_rdma_socket permissive=1 VM DIAGNOSIS: 11:28:18 Registers: info registers vcpu 0 RAX=000000000004c49f RBX=ffffffff8b09af80 RCX=1ffffffff19d8e49 RDX=0000000000000000 RSI=0000000000000001 RDI=0000000000000000 RBP=fffffbfff16135f0 RSP=ffffffff8b007e40 R8 =0000000000000001 R9 =0000000000000001 R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=0000000000000000 R14=ffffffff8cecac08 R15=0000000000000000 RIP=ffffffff88e79243 RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802ca00000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055aa3986d4d8 CR3=000000001b88f000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=205b5d3737353639302e30343120205b XMM01=00000000000000000000000000000000 XMM02=65656c73203a475542205d3954202020 XMM03=6163206e6f6974636e756620676e6970 XMM04=696c61766e69206d6f72662064656c6c XMM05=74656e20746120747865746e6f632064 XMM06=6174732f313132303863616d2f74656e XMM07=00000000000000002000000000000020 XMM08=ffffff0000000000ff000000000000ff XMM09=00000000000000000000000000000000 XMM10=ffffff00000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=ffffffff8b466c40 RCX=ffffffff8b466c40 RDX=ffff88801b6adc40 RSI=ffffffff81679bd9 RDI=0000000000000005 RBP=ffffffff8b466c40 RSP=ffffc90001c3fb58 R8 =0000000000000001 R9 =ffffffff8ecc8667 R10=0000000000000000 R11=0000000000000000 R12=dffffc0000000000 R13=ffff88801dd96000 R14=0000000000000001 R15=ffff88801dd96000 RIP=ffffffff81679bef RFL=00010246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00000000022e2940 ffffffff 00c00000 GS =0000 ffff88802cb00000 ffffffff 00c00000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe000003e000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000003c000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055aa38437c50 CR3=000000002a89b000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=0000000000000000ff000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=ffffffffffffffffffffffffffffffff XMM06=ffffffffffffffffffffffffffffffff XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 2 RAX=dffffc0000000000 RBX=0000000000000001 RCX=0000000000000000 RDX=1ffff11003a00591 RSI=0000000000000000 RDI=ffff88801d002c88 RBP=0000000000000000 RSP=ffffc9000afdf710 R8 =0000000000000001 R9 =0000000000000001 R10=0000000000000001 R11=0000000000000000 R12=ffff8880167e9400 R13=0000000000000000 R14=ffff88801d002c88 R15=0000000000000000 RIP=ffffffff8155cd3d RFL=00010046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802cc00000 ffffffff 00c00000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe0000079000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000077000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=ffffffffff600400 CR3=000000001b88f000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=205b5d3535333933302e30343120205b XMM01=00000000000000000000000000000000 XMM02=00000000000001210000000000435455 XMM03=6e20676e697461657243203a316e616c XMM04=77205d3954202020205b5d3537323838 XMM05=3537323838392e39333120205b3e363c XMM06=74736e696d27206d687469726f676c61 XMM07=00000000000000002000000000000020 XMM08=ffffff0000000000ff000000000000ff XMM09=00000000000000000000000000000000 XMM10=ffffff00000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 3 RAX=ffff7fffffffffff RBX=ffff888018918e00 RCX=ffffffff81549521 RDX=0000000000000000 RSI=0000000000000008 RDI=ffff8880148a0c00 RBP=ffff8880148a0c00 RSP=ffffc90000ba7a88 R8 =0000000000000000 R9 =ffff8880148a0c07 R10=fffffbfff1924f94 R11=0000000000000000 R12=ffff8880148a0c00 R13=0000000000000000 R14=ffffed1002914180 R15=dffffc0000000000 RIP=ffffffff81b14307 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802cd00000 ffffffff 00c00000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe00000b4000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000b2000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f5c6737d000 CR3=000000001b88f000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=6c6562616c6e753a725f7463656a626f XMM01=626f3a755f6d65747379733d74786574 XMM02=69666e6f636e753d747865746e6f6373 XMM03=753a725f7463656a626f3a755f64656e XMM04=63742030733a745f64656c6562616c6e XMM05=3a755f6d65747379733d747865746e6f XMM06=626f3a755f6d65747379733d74786574 XMM07=6c656e72656b2072656c6c616b7a7973 XMM08=ffffff0000000000ff000000000000ff XMM09=00000000000000000000000000000000 XMM10=ffffff00000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000