syzkaller login: [ 140.363526][ T47] audit: type=1400 audit(1604876833.574:41): avc: denied { map } for pid=10174 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '[localhost]:51412' (ECDSA) to the list of known hosts. 2020/11/08 23:07:18 fuzzer started [ 144.991607][ T47] audit: type=1400 audit(1604876838.204:42): avc: denied { map } for pid=10188 comm="syz-fuzzer" path="/syz-fuzzer" dev="sda1" ino=16526 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 2020/11/08 23:07:18 connecting to host at 10.0.2.10:37055 2020/11/08 23:07:18 checking machine... 2020/11/08 23:07:18 checking revisions... [ 145.360459][ T47] audit: type=1400 audit(1604876838.574:43): avc: denied { integrity } for pid=10188 comm="syz-fuzzer" lockdown_reason="debugfs access" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1 [ 145.413447][ T47] audit: type=1400 audit(1604876838.574:44): avc: denied { map } for pid=10188 comm="syz-fuzzer" path="/sys/kernel/debug/kcov" dev="debugfs" ino=25601 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2020/11/08 23:07:18 testing simple program... [ 147.043596][T10207] IPVS: ftp: loaded support on port[0] = 21 [ 147.163250][T10207] chnl_net:caif_netlink_parms(): no params data found [ 147.233132][T10207] bridge0: port 1(bridge_slave_0) entered blocking state [ 147.251768][T10207] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.268926][T10207] device bridge_slave_0 entered promiscuous mode [ 147.285219][T10207] bridge0: port 2(bridge_slave_1) entered blocking state [ 147.299826][T10207] bridge0: port 2(bridge_slave_1) entered disabled state [ 147.317732][T10207] device bridge_slave_1 entered promiscuous mode [ 147.348444][T10207] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 147.374873][T10207] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 147.433904][T10207] team0: Port device team_slave_0 added [ 147.460016][T10207] team0: Port device team_slave_1 added [ 147.495876][T10207] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 147.516567][T10207] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 147.607311][T10207] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 147.638527][T10207] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 147.660850][T10207] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 147.724608][T10207] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 147.794859][T10207] device hsr_slave_0 entered promiscuous mode [ 147.811079][T10207] device hsr_slave_1 entered promiscuous mode [ 147.945896][ T47] audit: type=1400 audit(1604876841.154:45): avc: denied { create } for pid=10207 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 147.952511][T10207] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 148.017628][ T47] audit: type=1400 audit(1604876841.164:46): avc: denied { write } for pid=10207 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 148.092602][ T47] audit: type=1400 audit(1604876841.164:47): avc: denied { read } for pid=10207 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 148.099949][T10207] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 148.171101][T10207] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 148.184257][T10207] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 148.282902][T10207] 8021q: adding VLAN 0 to HW filter on device bond0 [ 148.316312][ T3071] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready executing program [ 148.337667][ T3071] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 148.360625][T10207] 8021q: adding VLAN 0 to HW filter on device team0 [ 148.383837][ T3244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 148.409446][ T3244] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 148.434515][ T3244] bridge0: port 1(bridge_slave_0) entered blocking state [ 148.450330][ T3244] bridge0: port 1(bridge_slave_0) entered forwarding state [ 148.466467][ T3244] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 148.490193][ T3071] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 148.519924][ T3071] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 148.570251][ T3071] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.599653][ T3071] bridge0: port 2(bridge_slave_1) entered forwarding state [ 148.647574][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 148.685281][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 148.723681][ T3244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 148.751452][ T3244] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 148.802064][ T3244] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 148.858876][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 148.897087][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 148.942826][T10207] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 148.992425][T10207] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 149.031774][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 149.051551][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 149.073039][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 149.095764][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 149.125866][ T51] Bluetooth: hci0: command 0x0409 tx timeout [ 149.144906][T10207] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 149.164836][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 149.183679][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 149.200883][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 149.215481][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 149.236717][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 149.275994][ T3989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 149.307873][ T3989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 149.350312][ T3989] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 149.380332][ T3989] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 149.403590][T10207] device veth0_vlan entered promiscuous mode [ 149.426806][T10207] device veth1_vlan entered promiscuous mode [ 149.467468][T10207] device veth0_macvtap entered promiscuous mode [ 149.486176][ T3989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 149.510365][ T3989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 149.534324][ T3989] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 149.564783][T10207] device veth1_macvtap entered promiscuous mode [ 149.610834][T10207] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 149.634901][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 149.660445][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 149.687034][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 149.711420][T10207] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 149.736401][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 149.765301][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 149.805879][T10207] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.844191][T10207] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.867394][T10207] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.889657][T10207] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.003883][T10217] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 150.025979][T10217] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 150.052561][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 150.089698][T10217] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 150.111532][T10217] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 150.134885][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 150.163256][ T47] audit: type=1400 audit(1604876843.374:48): avc: denied { associate } for pid=10207 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 150.226941][T10217] BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1962 [ 150.245823][T10217] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 10217, name: kworker/u16:2 [ 150.274588][T10217] 4 locks held by kworker/u16:2/10217: [ 150.288425][T10217] #0: ffff888014d65138 ((wq_completion)phy3){+.+.}-{0:0}, at: process_one_work+0x821/0x15a0 [ 150.319658][T10217] #1: ffffc90001c77da8 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x15a0 [ 150.348187][T10217] #2: ffff8880225e0d00 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0x93/0xe80 [ 150.373148][T10217] #3: ffffffff8b337060 (rcu_read_lock){....}-{1:2}, at: sta_info_insert_rcu+0x680/0x2ba0 [ 150.397811][T10217] Preemption disabled at: [ 150.398096][T10217] [] __mutex_lock+0x10f/0x10e0 [ 150.427086][T10217] CPU: 1 PID: 10217 Comm: kworker/u16:2 Not tainted 5.10.0-rc2-syzkaller #0 [ 150.435314][T10217] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 150.435314][T10217] Workqueue: phy3 ieee80211_iface_work [ 150.435314][T10217] Call Trace: [ 150.435314][T10217] dump_stack+0x107/0x163 [ 150.435314][T10217] ? __mutex_lock+0x10f/0x10e0 [ 150.435314][T10217] ___might_sleep.cold+0x1e8/0x22e [ 150.435314][T10217] sta_info_move_state+0x32/0x8d0 [ 150.435314][T10217] sta_info_free+0x65/0x3b0 [ 150.435314][T10217] sta_info_insert_rcu+0x303/0x2ba0 [ 150.435314][T10217] ? find_held_lock+0x2d/0x110 [ 150.435314][T10217] ? rate_control_rate_init+0x32c/0x6a0 [ 150.435314][T10217] ? sta_info_free+0x3b0/0x3b0 [ 150.435314][T10217] ? __local_bh_enable_ip+0x9c/0x110 [ 150.435314][T10217] ? rate_control_rate_init+0x35f/0x6a0 [ 150.435314][T10217] ieee80211_ibss_finish_sta+0x212/0x390 [ 150.435314][T10217] ? ieee80211_ibss_build_presp+0x15f0/0x15f0 [ 150.435314][T10217] ? __local_bh_enable_ip+0x9c/0x110 [ 150.435314][T10217] ieee80211_ibss_work+0x2c7/0xe80 [ 150.435314][T10217] ? ieee80211_ibss_rx_queued_mgmt+0x1870/0x1870 [ 150.435314][T10217] ? mark_held_locks+0x9f/0xe0 [ 150.435314][T10217] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 150.435314][T10217] ? lockdep_hardirqs_on+0x79/0x100 [ 150.435314][T10217] ? _raw_spin_unlock_irqrestore+0x2f/0x50 [ 150.435314][T10217] ieee80211_iface_work+0x82e/0x970 [ 150.435314][T10217] process_one_work+0x933/0x15a0 [ 150.435314][T10217] ? lock_release+0x710/0x710 [ 150.435314][T10217] ? pwq_dec_nr_in_flight+0x320/0x320 [ 150.435314][T10217] ? rwlock_bug.part.0+0x90/0x90 [ 150.435314][T10217] ? _raw_spin_lock_irq+0x41/0x50 [ 150.435314][T10217] worker_thread+0x64c/0x1120 [ 150.435314][T10217] ? __kthread_parkme+0x13f/0x1e0 [ 150.435314][T10217] ? process_one_work+0x15a0/0x15a0 [ 150.435314][T10217] kthread+0x3af/0x4a0 [ 150.435314][T10217] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 150.435314][T10217] ret_from_fork+0x1f/0x30 [ 150.943312][T10217] [ 150.948509][T10217] ============================= [ 150.949159][T10217] [ BUG: Invalid wait context ] [ 150.949159][T10217] 5.10.0-rc2-syzkaller #0 Tainted: G W [ 150.989457][T10217] ----------------------------- [ 150.999430][T10217] kworker/u16:2/10217 is trying to lock: [ 151.009779][T10217] ffff8880225d29d0 (&local->chanctx_mtx){+.+.}-{3:3}, at: ieee80211_recalc_min_chandef+0x49/0x140 [ 151.041218][T10217] other info that might help us debug this: [ 151.049385][T10217] context-{4:4} [ 151.059569][T10217] 4 locks held by kworker/u16:2/10217: [ 151.069927][T10217] #0: ffff888014d65138 ((wq_completion)phy3){+.+.}-{0:0}, at: process_one_work+0x821/0x15a0 [ 151.099578][T10217] #1: ffffc90001c77da8 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x15a0 [ 151.129718][T10217] #2: ffff8880225e0d00 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0x93/0xe80 [ 151.149389][T10217] #3: ffffffff8b337060 (rcu_read_lock){....}-{1:2}, at: sta_info_insert_rcu+0x680/0x2ba0 [ 151.179269][T10217] stack backtrace: [ 151.179269][T10217] CPU: 1 PID: 10217 Comm: kworker/u16:2 Tainted: G W 5.10.0-rc2-syzkaller #0 [ 151.199461][T10217] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 151.239313][T10217] Workqueue: phy3 ieee80211_iface_work [ 151.249502][T10217] Call Trace: [ 151.259714][T10217] dump_stack+0x107/0x163 [ 151.269420][T10217] __lock_acquire.cold+0x310/0x3a2 [ 151.279518][T10217] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 151.300234][T10217] ? find_held_lock+0x2d/0x110 [ 151.310012][T10217] lock_acquire+0x2a3/0x8c0 [ 151.319735][T10217] ? ieee80211_recalc_min_chandef+0x49/0x140 executing program [ 151.329412][T10217] ? lock_release+0x710/0x710 [ 151.349757][T10217] __mutex_lock+0x134/0x10e0 [ 151.359450][T10217] ? ieee80211_recalc_min_chandef+0x49/0x140 [ 151.359450][T10217] ? ieee80211_recalc_min_chandef+0x49/0x140 [ 151.380705][T10217] ? mutex_lock_io_nested+0xf60/0xf60 [ 151.389475][T10217] ? ieee80211_clear_fast_rx+0x58/0x80 [ 151.399553][T10217] ? mark_held_locks+0x9f/0xe0 [ 151.420257][T10217] ieee80211_recalc_min_chandef+0x49/0x140 [ 151.450376][T10217] sta_info_move_state+0x3cf/0x8d0 [ 151.470039][T10217] sta_info_free+0x65/0x3b0 [ 151.489640][T10217] sta_info_insert_rcu+0x303/0x2ba0 [ 151.509587][T10217] ? find_held_lock+0x2d/0x110 [ 151.519631][T10217] ? rate_control_rate_init+0x32c/0x6a0 [ 151.539640][T10217] ? sta_info_free+0x3b0/0x3b0 [ 151.559476][T10217] ? __local_bh_enable_ip+0x9c/0x110 [ 151.579783][T10217] ? rate_control_rate_init+0x35f/0x6a0 [ 151.589743][T10217] ieee80211_ibss_finish_sta+0x212/0x390 [ 151.609803][T10217] ? ieee80211_ibss_build_presp+0x15f0/0x15f0 [ 151.629632][T10217] ? __local_bh_enable_ip+0x9c/0x110 [ 151.639358][T10217] ieee80211_ibss_work+0x2c7/0xe80 [ 151.659630][T10217] ? ieee80211_ibss_rx_queued_mgmt+0x1870/0x1870 [ 151.679692][T10217] ? mark_held_locks+0x9f/0xe0 [ 151.699665][T10217] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 151.709315][T10217] ? lockdep_hardirqs_on+0x79/0x100 [ 151.729316][T10217] ? _raw_spin_unlock_irqrestore+0x2f/0x50 [ 151.739484][T10217] ieee80211_iface_work+0x82e/0x970 [ 151.739484][T10217] process_one_work+0x933/0x15a0 [ 151.769578][T10217] ? lock_release+0x710/0x710 [ 151.779852][T10217] ? pwq_dec_nr_in_flight+0x320/0x320 [ 151.789841][T10217] ? rwlock_bug.part.0+0x90/0x90 [ 151.809909][T10217] ? _raw_spin_lock_irq+0x41/0x50 [ 151.830374][T10217] worker_thread+0x64c/0x1120 [ 151.849814][T10217] ? __kthread_parkme+0x13f/0x1e0 [ 151.859876][T10217] ? process_one_work+0x15a0/0x15a0 [ 151.879503][T10217] kthread+0x3af/0x4a0 [ 151.889706][T10217] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 151.899423][T10217] ret_from_fork+0x1f/0x30 [ 151.920285][T10217] BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1962 [ 151.920649][ T51] Bluetooth: hci0: command 0x041b tx timeout [ 151.948455][T10217] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 10217, name: kworker/u16:2 [ 151.993464][T10217] INFO: lockdep is turned off. [ 152.016724][T10217] Preemption disabled at: [ 152.016745][T10217] [] preempt_schedule_thunk+0x16/0x18 [ 152.057336][T10217] CPU: 0 PID: 10217 Comm: kworker/u16:2 Tainted: G W 5.10.0-rc2-syzkaller #0 [ 152.066702][T10217] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 152.066702][T10217] Workqueue: phy3 ieee80211_iface_work [ 152.066702][T10217] Call Trace: [ 152.066702][T10217] dump_stack+0x107/0x163 [ 152.066702][T10217] ? preempt_schedule_thunk+0x16/0x18 [ 152.066702][T10217] ___might_sleep.cold+0x1e8/0x22e [ 152.066702][T10217] sta_info_move_state+0x32/0x8d0 [ 152.066702][T10217] sta_info_free+0x65/0x3b0 [ 152.066702][T10217] sta_info_insert_rcu+0x303/0x2ba0 [ 152.066702][T10217] ? find_held_lock+0x2d/0x110 [ 152.066702][T10217] ? rate_control_rate_init+0x32c/0x6a0 [ 152.259672][T10217] ? sta_info_free+0x3b0/0x3b0 [ 152.259672][T10217] ? __local_bh_enable_ip+0x9c/0x110 [ 152.259672][T10217] ? rate_control_rate_init+0x35f/0x6a0 [ 152.259672][T10217] ieee80211_ibss_finish_sta+0x212/0x390 [ 152.259672][T10217] ? ieee80211_ibss_build_presp+0x15f0/0x15f0 [ 152.259672][T10217] ? __local_bh_enable_ip+0x9c/0x110 [ 152.259672][T10217] ieee80211_ibss_work+0x2c7/0xe80 [ 152.259672][T10217] ? ieee80211_ibss_rx_queued_mgmt+0x1870/0x1870 [ 152.259672][T10217] ? mark_held_locks+0x9f/0xe0 [ 152.259672][T10217] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 152.259672][T10217] ? lockdep_hardirqs_on+0x79/0x100 [ 152.259672][T10217] ? _raw_spin_unlock_irqrestore+0x2f/0x50 [ 152.259672][T10217] ieee80211_iface_work+0x82e/0x970 [ 152.259672][T10217] process_one_work+0x933/0x15a0 [ 152.259672][T10217] ? lock_release+0x710/0x710 [ 152.259672][T10217] ? pwq_dec_nr_in_flight+0x320/0x320 [ 152.259672][T10217] ? rwlock_bug.part.0+0x90/0x90 [ 152.259672][T10217] ? _raw_spin_lock_irq+0x41/0x50 [ 152.469673][T10217] worker_thread+0x64c/0x1120 [ 152.479393][T10217] ? __kthread_parkme+0x13f/0x1e0 [ 152.489372][T10217] ? process_one_work+0x15a0/0x15a0 [ 152.499383][T10217] kthread+0x3af/0x4a0 [ 152.509354][T10217] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 152.519437][T10217] ret_from_fork+0x1f/0x30 [ 152.535768][T10207] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation 2020/11/08 23:07:25 building call list... [ 152.674674][ T2946] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.797219][ T2946] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.889396][ T2946] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.984154][ T2946] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.036200][ T2946] device hsr_slave_0 left promiscuous mode [ 154.057566][ T2946] device hsr_slave_1 left promiscuous mode [ 154.080384][ T2946] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 154.105290][ T2946] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 154.127099][ T2946] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 154.150050][ T2946] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 154.174412][ T2946] device bridge_slave_1 left promiscuous mode [ 154.193725][ T2946] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.213987][ T2946] device bridge_slave_0 left promiscuous mode [ 154.229474][ T2946] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.257484][ T2946] device veth1_macvtap left promiscuous mode [ 154.273188][ T2946] device veth0_macvtap left promiscuous mode [ 154.289935][ T2946] device veth1_vlan left promiscuous mode [ 154.303229][ T2946] device veth0_vlan left promiscuous mode executing program [ 154.708551][ T2946] team0 (unregistering): Port device team_slave_1 removed [ 154.723073][ T2946] team0 (unregistering): Port device team_slave_0 removed [ 154.740687][ T2946] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 154.770359][ T2946] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 154.819983][ T2946] bond0 (unregistering): Released all slaves [ 154.940981][T10192] can: request_module (can-proto-0) failed. [ 155.547841][T10192] can: request_module (can-proto-0) failed. [ 155.588850][T10192] can: request_module (can-proto-0) failed. [ 155.921510][T10192] base_sock_release(000000000b2a9a6d) sk=00000000c28ce329 [ 155.962596][ T47] audit: type=1400 audit(1604876849.174:49): avc: denied { create } for pid=10188 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 [ 156.020884][ T47] audit: type=1400 audit(1604876849.174:50): avc: denied { create } for pid=10188 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 156.085461][ T47] audit: type=1400 audit(1604876849.174:51): avc: denied { create } for pid=10188 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_rdma_socket permissive=1 VM DIAGNOSIS: 23:07:24 Registers: info registers vcpu 0 RAX=0000000000047f97 RBX=ffffffff8b09af80 RCX=1ffffffff19d8e19 RDX=0000000000000000 RSI=0000000000000001 RDI=0000000000000000 RBP=fffffbfff16135f0 RSP=ffffffff8b007e40 R8 =0000000000000001 R9 =0000000000000001 R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=0000000000000000 R14=ffffffff8cecaa88 R15=0000000000000000 RIP=ffffffff88e7b183 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802ca00000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f71243ee000 CR3=000000002a6c1000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=0000000000000000ff000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=ffffffffffffffffffffffffffffffff XMM06=ffffffffffffffffffffffffffffffff XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=000000000000005b RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff840e5511 RDI=ffffffff8faec8c0 RBP=ffffffff8faec880 RSP=ffffc90001c77478 R8 =0000000000000001 R9 =0000000000000003 R10=0000000000000000 R11=0000000000000000 R12=000000000000005b R13=000000000000005b R14=ffffffff8faec880 R15=dffffc0000000000 RIP=ffffffff840e5568 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802cb00000 ffffffff 00c00000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe000003e000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000003c000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f71243ee000 CR3=000000002a6c1000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=d1950ef4bcdaf28f72bb5c9eca1c82aa XMM01=378355f8c115cde2fd304e4e55ab5219 XMM02=647225e06203d96a7b0b9326970ab1de XMM03=39aa0ea8e1c71a7dd09719719103e916 XMM04=00000000ffffffff0000000000000060 XMM05=00000000000000000000000000000020 XMM06=b2f2cd9eae699b120000000000000000 XMM07=72b31cc8000000000000000000000000 XMM08=c9ed789181ffd9d58d5576076c1022bf XMM09=000000000000000000000000e24eec82 XMM10=f7f202818187c225ecc60c21f2e6ec71 XMM11=e47629d4b3e8107f5281e948dc79ffe8 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=a54ff53a3c6ef372bb67ae856a09e667 XMM15=5be0cd191f83d9ab9b05688c510e527f info registers vcpu 2 RAX=0000000000045c5f RBX=ffff888010acc3c0 RCX=1ffffffff19d8e19 RDX=0000000000000000 RSI=0000000000000001 RDI=0000000000000000 RBP=ffffed1002159878 RSP=ffffc9000042fdf8 R8 =0000000000000001 R9 =0000000000000001 R10=0000000000000000 R11=0000000000000000 R12=0000000000000002 R13=0000000000000002 R14=ffffffff8cecaa88 R15=0000000000000000 RIP=ffffffff88e7b183 RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802cc00000 ffffffff 00c00000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe0000079000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000077000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000000aa6a78 CR3=000000001fe39000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=323a3631752f72656b726f776b203a65 XMM01=00000000000000000000000000000000 XMM02=3031203a646970202c30203a6b636f6c XMM03=625f6e6f6e202c30203a292864656c62 XMM04=617369645f73717269202c30203a2928 XMM05=645f73717269202c30203a292863696d XMM06=6c7566206120746567206f7420707520 XMM07=00000000000000002000000000000020 XMM08=ffffff0000000000ff000000000000ff XMM09=00000000000000000000000000000000 XMM10=ffffff00000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 3 RAX=000000000004ce9d RBX=ffff888010ad0400 RCX=1ffffffff19d8e19 RDX=0000000000000000 RSI=0000000000000001 RDI=0000000000000000 RBP=ffffed100215a080 RSP=ffffc9000043fdf8 R8 =0000000000000001 R9 =0000000000000001 R10=0000000000000000 R11=0000000000000000 R12=0000000000000003 R13=0000000000000003 R14=ffffffff8cecaa88 R15=0000000000000000 RIP=ffffffff88e7b183 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802cd00000 ffffffff 00c00000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe00000b4000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000b2000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055e060618040 CR3=000000002a6c1000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=000000000000000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=ffffffffff000000ffffffff00000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=ffffffffffffffffffffffffffffffff XMM06=ffffffffffffffffffffffffffffffff XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000