[ 96.925899][ T47] audit: type=1400 audit(1604301322.847:41): avc: denied { map } for pid=9678 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '[localhost]:63027' (ECDSA) to the list of known hosts. [ 100.920437][ T47] audit: type=1400 audit(1604301326.847:42): avc: denied { map } for pid=9690 comm="syz-fuzzer" path="/syz-fuzzer" dev="sda1" ino=16526 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 2020/11/02 07:15:26 fuzzer started 2020/11/02 07:15:27 dialing manager at 10.0.2.10:35385 2020/11/02 07:15:27 syscalls: 3476 2020/11/02 07:15:27 code coverage: enabled 2020/11/02 07:15:27 comparison tracing: enabled 2020/11/02 07:15:27 extra coverage: enabled 2020/11/02 07:15:27 setuid sandbox: enabled 2020/11/02 07:15:27 namespace sandbox: enabled 2020/11/02 07:15:27 Android sandbox: /sys/fs/selinux/policy does not exist 2020/11/02 07:15:27 fault injection: enabled 2020/11/02 07:15:27 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/11/02 07:15:27 net packet injection: enabled 2020/11/02 07:15:27 net device setup: enabled 2020/11/02 07:15:27 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/11/02 07:15:27 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/11/02 07:15:27 USB emulation: enabled 2020/11/02 07:15:27 hci packet injection: enabled 2020/11/02 07:15:27 wifi device emulation: enabled [ 101.668916][ T47] audit: type=1400 audit(1604301327.587:43): avc: denied { integrity } for pid=9708 comm="syz-executor" lockdown_reason="debugfs access" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1 07:16:32 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, 0x0, &(0x7f0000000300)) [ 166.237881][ T47] audit: type=1400 audit(1604301392.157:44): avc: denied { map } for pid=9712 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=25602 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 07:16:32 executing program 1: syz_mount_image$ocfs2(0x0, 0x0, 0x0, 0x1, &(0x7f0000001700)=[{&(0x7f0000000600)="1b", 0x1}], 0x0, 0x0) 07:16:32 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/fib_trie\x00') read$FUSE(r0, &(0x7f0000002900)={0x2020}, 0x2020) 07:16:32 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet6(r0, &(0x7f00000044c0)=[{{&(0x7f0000000100)={0xa, 0x4e22, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x20}}}, 0x1c, &(0x7f0000000640)=[{&(0x7f0000000140)="8b161286ac15c29622642bb4729dc28bf3598a2a38b20e01ba49e2f8cba0e5aba85b3b86a5625254cf9216fdee97db27883903c3b33470ea821b7cad9968c836ada61409a1efb7c32be0707ce31db4353ce5bf086aec18a8d5c4c06af40a901569d88eaccf0eedc8794780621f9dcacd163c9bb0341ea640ab2fd27e052fd1685abc086ac5097b09e5c6e74739", 0x8d}], 0x1, &(0x7f0000000700)=ANY=[@ANYBLOB="140000000000000029000000340000000100000000000000380000000000000029000000390000009e04026607000000ff010000000000000000000000000001fe8000000000000000000000000000bbc80000000000000029000000370000001616000000000000050200053fa32e27f8d3d1c28545e868a222582ea095a3f153e311899e7ad6baabd525d4e6e642995a2785deaf0b034df7fdbefcb28d565192394024fb0a531d4affbd937219c0500c2f7b9268c5352160474d064271ba0d5708871fc183ee5cdf2f1c7e1585aa41fc483468afcb5e84bfc110516201e0c13d44f12ed9198c2f8d4841bc31d9058b722b13bedb6ec44fa0bc18459eccea113ee96eba40d7ef45dc669aed0aa2b2995805020007000100300000000000000029000000040000003a020000000000000401050502e9ef01050000000000c204000000080000000014000000000000002900000008000000ff0300000000000014000000000000002900000043000000ff0f0000000000001400000000000000290000003e00000004000000000000001400000000000000290000003e000000658e000000000000880000000000000029"], 0x230}}], 0x1, 0x0) [ 167.557656][ T9714] IPVS: ftp: loaded support on port[0] = 21 [ 167.613480][ T9715] IPVS: ftp: loaded support on port[0] = 21 [ 167.705471][ T9714] chnl_net:caif_netlink_parms(): no params data found [ 167.876725][ T9717] IPVS: ftp: loaded support on port[0] = 21 [ 167.932023][ T9714] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.942979][ T9714] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.953073][ T9714] device bridge_slave_0 entered promiscuous mode [ 167.980492][ T9714] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.995336][ T9714] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.010208][ T9714] device bridge_slave_1 entered promiscuous mode [ 168.032920][ T9715] chnl_net:caif_netlink_parms(): no params data found [ 168.093878][ T9714] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 168.115328][ T9714] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 168.156677][ T9719] IPVS: ftp: loaded support on port[0] = 21 [ 168.184173][ T9714] team0: Port device team_slave_0 added [ 168.225899][ T9714] team0: Port device team_slave_1 added [ 168.252467][ T9715] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.264235][ T9715] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.273634][ T9715] device bridge_slave_0 entered promiscuous mode [ 168.285973][ T9715] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.296294][ T9715] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.306533][ T9715] device bridge_slave_1 entered promiscuous mode [ 168.370709][ T9714] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 168.391938][ T9714] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 168.439926][ T9714] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 168.463639][ T9714] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 168.472978][ T9714] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 168.515347][ T9714] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 168.538447][ T9715] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 168.549975][ T9717] chnl_net:caif_netlink_parms(): no params data found [ 168.563006][ T9715] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 168.608773][ T9715] team0: Port device team_slave_0 added [ 168.624698][ T9715] team0: Port device team_slave_1 added [ 168.669869][ T9715] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 168.678463][ T9715] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 168.713651][ T9715] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 168.736733][ T9714] device hsr_slave_0 entered promiscuous mode [ 168.745388][ T9714] device hsr_slave_1 entered promiscuous mode [ 168.767622][ T9715] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 168.782916][ T9715] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 168.832756][ T9715] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 168.892033][ T9715] device hsr_slave_0 entered promiscuous mode [ 168.902217][ T9715] device hsr_slave_1 entered promiscuous mode [ 168.912737][ T9715] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 168.928233][ T9715] Cannot create hsr debugfs directory [ 169.000864][ T9717] bridge0: port 1(bridge_slave_0) entered blocking state [ 169.020168][ T9717] bridge0: port 1(bridge_slave_0) entered disabled state [ 169.034079][ T9717] device bridge_slave_0 entered promiscuous mode [ 169.078473][ T9717] bridge0: port 2(bridge_slave_1) entered blocking state [ 169.089145][ T9717] bridge0: port 2(bridge_slave_1) entered disabled state [ 169.098899][ T9717] device bridge_slave_1 entered promiscuous mode [ 169.127251][ T9719] chnl_net:caif_netlink_parms(): no params data found [ 169.155382][ T9717] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 169.174397][ T9717] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 169.224541][ T9717] team0: Port device team_slave_0 added [ 169.236789][ T9717] team0: Port device team_slave_1 added [ 169.326896][ T9719] bridge0: port 1(bridge_slave_0) entered blocking state [ 169.337027][ T9719] bridge0: port 1(bridge_slave_0) entered disabled state [ 169.349239][ T9719] device bridge_slave_0 entered promiscuous mode [ 169.360990][ T9717] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 169.372905][ T9717] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 169.426170][ T9717] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 169.465305][ T9719] bridge0: port 2(bridge_slave_1) entered blocking state [ 169.480249][ T9719] bridge0: port 2(bridge_slave_1) entered disabled state [ 169.497254][ T9719] device bridge_slave_1 entered promiscuous mode [ 169.514699][ T9717] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 169.525091][ T9717] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 169.571820][ T9735] Bluetooth: hci0: command 0x0409 tx timeout [ 169.572814][ T9717] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 169.613309][ T9719] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 169.640989][ T3074] Bluetooth: hci1: command 0x0409 tx timeout [ 169.680800][ T9719] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 169.792091][ T9717] device hsr_slave_0 entered promiscuous mode [ 169.804112][ T9717] device hsr_slave_1 entered promiscuous mode [ 169.815381][ T9717] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 169.826435][ T9717] Cannot create hsr debugfs directory [ 169.845527][ T9719] team0: Port device team_slave_0 added [ 169.861566][ T47] audit: type=1400 audit(1604301395.767:45): avc: denied { create } for pid=9714 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 169.902889][ T47] audit: type=1400 audit(1604301395.767:46): avc: denied { write } for pid=9714 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 169.908288][ T28] Bluetooth: hci2: command 0x0409 tx timeout [ 169.940020][ T47] audit: type=1400 audit(1604301395.767:47): avc: denied { read } for pid=9714 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 170.003001][ T9714] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 170.019605][ T9719] team0: Port device team_slave_1 added [ 170.044561][ T9714] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 170.080830][ T9719] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 170.091352][ T9719] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 170.128454][ T28] Bluetooth: hci3: command 0x0409 tx timeout [ 170.133032][ T9719] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 170.173581][ T9714] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 170.184776][ T9714] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 170.213531][ T9719] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 170.226822][ T9719] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 170.268180][ T9719] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 170.310736][ T9715] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 170.325584][ T9715] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 170.355869][ T9715] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 170.371828][ T9719] device hsr_slave_0 entered promiscuous mode [ 170.386072][ T9719] device hsr_slave_1 entered promiscuous mode [ 170.401084][ T9719] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 170.418686][ T9719] Cannot create hsr debugfs directory [ 170.445121][ T9715] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 170.551851][ T9717] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 170.564318][ T9717] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 170.585710][ T9717] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 170.598478][ T9717] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 170.665097][ T9719] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 170.678849][ T9719] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 170.691127][ T9719] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 170.704963][ T9719] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 170.796589][ T9714] 8021q: adding VLAN 0 to HW filter on device bond0 [ 170.813952][ T9715] 8021q: adding VLAN 0 to HW filter on device bond0 [ 170.842030][ T1709] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 170.854009][ T1709] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 170.869040][ T9714] 8021q: adding VLAN 0 to HW filter on device team0 [ 170.882493][ T9715] 8021q: adding VLAN 0 to HW filter on device team0 [ 170.891393][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 170.901589][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 170.915015][ T9717] 8021q: adding VLAN 0 to HW filter on device bond0 [ 170.934252][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 170.944630][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 170.955649][ T34] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.964441][ T34] bridge0: port 1(bridge_slave_0) entered forwarding state [ 170.975864][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 170.985973][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 170.996065][ T34] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.004201][ T34] bridge0: port 1(bridge_slave_0) entered forwarding state [ 171.017908][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 171.031261][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 171.055704][ T9717] 8021q: adding VLAN 0 to HW filter on device team0 [ 171.082977][ T3071] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 171.102141][ T3071] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 171.119474][ T3071] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.140996][ T3071] bridge0: port 2(bridge_slave_1) entered forwarding state [ 171.159655][ T3071] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 171.174386][ T3071] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 171.184560][ T3071] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.193356][ T3071] bridge0: port 2(bridge_slave_1) entered forwarding state [ 171.202427][ T3071] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 171.211246][ T3071] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 171.230353][ T9719] 8021q: adding VLAN 0 to HW filter on device bond0 [ 171.251848][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 171.261473][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 171.273589][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 171.283309][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 171.292390][ T23] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.300251][ T23] bridge0: port 1(bridge_slave_0) entered forwarding state [ 171.309117][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 171.319200][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 171.329189][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 171.345529][ T3071] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 171.356038][ T3071] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 171.365835][ T3071] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 171.382580][ T3071] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 171.394240][ T3071] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 171.404858][ T3071] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.415845][ T3071] bridge0: port 2(bridge_slave_1) entered forwarding state [ 171.434464][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 171.443389][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 171.452780][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 171.462921][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 171.473161][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 171.483614][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 171.496332][ T9719] 8021q: adding VLAN 0 to HW filter on device team0 [ 171.510114][ T9735] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 171.520224][ T9735] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 171.531845][ T9735] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 171.541747][ T9735] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 171.556160][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 171.569776][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 171.595386][ T9715] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 171.610536][ T9715] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 171.626736][ T9748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 171.636551][ T9748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 171.647809][ T9748] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 171.648210][ T28] Bluetooth: hci0: command 0x041b tx timeout [ 171.657462][ T9748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 171.673803][ T9748] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 171.686444][ T9748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 171.697558][ T9748] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 171.706966][ T9748] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.715421][ T9748] bridge0: port 1(bridge_slave_0) entered forwarding state [ 171.718640][ T28] Bluetooth: hci1: command 0x041b tx timeout [ 171.725800][ T9748] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 171.754035][ T9748] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 171.810417][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 171.827852][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 171.843570][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 171.855536][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 171.888311][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.902163][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 171.910802][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 171.920939][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 171.932039][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 171.942105][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 171.953478][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 171.964528][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 171.968321][ T28] Bluetooth: hci2: command 0x041b tx timeout [ 171.975550][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 171.999577][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 172.008625][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 172.019904][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 172.031044][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 172.041635][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 172.063634][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 172.074814][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 172.085328][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 172.098852][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 172.114450][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 172.125960][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 172.136625][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 172.154631][ T9714] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 172.174174][ T9719] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 172.196025][ T9735] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 172.208155][ T28] Bluetooth: hci3: command 0x041b tx timeout [ 172.217606][ T9735] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 172.236313][ T9715] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 172.248941][ T9717] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 172.284673][ T9748] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 172.293797][ T9748] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 172.309987][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 172.321989][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 172.335893][ T9714] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 172.353829][ T1709] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 172.371644][ T1709] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 172.405041][ T9719] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 172.418825][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 172.433483][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 172.458737][ T9717] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 172.476795][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 172.488948][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 172.501749][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 172.514298][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 172.526822][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 172.537487][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 172.549240][ T9715] device veth0_vlan entered promiscuous mode [ 172.576676][ T9715] device veth1_vlan entered promiscuous mode [ 172.594157][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 172.606033][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 172.620651][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 172.636475][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 172.649551][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 172.666882][ T9735] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 172.679090][ T9735] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 172.697248][ T9714] device veth0_vlan entered promiscuous mode [ 172.715805][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 172.726003][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 172.741450][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 172.762191][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 172.776385][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 172.798345][ T9719] device veth0_vlan entered promiscuous mode [ 172.812515][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 172.825143][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 172.842568][ T9714] device veth1_vlan entered promiscuous mode [ 172.856015][ T9719] device veth1_vlan entered promiscuous mode [ 172.880344][ T9715] device veth0_macvtap entered promiscuous mode [ 172.898310][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 172.910232][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 172.921583][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 172.934567][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 172.950894][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 172.968855][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 172.981357][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 172.993487][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 173.008803][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 173.020897][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 173.035707][ T9715] device veth1_macvtap entered promiscuous mode [ 173.053864][ T9717] device veth0_vlan entered promiscuous mode [ 173.080123][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 173.094468][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 173.120775][ T9717] device veth1_vlan entered promiscuous mode [ 173.139744][ T9715] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 173.153833][ T9735] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 173.168721][ T9735] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 173.193263][ T9714] device veth0_macvtap entered promiscuous mode [ 173.206156][ T9715] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 173.235517][ T9715] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.250736][ T9715] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.264626][ T9715] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.276430][ T9715] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.289682][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 173.299179][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 173.309688][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 173.320834][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 173.331996][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 173.344638][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 173.356230][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 173.373918][ T9714] device veth1_macvtap entered promiscuous mode [ 173.386250][ T9719] device veth0_macvtap entered promiscuous mode [ 173.409434][ T9719] device veth1_macvtap entered promiscuous mode [ 173.443501][ T1709] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 173.454144][ T1709] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 173.472846][ T1709] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 173.498650][ T1709] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 173.522614][ T1709] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 173.550958][ T9714] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 173.566958][ T9714] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.586103][ T9714] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 173.603659][ T9717] device veth0_macvtap entered promiscuous mode [ 173.617614][ T9748] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 173.631745][ T9748] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 173.648402][ T9748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 173.666797][ T9717] device veth1_macvtap entered promiscuous mode [ 173.680806][ T9714] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 173.703227][ T9714] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.716840][ T9714] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 173.731991][ T9719] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 173.748191][ T1709] Bluetooth: hci0: command 0x040f tx timeout [ 173.757206][ T9719] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.773147][ T9719] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 173.787960][ T9719] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.801798][ T28] Bluetooth: hci1: command 0x040f tx timeout [ 173.803327][ T9719] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 173.820351][ T9747] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 173.833464][ T9747] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 173.844401][ T9747] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 173.855507][ T9747] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 173.867567][ T9747] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 173.893822][ T9714] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.910848][ T9714] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.925064][ T9714] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.936087][ T9714] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.960778][ T9719] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 173.974905][ T9719] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.990316][ T9719] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 174.005154][ T9719] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.035946][ T9719] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 174.054729][ T9746] Bluetooth: hci2: command 0x040f tx timeout [ 174.077421][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 174.088350][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 174.110130][ T9719] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.120942][ T9719] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.131684][ T9719] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.145493][ T9719] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.172571][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 174.183368][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 174.199779][ T9717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 174.215126][ T9717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.227322][ T9717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 174.239519][ T9717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.255095][ T9717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 174.267108][ T9717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.283914][ T9717] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 174.288990][ T28] Bluetooth: hci3: command 0x040f tx timeout [ 174.315047][ T9735] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 174.328460][ T9735] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 174.341515][ T9735] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 174.362313][ T9717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 174.385737][ T9717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.410342][ T9717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 174.437775][ T9717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.458239][ T9717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 174.479223][ T9717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.498872][ T9717] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 174.540667][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 174.563675][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 174.587203][ T9717] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.609148][ T9717] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.623700][ T9717] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.634722][ T9717] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.655710][ T9739] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 174.667135][ T9739] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 174.691053][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 174.712606][ T47] audit: type=1400 audit(1604301400.637:48): avc: denied { associate } for pid=9715 comm="syz-executor.1" name="syz1" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 174.791725][ T9715] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 174.793481][ T9730] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 174.826258][ T9730] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 174.840372][ T2958] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 174.840390][ T1709] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 174.967574][ T2958] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 175.041993][ T2958] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 175.064748][ T9753] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/9753 [ 175.066321][ T9753] caller is lockdep_hardirqs_on_prepare+0x5e/0x410 [ 175.066470][ T9753] CPU: 2 PID: 9753 Comm: syz-executor.1 Not tainted 5.10.0-rc1-syzkaller #0 [ 175.066476][ T9753] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 175.066517][ T9753] Call Trace: [ 175.066643][ T9753] dump_stack+0x107/0x163 [ 175.066698][ T9753] check_preemption_disabled+0x123/0x130 [ 175.066711][ T9753] lockdep_hardirqs_on_prepare+0x5e/0x410 [ 175.066742][ T9753] trace_hardirqs_on+0x5b/0x1c0 [ 175.066760][ T9753] __bad_area_nosemaphore+0xc6/0x400 [ 175.066772][ T9753] do_user_addr_fault+0x7d7/0xb40 [ 175.066785][ T9753] exc_page_fault+0x9e/0x180 [ 175.066810][ T9753] ? asm_exc_page_fault+0x8/0x30 [ 175.066819][ T9753] asm_exc_page_fault+0x1e/0x30 [ 175.066866][ T9753] RIP: 0033:0x43c566 [ 175.066892][ T9753] Code: 00 0f 1f 00 66 0f ef c0 66 0f ef c9 66 0f ef d2 66 0f ef db 48 89 f8 48 89 f9 48 81 e1 ff 0f 00 00 48 81 f9 cf 0f 00 00 77 6a 0f 6f 20 66 0f 74 e0 66 0f d7 d4 85 d2 74 04 0f bc c2 c3 48 83 [ 175.066970][ T9753] RSP: 002b:00007f5063711aa8 EFLAGS: 00010293 [ 175.067080][ T9753] RAX: 0000000000000000 RBX: 00007f5063711b40 RCX: 0000000000000000 [ 175.067086][ T9753] RDX: 0000000000000003 RSI: 00000000000001ff RDI: 0000000000000000 [ 175.067092][ T9753] RBP: 00007f5063711b00 R08: 0000000020001718 R09: 0000000000000000 [ 175.067097][ T9753] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000000000000 [ 175.067102][ T9753] R13: 0000000000000000 R14: 0000000020001700 R15: 0000000000000000 [ 175.067121][ T9753] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/9753 [ 175.067129][ T9753] caller is lockdep_hardirqs_on+0x38/0x110 [ 175.067138][ T9753] CPU: 2 PID: 9753 Comm: syz-executor.1 Not tainted 5.10.0-rc1-syzkaller #0 [ 175.067144][ T9753] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 175.067146][ T9753] Call Trace: [ 175.067157][ T9753] dump_stack+0x107/0x163 [ 175.067167][ T9753] check_preemption_disabled+0x123/0x130 [ 175.067175][ T9753] ? __bad_area_nosemaphore+0xc6/0x400 [ 175.067184][ T9753] lockdep_hardirqs_on+0x38/0x110 [ 175.067192][ T9753] __bad_area_nosemaphore+0xc6/0x400 [ 175.067203][ T9753] do_user_addr_fault+0x7d7/0xb40 [ 175.067216][ T9753] exc_page_fault+0x9e/0x180 [ 175.067224][ T9753] ? asm_exc_page_fault+0x8/0x30 [ 175.067233][ T9753] asm_exc_page_fault+0x1e/0x30 [ 175.067239][ T9753] RIP: 0033:0x43c566 [ 175.067247][ T9753] Code: 00 0f 1f 00 66 0f ef c0 66 0f ef c9 66 0f ef d2 66 0f ef db 48 89 f8 48 89 f9 48 81 e1 ff 0f 00 00 48 81 f9 cf 0f 00 00 77 6a 0f 6f 20 66 0f 74 e0 66 0f d7 d4 85 d2 74 04 0f bc c2 c3 48 83 [ 175.067252][ T9753] RSP: 002b:00007f5063711aa8 EFLAGS: 00010293 [ 175.067260][ T9753] RAX: 0000000000000000 RBX: 00007f5063711b40 RCX: 0000000000000000 [ 175.067265][ T9753] RDX: 0000000000000003 RSI: 00000000000001ff RDI: 0000000000000000 [ 175.067271][ T9753] RBP: 00007f5063711b00 R08: 0000000020001718 R09: 0000000000000000 [ 175.067276][ T9753] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000000000000 [ 175.067281][ T9753] R13: 0000000000000000 R14: 0000000020001700 R15: 0000000000000000 [ 175.075031][ T2958] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 175.563102][ T9745] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 175.575482][ T9745] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 175.595570][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 175.609591][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 175.625445][ T2958] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 175.631116][ T9745] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 175.643063][ T2958] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 175.668425][ T9753] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/9753 [ 175.685462][ T9753] caller is lockdep_hardirqs_on_prepare+0x5e/0x410 [ 175.695055][ T9753] CPU: 1 PID: 9753 Comm: syz-executor.1 Not tainted 5.10.0-rc1-syzkaller #0 [ 175.697704][ T1709] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 07:16:41 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_ifreq(r0, 0x8912, &(0x7f0000000780)={'veth0_to_hsr\x00', @ifru_addrs=@phonet}) [ 175.704985][ T9753] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 175.704985][ T9753] Call Trace: 07:16:41 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0xc0189436, &(0x7f0000000100)={'gre0\x00', &(0x7f0000000040)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @rand_addr, @private}}}}) [ 175.704985][ T9753] dump_stack+0x107/0x163 [ 175.704985][ T9753] check_preemption_disabled+0x123/0x130 [ 175.704985][ T9753] lockdep_hardirqs_on_prepare+0x5e/0x410 [ 175.704985][ T9753] trace_hardirqs_on+0x5b/0x1c0 [ 175.704985][ T9753] __bad_area_nosemaphore+0xc6/0x400 [ 175.704985][ T9753] do_user_addr_fault+0x7d7/0xb40 [ 175.704985][ T9753] exc_page_fault+0x9e/0x180 [ 175.704985][ T9753] ? asm_exc_page_fault+0x8/0x30 [ 175.704985][ T9753] asm_exc_page_fault+0x1e/0x30 [ 175.704985][ T9753] RIP: 0033:0x43c566 [ 175.704985][ T9753] Code: 00 0f 1f 00 66 0f ef c0 66 0f ef c9 66 0f ef d2 66 0f ef db 48 89 f8 48 89 f9 48 81 e1 ff 0f 00 00 48 81 f9 cf 0f 00 00 77 6a 0f 6f 20 66 0f 74 e0 66 0f d7 d4 85 d2 74 04 0f bc c2 c3 48 83 [ 175.704985][ T9753] RSP: 002b:00007f5063711aa8 EFLAGS: 00010293 [ 175.704985][ T9753] RAX: 0000000000000000 RBX: 00007f5063711b40 RCX: 0000000000000000 [ 175.704985][ T9753] RDX: 0000000000000003 RSI: 00000000000001ff RDI: 0000000000000000 [ 175.704985][ T9753] RBP: 00007f5063711b00 R08: 0000000020001718 R09: 0000000000000000 [ 175.704985][ T9753] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000000000000 [ 175.704985][ T9753] R13: 0000000000000000 R14: 0000000020001700 R15: 0000000000000000 [ 175.707484][ T9753] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/9753 [ 175.707493][ T9753] caller is lockdep_hardirqs_on+0x38/0x110 [ 175.707502][ T9753] CPU: 1 PID: 9753 Comm: syz-executor.1 Not tainted 5.10.0-rc1-syzkaller #0 [ 175.707508][ T9753] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 175.707511][ T9753] Call Trace: [ 175.707522][ T9753] dump_stack+0x107/0x163 [ 175.707533][ T9753] check_preemption_disabled+0x123/0x130 [ 175.707541][ T9753] ? __bad_area_nosemaphore+0xc6/0x400 [ 175.707550][ T9753] lockdep_hardirqs_on+0x38/0x110 [ 175.707558][ T9753] __bad_area_nosemaphore+0xc6/0x400 [ 175.707570][ T9753] do_user_addr_fault+0x7d7/0xb40 [ 175.707583][ T9753] exc_page_fault+0x9e/0x180 [ 175.707592][ T9753] ? asm_exc_page_fault+0x8/0x30 [ 175.707601][ T9753] asm_exc_page_fault+0x1e/0x30 [ 175.707607][ T9753] RIP: 0033:0x43c566 [ 175.707616][ T9753] Code: 00 0f 1f 00 66 0f ef c0 66 0f ef c9 66 0f ef d2 66 0f ef db 48 89 f8 48 89 f9 48 81 e1 ff 0f 00 00 48 81 f9 cf 0f 00 00 77 6a 0f 6f 20 66 0f 74 e0 66 0f d7 d4 85 d2 74 04 0f bc c2 c3 48 83 [ 175.707621][ T9753] RSP: 002b:00007f5063711aa8 EFLAGS: 00010293 [ 175.707633][ T9753] RAX: 0000000000000000 RBX: 00007f5063711b40 RCX: 0000000000000000 [ 175.707639][ T9753] RDX: 0000000000000003 RSI: 00000000000001ff RDI: 0000000000000000 [ 175.707644][ T9753] RBP: 00007f5063711b00 R08: 0000000020001718 R09: 0000000000000000 [ 175.707649][ T9753] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000000000000 [ 175.707655][ T9753] R13: 0000000000000000 R14: 0000000020001700 R15: 0000000000000000 [ 176.204506][ T9746] Bluetooth: hci0: command 0x0419 tx timeout [ 176.215994][ T9750] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 176.217113][ T9746] Bluetooth: hci1: command 0x0419 tx timeout [ 176.237710][ T9750] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 176.248199][ T9746] Bluetooth: hci2: command 0x0419 tx timeout [ 176.267649][ T9745] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 07:16:42 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x8, &(0x7f00000000c0), 0x4) [ 176.371370][ T9746] Bluetooth: hci3: command 0x0419 tx timeout 07:16:42 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_GROUP={0x8, 0x1b, 0x3}, @IFLA_ALT_IFNAME={0x14, 0x35, 'wg2\x00'}, @IFLA_TARGET_NETNSID={0x8}]}, 0x44}}, 0x0) 07:16:42 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/fib_trie\x00') read$FUSE(r0, &(0x7f0000002900)={0x2020}, 0x2020) 07:16:42 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$bt_hci(r0, 0x0, 0x17, 0x0, &(0x7f0000000700)) 07:16:42 executing program 0: lchown(0x0, 0xee01, 0xee01) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x11, 0x2, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "000001000000000008fc9d71fc00000000000000f8ffff002e0b3836005404b0d6301a4ce875f2e3ff5f163ee340b76795008000f8000000000104003c5811039e15775027ecce66fd792bbf0e5bf5ff9b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ff42c65400"}, 0x80) getsockname$packet(r1, &(0x7f00000004c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000003c0)=@delchain={0x34, 0x28, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0xe94}, {0x0, 0xffff}}, [@filter_kind_options=@f_cgroup={{0xb, 0x1, 'cgroup\x00'}, {0x4}}]}, 0x34}}, 0x0) 07:16:42 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$bt_hci(r0, 0x0, 0xa, 0x0, &(0x7f0000000700)) 07:16:42 executing program 1: bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x12, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40) 07:16:42 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000600)={'tunl0\x00', &(0x7f00000002c0)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x16, 0x4, 0x0, 0x0, 0x58, 0x0, 0xfffd, 0x0, 0x0, 0x0, @broadcast, @rand_addr, {[@ra={0x94, 0x4, 0x1}, @timestamp={0x44, 0x10, 0x2e, 0x0, 0xd, [0x4, 0x70, 0x3]}, @noop, @ssrr={0x89, 0x27, 0x53, [@rand_addr=0x64010101, @initdev={0xac, 0x1e, 0x1, 0x0}, @loopback, @remote, @private=0xa010102, @multicast2, @multicast2, @loopback, @multicast2]}, @generic={0x94, 0x6, "542e1cd2"}]}}}}}) r1 = openat$procfs(0xffffff9c, &(0x7f0000000100)='/proc/vmallocinfo\x00', 0x0, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x0, 0x0, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_ADD_COUNTERS(r2, 0x0, 0x4, 0x0, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000080)={'erspan0\x00', &(0x7f0000000040)=ANY=[@ANYBLOB="65727370616e30000000000000020000", @ANYRES32=0x0, @ANYBLOB="00200700000000000000003a469d00181c680000042f9078bb3a937de000000200000000"]}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000200)={'ip6gre0\x00', &(0x7f0000000180)={'syztnl2\x00', 0x0, 0x4, 0x3f, 0x2, 0xfffffffb, 0x1, @empty, @mcast2, 0x20, 0x7800, 0xffffff81, 0x7fffffff}}) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'vxcan0\x00'}) ioctl$ifreq_SIOCGIFINDEX_wireguard(r2, 0x8933, &(0x7f0000000280)={'wg0\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000400)={'ip_vti0\x00', &(0x7f00000006c0)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="0001008000000002000004014bd400ec00000002ac1e0101441cc261e000000100000008ac14142900000081ac1414bb00000fff07172cffffffffac1415aae0000001e000000100000000444c0983ffffffff000001ffac1e0101000001000000000029d43df4e000000200000001e0000002000000810000000000000002ac1e0001000000037f00000100000004ac1414aa00000000862f000000030506169e6e1b000b2afd6f3c1e942c25cc0702060f0e0a05a693cb5c296e1725f0a200046465000326830f0eac141411ac1e0001ac1414190107177e0000000064010102ac1414bbe0000002ac1414bb0000001f31ca0755f5a06225af8493046d0411b06be06976fe03c9135cd175a48a6130cae0"]}) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000340)={'syztnl2\x00', &(0x7f0000000340)=ANY=[]}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000580)={'syztnl1\x00', &(0x7f0000000500)={'ip6tnl0\x00', 0x0, 0x2f, 0x1, 0x0, 0xff, 0x40, @local, @remote, 0x40, 0x700, 0x2, 0x1ff}}) ioctl$sock_SIOCADDRT(r2, 0x890b, &(0x7f0000000600)={0x0, @in={0x2, 0x4e22, @private=0xa010100}, @can, @l2={0x1f, 0x400, @fixed={[], 0x10}, 0x9, 0x1}, 0xfff7, 0x0, 0x0, 0x0, 0x3, &(0x7f00000005c0)='erspan0\x00', 0x4}) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000680)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000f80)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000f40)={&(0x7f0000000800)=ANY=[@ANYBLOB="80080000", @ANYRES16=0x0, @ANYBLOB="01002cbd7000fcdbdf250000000008000100", @ANYRES32=r3, @ANYRESOCT=r7, @ANYRES32=0x0, @ANYBLOB="3c000100240001006c625f74785f6d6574686f6400000000000000000000000000000000000000000500030005000000090004006861736800000000400001002400010071756575655f69640000000000000000000000000000000000000000000000000500030003000000080004000100000008000600", @ANYRES32=0x0, @ANYRESOCT, @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r4, @ANYBLOB="780002803c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000005000300060000000400040008000700", @ANYRESDEC, @ANYBLOB="38000100240001006c625f73746174735f726566726573685f696e74657276616c000000000000000500030003000000080004007f00000008000100", @ANYRES32=0x0, @ANYBLOB="4400028040000100240001006c625f686173685f737461747300000000000000000000000000000000000000050003000b0000000800040004000000080007000000000008000100", @ANYRES32=0x0, @ANYBLOB="280102803c00010024000100656e61626c65640000000000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=r5, @ANYBLOB="3c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB="38000100240001006e6f746966795f70656572735f696e74657276616c0000000000000000000000050003000300000008000400d83affff38000100240001006d636173745f72656a6f696e5f636f756e740000000000000000000000000000050003000300000008000400000000003c000100240001006c625f74785f6d6574686f640000000000000000000000000000000000000000050003000500000009000400686173680000000008000100", @ANYRESOCT, @ANYRESHEX=r8, @ANYBLOB="abfd46fe02094ba4a99ab38b0c31d60d9235d797381bbeacd0a8438f7e42", @ANYBLOB="38000100240001006d636173745f72656a6f696e5f696e74657276617e090db01194132ed16f6c00000000000000000000000500030003000000080004000900000040000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e670000000000000500e53fe885b1da6f2731e170e6e34911c02f27208e3159dd9f528e749fc2553ffb6f861fb5147a7c62be9c0b9ef9a6ad9294c10a27dd88f0b0bc72d81402c62f2352c74c76c9addc0af5b51002557dc883401ee15f5d5825a642bf0d74ee0f13b1b6a14c5d878273cd0188d4ab7573835eecfd5f0e51af5172027c4c298a50e3ea76102b0a7610af298207bd42041b3805c6eccf4e0a8c88d67843ac87b5f5ee33206371b0", @ANYRES32=0x0, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="8802028040000100240001006d6f64650000000000000000000000000000000000000000000000000000000005000300050000000f000400726f756e64726f62696e00003c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000005000300060000000400040008000600", @ANYRES32=r6, @ANYRESDEC=r3, @ANYRES32, @ANYBLOB="3c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB="74000100240001006270665f686173685f66756e6300000000000000000000000000000000000000050003000b00000044000400e10a020902000000010002010700000001000704020000000400ff1f040000000002fff70900000008001f0005000000000081963f000000ffff0007030000003c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB="400001002400010071756575655f69640000000000000000000000000000000000000000000000000500030003", @ANYRES32=r7, @ANYBLOB='\x00'/18, @ANYRES32=0x0, @ANYRESDEC=r3, @ANYRESHEX, @ANYBLOB="4000010024e400007072696f7269747900000000000000000000000903000e15bd5a0e0000000800040008000000b13d48e800"/61, @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r8, @ANYBLOB="44000280400001002400010071756575655f69640000000000000000000000000000000000000000000000000500030003000000080004004000000008000600", @ANYRES32=0x0, @ANYBLOB], 0x880}}, 0x4000000) r9 = openat$hwrng(0xffffff9c, &(0x7f0000000180)='/dev/hwrng\x00', 0x10000, 0x0) r10 = openat$procfs(0xffffff9c, &(0x7f0000000100)='/proc/vmallocinfo\x00', 0x0, 0x0) setsockopt$inet_tcp_int(r10, 0x6, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_tracing={0x1a, 0xa, &(0x7f0000000000)=@raw=[@alu={0x7, 0x1, 0x5, 0x6, 0x6, 0xc, 0xfffffffffffffffc}, @alu={0x7, 0x1, 0x3, 0x6, 0xa, 0xffffffffffffffe0, 0xfffffffffffffff0}, @map_val={0x18, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1}, @map={0x18, 0x0, 0x1, 0x0, r1}, @alu={0x7, 0x0, 0x9, 0x0, 0x6, 0xffffffffffffffe0, 0xffffffffffffffff}, @map, @call={0x85, 0x0, 0x0, 0x57}], &(0x7f0000000080)='GPL\x00', 0x8, 0x8f, &(0x7f00000000c0)=""/143, 0x40f00, 0x1, [], r5, 0x18, r9, 0x8, &(0x7f00000001c0)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000000200)={0x2, 0x0, 0xffffff8e, 0x2}, 0x10, 0xf6d1, r10}, 0x74) 07:16:42 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_ifreq(r0, 0x891b, &(0x7f0000000780)={'macvlan0\x00', @ifru_addrs=@phonet}) 07:16:42 executing program 3: r0 = getpid() r1 = getpgid(0x0) rt_tgsigqueueinfo(r0, r1, 0x0, &(0x7f0000000080)={0x0, 0x0, 0xfffffffb}) 07:16:42 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b5b0707"], 0x78) 07:16:42 executing program 0: perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00') readv(r0, &(0x7f00000006c0)=[{&(0x7f0000001400)=""/4100, 0x1063}], 0x1) msgget(0x0, 0xa0) socket(0xa, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000cab000)) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000640)={'sit0\x00', 0x0}) r1 = add_key$keyring(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$clear(0x7, 0x0) keyctl$revoke(0x3, r1) msgrcv(0x0, 0x0, 0x0, 0x0, 0x0) msgctl$MSG_INFO(0x0, 0xc, 0x0) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000540)={0x2, 0x0, [{0x5000, 0x1000, &(0x7f0000002440)=""/4096}, {0xd000, 0x1000, &(0x7f0000003440)=""/4096}]}) [ 176.556136][ T47] audit: type=1400 audit(1604301402.477:49): avc: denied { map_create } for pid=9794 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 07:16:42 executing program 3: openat$hwrng(0xffffff9c, &(0x7f00000005c0)='/dev/hwrng\x00', 0x0, 0x0) pselect6(0x40, &(0x7f0000000000)={0x7}, 0x0, 0x0, 0x0, 0x0) 07:16:42 executing program 2: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000020000000000000000c04850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000300)='lock_acquire\x00', r0}, 0x10) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000000500)=[{&(0x7f0000000100)="580000001500add427323b472545b45602117fffffff81024e224e227f020001925aa80020007b00090080007f000001e809000000ff0000f069ccdcff74fc3ac7", 0x41}, {&(0x7f0000000300)="84e4bdb8cb93bc56849414a7daf0cf2faac1555b040b7f", 0x17}], 0x2) [ 176.617087][ T47] audit: type=1400 audit(1604301402.497:50): avc: denied { ioctl } for pid=9797 comm="syz-executor.2" path="socket:[37706]" dev="sockfs" ino=37706 ioctlcmd=0x89f1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 07:16:42 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x1, &(0x7f00000000c0), 0x4) 07:16:42 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240)='ethtool\x00') sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000400)={0x34, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_FEATURES_WANTED={0x8, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}]}, @ETHTOOL_A_FEATURES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_batadv\x00'}]}]}, 0x34}}, 0x0) [ 176.721074][ T47] audit: type=1400 audit(1604301402.507:51): avc: denied { prog_load } for pid=9797 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 176.820050][ T47] audit: type=1400 audit(1604301402.507:52): avc: denied { bpf } for pid=9797 comm="syz-executor.2" capability=39 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 07:16:42 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x1, &(0x7f00000000c0), 0x4) 07:16:42 executing program 3: add_key$user(&(0x7f0000000000)='user\x00', 0x0, 0x0, 0xfffff, 0x0) 07:16:42 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240)='ethtool\x00') sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000400)={0x34, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_FEATURES_WANTED={0x8, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}]}, @ETHTOOL_A_FEATURES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_batadv\x00'}]}]}, 0x34}}, 0x0) [ 176.871580][ T47] audit: type=1400 audit(1604301402.507:53): avc: denied { perfmon } for pid=9797 comm="syz-executor.2" capability=38 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 VM DIAGNOSIS: 07:16:41 Registers: info registers vcpu 0 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff840e40bc RDI=ffffffff8faed8c0 RBP=ffffffff8faed880 RSP=ffffc9000a10f630 R8 =0000000000000001 R9 =0000000000000003 R10=000000000000000a R11=0000000000000000 R12=0000000000000020 R13=fffffbfff1f5db63 R14=fffffbfff1f5db1a R15=dffffc0000000000 RIP=ffffffff840e4110 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802ca00000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007ff5bc844000 CR3=0000000014f4e000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=205b5d3138323736302e35373120205b XMM01=30303030303030303030303030303030 XMM02=3030203a333152205d3335373954205b XMM03=52203030303030303030303030303030 XMM04=303030323030303030303030203a3431 XMM05=303030303030203a3531522030303731 XMM06=30303030303030303030303030303030 XMM07=6c656e72656b2072656c6c616b7a7973 XMM08=ffffff0000000000ff000000000000ff XMM09=00000000000000000000000000000000 XMM10=ffffff00000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=00000000000745e7 RBX=ffff888010ac4380 RCX=1ffffffff19d9139 RDX=0000000000000000 RSI=0000000000000001 RDI=0000000000000000 RBP=ffffed1002158870 RSP=ffffc9000041fdf8 R8 =0000000000000001 R9 =0000000000000001 R10=0000000000000000 R11=0000000000000000 R12=0000000000000001 R13=0000000000000001 R14=ffffffff8cecc388 R15=0000000000000000 RIP=ffffffff88e78ed3 RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802cb00000 ffffffff 00c00000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe000003e000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000003c000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007ff5bc845000 CR3=0000000014f4e000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=205b5d3133303537302e35373120205b XMM01=200030002774680030353a30353a3035 XMM02=203a306e616c77205d3835393254205b XMM03=5342492077656e20676e697461657243 XMM04=4449535342202c6b726f7774656e2053 XMM05=3a30353a30353a30353a30353a303520 XMM06=200030002774680030353a30353a3035 XMM07=6c656e72656b2072656c6c616b7a7973 XMM08=ffffff0000000000ff000000000000ff XMM09=00000000000000000000000000000000 XMM10=ffffff00000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 2 RAX=000000000009d1e7 RBX=ffff888010acc3c0 RCX=1ffffffff19d9139 RDX=0000000000000000 RSI=0000000000000001 RDI=0000000000000000 RBP=ffffed1002159878 RSP=ffffc9000042fdf8 R8 =0000000000000001 R9 =0000000000000001 R10=0000000000000000 R11=0000000000000000 R12=0000000000000002 R13=0000000000000002 R14=ffffffff8cecc388 R15=0000000000000000 RIP=ffffffff88e78ed3 RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802cc00000 ffffffff 00c00000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe0000079000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000077000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000000758000 CR3=000000006270d000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000a80000000000000002 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=00000000000000000000000000000000 XMM05=00000000000000a80000000000000002 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 3 RAX=0000000000000001 RBX=0000000000000001 RCX=ffffffff84863f50 RDX=ffff88806990c180 RSI=ffffffff84863fd5 RDI=0000000000000004 RBP=ffff88801966b400 RSP=ffffc90000598e60 R8 =0000000000000000 R9 =ffffffff8cecc38f R10=0000000000000006 R11=0000000000000000 R12=0000000000000001 R13=0000000000000001 R14=ffffc90000375000 R15=ffff8880140b8000 RIP=ffffffff84864121 RFL=00000086 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802cd00000 ffffffff 00c00000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe00000b4000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000b2000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fe337321000 CR3=000000006a40f000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=f06f237af70223096d706d643547c9db XMM01=83531d8ebc9f3e39caa3f139b5934ac9 XMM02=00003b163b1ebb1600001c0b1dd6fc0b XMM03=00000dae0dac8dae000006a8f93b66a8 XMM04=54de524ce5892de6314fb075e0a475c8 XMM05=2b750a8714ddd1026d706d643547c9db XMM06=54de524ce5892de6314fb075e0a475c8 XMM07=2b750a8714ddd1026d706d643547c9db XMM08=0000000000000000e37a9760b376cc3e XMM09=f1e68379d3d774f911c0da4fc606c9d5 XMM10=ffffffffffffffff0b0a090803020100 XMM11=3b05e70d1ddbadf90000000000000000 XMM12=0b0a090803020100ffffffffffffffff XMM13=0c0d0e0f08090a0b0405060700010203 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000