syzkaller login: [ 65.516095][ T38] audit: type=1400 audit(1575130224.832:41): avc: denied { map } for pid=8003 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '[localhost]:54407' (ECDSA) to the list of known hosts. [ 67.364167][ T38] audit: type=1400 audit(1575130226.682:42): avc: denied { map } for pid=8013 comm="syz-fuzzer" path="/syz-fuzzer" dev="sda1" ino=16525 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 2019/11/30 16:10:26 fuzzer started 2019/11/30 16:10:27 dialing manager at 10.0.2.10:40921 2019/11/30 16:10:27 syscalls: 2533 2019/11/30 16:10:27 code coverage: enabled 2019/11/30 16:10:27 comparison tracing: enabled 2019/11/30 16:10:27 extra coverage: extra coverage is not supported by the kernel 2019/11/30 16:10:27 setuid sandbox: enabled 2019/11/30 16:10:27 namespace sandbox: enabled 2019/11/30 16:10:27 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/30 16:10:27 fault injection: enabled 2019/11/30 16:10:27 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/30 16:10:27 net packet injection: enabled 2019/11/30 16:10:27 net device setup: enabled 2019/11/30 16:10:27 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/11/30 16:10:27 devlink PCI setup: PCI device 0000:00:10.0 is not available 16:10:39 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x69, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r0, &(0x7f0000004f40)=[{&(0x7f0000000100)="c8", 0x1}], 0x1) r2 = dup2(r1, r0) connect$unix(r2, &(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e) [ 80.609754][ T38] audit: type=1400 audit(1575130239.922:43): avc: denied { map } for pid=8036 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=21093 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 16:10:40 executing program 1: r0 = socket$inet6(0xa, 0x80003, 0x6b) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="0805b5055e0bcfe8474071") r1 = socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000280)='TIPC\x00') r4 = socket$xdp(0x2c, 0x3, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r4, 0x40106614, &(0x7f0000000080)) sendmsg$TIPC_CMD_GET_LINKS(r2, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x808}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x24, r3, 0x100, 0x70bd26, 0x80, {{}, 0x0, 0x4, 0x0, {0x8, 0x11, 0x6e}}, ["", "", "", "", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x676ed67ab5280785}, 0x40042050) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000900)={'veth0\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, &(0x7f0000000140)={@local, @mcast2, @loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5}) [ 80.791191][ T8037] IPVS: ftp: loaded support on port[0] = 21 [ 80.799304][ T8039] IPVS: ftp: loaded support on port[0] = 21 [ 80.894957][ T8037] chnl_net:caif_netlink_parms(): no params data found [ 80.917882][ T8039] chnl_net:caif_netlink_parms(): no params data found [ 80.956472][ T8037] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.964229][ T8037] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.972426][ T8037] device bridge_slave_0 entered promiscuous mode [ 80.980017][ T8039] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.987344][ T8039] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.995413][ T8039] device bridge_slave_0 entered promiscuous mode [ 81.003381][ T8039] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.010804][ T8039] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.018720][ T8039] device bridge_slave_1 entered promiscuous mode [ 81.025949][ T8037] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.033384][ T8037] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.041275][ T8037] device bridge_slave_1 entered promiscuous mode [ 81.067163][ T8037] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.077769][ T8039] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.088436][ T8037] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.099814][ T8039] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.126896][ T8037] team0: Port device team_slave_0 added [ 81.134731][ T8039] team0: Port device team_slave_0 added [ 81.142145][ T8037] team0: Port device team_slave_1 added [ 81.148703][ T8039] team0: Port device team_slave_1 added [ 81.213847][ T8037] device hsr_slave_0 entered promiscuous mode [ 81.271902][ T8037] device hsr_slave_1 entered promiscuous mode [ 81.363821][ T8039] device hsr_slave_0 entered promiscuous mode [ 81.431860][ T8039] device hsr_slave_1 entered promiscuous mode [ 81.491679][ T8039] debugfs: Directory 'hsr0' with parent '/' already present! [ 81.528085][ T38] audit: type=1400 audit(1575130240.842:44): avc: denied { create } for pid=8039 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 81.552925][ T38] audit: type=1400 audit(1575130240.842:45): avc: denied { write } for pid=8039 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 81.552942][ T38] audit: type=1400 audit(1575130240.842:46): avc: denied { read } for pid=8039 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 81.601301][ T8039] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 81.663305][ T8037] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 81.714125][ T8037] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 81.773899][ T8039] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 81.823505][ T8037] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 81.873269][ T8037] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 81.952963][ T8039] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 82.003094][ T8039] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 82.177242][ T8037] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.187057][ T8039] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.201080][ T1203] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 82.211764][ T1203] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 82.219503][ T1203] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 82.227539][ T1203] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 82.238018][ T8037] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.246247][ T8039] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.256478][ T138] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 82.265112][ T138] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 82.273582][ T138] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.280805][ T138] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.288706][ T138] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 82.298022][ T138] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 82.306293][ T138] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.313413][ T138] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.321879][ T3078] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 82.329678][ T3078] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 82.341577][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 82.349573][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 82.357631][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.364699][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.372304][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 82.383622][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 82.392214][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.398981][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.422779][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 82.431871][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 82.440805][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 82.450736][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 82.459557][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 82.470115][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 82.479080][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 82.488519][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 82.497243][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 82.506455][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 82.515476][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 82.524706][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 82.533460][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 82.542288][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 82.550814][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 82.559563][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 82.568195][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 82.578471][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 82.590014][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 82.600869][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 82.612389][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 82.621926][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 82.632934][ T8037] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 82.641277][ T8039] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 82.661796][ T3078] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 82.669824][ T3078] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 82.678147][ T3078] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 82.686367][ T3078] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 82.701277][ T8039] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.710383][ T8037] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.722961][ T38] audit: type=1400 audit(1575130242.042:47): avc: denied { associate } for pid=8039 comm="syz-executor.1" name="syz1" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 82.860742][ T38] audit: type=1400 audit(1575130242.172:48): avc: denied { open } for pid=8046 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 16:10:42 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000028c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r4 = socket$unix(0x1, 0x2, 0x0) sendto(r4, &(0x7f0000000100)="9506a9a1329223bcf0b4c179e7bd4fcac51fecb01fb75d86ab5eff6f563de0dfb3ba0edddbfe", 0x26, 0x4, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffe}, 0x200000000, 0xffffffffffffffff}, 0x0, 0x5, 0xffffffffffffffff, 0x9) mount(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000001c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EVIOCGUNIQ(0xffffffffffffffff, 0x80404508, &(0x7f0000000180)=""/17) [ 82.889408][ T38] audit: type=1400 audit(1575130242.172:49): avc: denied { kernel } for pid=8046 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 [ 83.314114][ T38] audit: type=1326 audit(1575130242.532:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8052 comm="syz-executor.1" exe="/syz-executor.1" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45bd4a code=0x0 [ 83.531495][ C1] hrtimer: interrupt took 24640 ns [ 240.501878][ T1113] INFO: task syz-executor.0:8046 blocked for more than 143 seconds. [ 240.510230][ T1113] Not tainted 5.4.0-syzkaller #0 [ 240.516052][ T1113] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 240.525445][ T1113] syz-executor.0 D27416 8046 8037 0x00004004 [ 240.532067][ T1113] Call Trace: [ 240.535603][ T1113] __schedule+0x8e1/0x1f30 [ 240.540189][ T1113] ? __sched_text_start+0x8/0x8 [ 240.545314][ T1113] ? __kasan_check_read+0x11/0x20 [ 240.550493][ T1113] ? __lock_acquire+0x16f2/0x4a00 [ 240.556003][ T1113] ? debug_object_active_state+0x28a/0x350 [ 240.562139][ T1113] schedule+0xdc/0x2b0 [ 240.566424][ T1113] schedule_timeout+0x717/0xc50 [ 240.571677][ T1113] ? __kasan_check_read+0x11/0x20 [ 240.576835][ T1113] ? usleep_range+0x170/0x170 [ 240.581755][ T1113] ? mark_held_locks+0xa4/0xf0 [ 240.586720][ T1113] ? _raw_spin_unlock_irq+0x23/0x80 [ 240.592227][ T1113] ? wait_for_completion+0x294/0x440 [ 240.597712][ T1113] ? _raw_spin_unlock_irq+0x23/0x80 [ 240.603296][ T1113] ? lockdep_hardirqs_on+0x421/0x5e0 [ 240.608741][ T1113] ? trace_hardirqs_on+0x67/0x240 [ 240.614158][ T1113] wait_for_completion+0x29c/0x440 [ 240.619548][ T1113] ? wait_for_completion_interruptible+0x470/0x470 [ 240.626409][ T1113] ? wake_up_q+0x140/0x140 [ 240.630981][ T1113] __wait_rcu_gp+0x225/0x2f0 [ 240.635734][ T1113] synchronize_rcu.part.0+0xcf/0xe0 [ 240.641090][ T1113] ? synchronize_rcu_expedited+0x5f0/0x5f0 [ 240.647311][ T1113] ? __call_rcu+0x740/0x740 [ 240.652156][ T1113] ? rcu_gp_is_expedited+0x70/0x70 [ 240.657517][ T1113] synchronize_rcu+0x27/0xa0 [ 240.662470][ T1113] perf_trace_event_unreg.isra.0+0xcb/0x220 [ 240.668660][ T1113] perf_trace_destroy+0xbc/0x100 [ 240.673866][ T1113] tp_perf_event_destroy+0x16/0x20 [ 240.679204][ T1113] ? perf_tp_event_init+0x120/0x120 [ 240.684800][ T1113] _free_event+0x35c/0x1410 [ 240.689611][ T1113] ? ring_buffer_attach+0x650/0x650 [ 240.695192][ T1113] put_event+0x47/0x60 [ 240.699488][ T1113] perf_event_release_kernel+0x772/0xef0 [ 240.705467][ T1113] ? __perf_event_exit_context+0x170/0x170 [ 240.711733][ T1113] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 240.718425][ T1113] perf_release+0x37/0x50 [ 240.723004][ T1113] __fput+0x2ff/0x890 [ 240.727240][ T1113] ? perf_event_release_kernel+0xef0/0xef0 [ 240.733433][ T1113] ____fput+0x16/0x20 [ 240.737705][ T1113] task_work_run+0x145/0x1c0 [ 240.742676][ T1113] exit_to_usermode_loop+0x316/0x380 [ 240.748210][ T1113] do_syscall_64+0x676/0x790 [ 240.753123][ T1113] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 240.759395][ T1113] RIP: 0033:0x413d81 [ 240.763658][ T1113] Code: 89 44 24 10 e8 40 c1 04 00 48 8b 6c 24 18 48 83 c4 20 c3 48 8b 4c 24 30 48 89 0c 24 48 8b 4c 24 38 48 89 4c 24 08 48 89 44 24 <10> e8 99 0c 00 00 48 8b 44 24 40 eb b5 48 8b 44 24 40 eb ae 48 8b [ 240.783841][ T1113] RSP: 002b:00007fff9effb430 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 240.792743][ T1113] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000413d81 [ 240.801079][ T1113] RDX: 0000000000718060 RSI: 0000000000000000 RDI: 0000000000000003 [ 240.809390][ T1113] RBP: 000000000071c980 R08: 00000000000142d2 R09: 00000000000142d2 [ 240.817726][ T1113] R10: 00007fff9effb560 R11: 0000000000000293 R12: 0000000000000000 [ 240.826234][ T1113] R13: 0000000000720bd8 R14: 0000000000720be0 R15: 00007fff9effb540 [ 240.834687][ T1113] [ 240.834687][ T1113] Showing all locks held in the system: [ 240.842793][ T1113] 1 lock held by khungtaskd/1113: [ 240.847931][ T1113] #0: ffffffff895a4080 (rcu_read_lock){....}, at: debug_show_all_locks+0x5f/0x279 [ 240.857959][ T1113] 2 locks held by getty/7978: [ 240.863060][ T1113] #0: ffff88802b6fd090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 240.872521][ T1113] #1: ffffc900040322e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 240.882594][ T1113] 2 locks held by getty/7979: [ 240.887540][ T1113] #0: ffff8880255d9090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 240.896996][ T1113] #1: ffffc9000401a2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 240.908659][ T1113] 2 locks held by getty/7980: [ 240.913656][ T1113] #0: ffff88801ea21090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 240.922844][ T1113] #1: ffffc9000403a2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 240.932824][ T1113] 2 locks held by getty/7981: [ 240.937907][ T1113] #0: ffff888025ede090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 240.948841][ T1113] #1: ffffc900040362e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 240.958643][ T1113] 2 locks held by getty/7982: [ 240.963676][ T1113] #0: ffff88802bb4d090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 240.972945][ T1113] #1: ffffc9000402e2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 240.984765][ T1113] 2 locks held by getty/7983: [ 240.990216][ T1113] #0: ffff888021928090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 240.999820][ T1113] #1: ffffc9000402a2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 241.009340][ T1113] 2 locks held by getty/7984: [ 241.014109][ T1113] #0: ffff88802c6a0090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 241.023419][ T1113] #1: ffffc9000400a2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 241.033229][ T1113] 1 lock held by syz-executor.0/8046: [ 241.038461][ T1113] #0: ffffffff895e8e40 (event_mutex){+.+.}, at: perf_trace_destroy+0x28/0x100 [ 241.047521][ T1113] [ 241.049919][ T1113] ============================================= [ 241.049919][ T1113] [ 241.058532][ T1113] NMI backtrace for cpu 3 [ 241.063055][ T1113] CPU: 3 PID: 1113 Comm: khungtaskd Not tainted 5.4.0-syzkaller #0 [ 241.070986][ T1113] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 241.072993][ T1113] Call Trace: [ 241.072993][ T1113] dump_stack+0x197/0x210 [ 241.072993][ T1113] nmi_cpu_backtrace.cold+0x70/0xb2 [ 241.072993][ T1113] ? vprintk_func+0x86/0x189 [ 241.072993][ T1113] ? lapic_can_unplug_cpu.cold+0x3a/0x3a [ 241.072993][ T1113] nmi_trigger_cpumask_backtrace+0x23b/0x28b [ 241.072993][ T1113] arch_trigger_cpumask_backtrace+0x14/0x20 [ 241.072993][ T1113] watchdog+0xb11/0x10c0 [ 241.072993][ T1113] kthread+0x361/0x430 [ 241.072993][ T1113] ? reset_hung_task_detector+0x30/0x30 [ 241.072993][ T1113] ? kthread_mod_delayed_work+0x1f0/0x1f0 [ 241.072993][ T1113] ret_from_fork+0x24/0x30 [ 241.142516][ T1113] Sending NMI from CPU 3 to CPUs 0-2: [ 241.148045][ C2] NMI backtrace for cpu 2 skipped: idling at native_safe_halt+0xe/0x10 [ 241.148060][ C1] NMI backtrace for cpu 1 skipped: idling at native_safe_halt+0xe/0x10 [ 241.148670][ C0] NMI backtrace for cpu 0 [ 241.148675][ C0] CPU: 0 PID: 8058 Comm: syz-executor.1 Not tainted 5.4.0-syzkaller #0 [ 241.148680][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 241.148683][ C0] RIP: 0010:__lock_acquire+0x21f/0x4a00 [ 241.148691][ C0] Code: 0a 40 80 fe 03 0f 8e 0f 38 00 00 0f b7 70 20 81 e6 ff 1f 00 00 44 39 e6 75 09 48 85 db 0f 85 fc 11 00 00 4c 03 95 60 ff ff ff <44> 89 e6 66 81 e6 ff 1f 49 8d 42 20 48 89 c2 48 89 85 50 ff ff ff [ 241.148694][ C0] RSP: 0018:ffff88802d209c58 EFLAGS: 00000082 [ 241.148699][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 241.148702][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88800a730958 [ 241.148706][ C0] RBP: ffff88802d209d70 R08: 0000000000000001 R09: 0000000000000001 [ 241.148709][ C0] R10: ffff88800a730958 R11: ffff88800a7300c0 R12: 0000000000000051 [ 241.148713][ C0] R13: 0000000000000000 R14: ffff88802d2293d8 R15: 0000000000000001 [ 241.148717][ C0] FS: 00007f8708cf3700(0000) GS:ffff88802d200000(0000) knlGS:0000000000000000 [ 241.148720][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 241.148729][ C0] CR2: ffffffffff600400 CR3: 0000000071290000 CR4: 00000000003406f0 [ 241.148733][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 241.148737][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 241.148738][ C0] Call Trace: [ 241.148740][ C0] [ 241.148743][ C0] ? lock_downgrade+0x920/0x920 [ 241.148745][ C0] ? rwlock_bug.part.0+0x90/0x90 [ 241.148748][ C0] ? __hrtimer_run_queues+0x2ec/0xe40 [ 241.148750][ C0] ? mark_held_locks+0xf0/0xf0 [ 241.148753][ C0] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 241.148756][ C0] ? debug_smp_processor_id+0x33/0x18a [ 241.148758][ C0] lock_acquire+0x190/0x410 [ 241.148761][ C0] ? __hrtimer_run_queues+0x3df/0xe40 [ 241.148763][ C0] _raw_spin_lock_irq+0x60/0x80 [ 241.148766][ C0] ? __hrtimer_run_queues+0x3df/0xe40 [ 241.148768][ C0] __hrtimer_run_queues+0x3df/0xe40 [ 241.148771][ C0] ? __perf_event_overflow+0x370/0x370 [ 241.148773][ C0] ? hrtimer_init+0x330/0x330 [ 241.148776][ C0] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 241.148779][ C0] ? ktime_get_update_offsets_now+0x2ce/0x430 [ 241.148781][ C0] hrtimer_interrupt+0x314/0x770 [ 241.148784][ C0] smp_apic_timer_interrupt+0x160/0x610 [ 241.148786][ C0] apic_timer_interrupt+0xf/0x20 [ 241.148788][ C0] [ 241.148791][ C0] RIP: 0010:_raw_spin_unlock_irq+0x4f/0x80 [ 241.148799][ C0] Code: c0 68 34 53 89 48 ba 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 75 33 48 83 3d 12 2a 99 01 00 74 20 fb 66 0f 1f 44 00 00 01 00 00 00 e8 e7 6b 96 f9 65 8b 05 18 14 48 78 85 c0 74 06 41 [ 241.148801][ C0] RSP: 0018:ffff888070f27588 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 [ 241.148807][ C0] RAX: 1ffffffff12a668d RBX: ffffffff880b3de0 RCX: 0000000000000000 [ 241.148811][ C0] RDX: dffffc0000000000 RSI: 0000000000000006 RDI: ffff88800a730954 [ 241.148814][ C0] RBP: ffff888070f27590 R08: ffff88800a7300c0 R09: 0000000000000000 [ 241.148818][ C0] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88802d237380 [ 241.148821][ C0] R13: ffff88800a7300c0 R14: ffff88800a7300c0 R15: ffff88802d237398 [ 241.148824][ C0] ? _raw_spin_unlock_irq+0x23/0x80 [ 241.148826][ C0] __schedule+0x150a/0x1f30 [ 241.148828][ C0] ? __sched_text_start+0x8/0x8 [ 241.148831][ C0] ? unmap_page_range+0x10b1/0x2ac0 [ 241.148833][ C0] ? preempt_schedule+0x4b/0x60 [ 241.148836][ C0] preempt_schedule_common+0x4f/0xe0 [ 241.148838][ C0] preempt_schedule+0x4b/0x60 [ 241.148841][ C0] ___preempt_schedule+0x16/0x18 [ 241.148843][ C0] _raw_spin_unlock+0x3c/0x40 [ 241.148846][ C0] unmap_page_range+0x10b1/0x2ac0 [ 241.148848][ C0] ? lockdep_hardirqs_on+0x421/0x5e0 [ 241.148851][ C0] ? vm_normal_page_pmd+0x420/0x420 [ 241.148853][ C0] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 241.148856][ C0] ? uprobe_munmap+0xad/0x320 [ 241.148858][ C0] unmap_single_vma+0x19d/0x300 [ 241.148860][ C0] unmap_vmas+0x184/0x2f0 [ 241.148863][ C0] ? zap_vma_ptes+0x110/0x110 [ 241.148865][ C0] ? __kasan_check_write+0x14/0x20 [ 241.148867][ C0] exit_mmap+0x2ba/0x530 [ 241.148870][ C0] ? __ia32_sys_munmap+0x80/0x80 [ 241.148873][ C0] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 241.148875][ C0] ? __khugepaged_exit+0xcf/0x410 [ 241.148877][ C0] mmput+0x179/0x4d0 [ 241.148879][ C0] do_exit+0x806/0x2ef0 [ 241.148882][ C0] ? mm_update_next_owner+0x7c0/0x7c0 [ 241.148884][ C0] ? lock_downgrade+0x920/0x920 [ 241.148887][ C0] ? _raw_spin_unlock_irq+0x23/0x80 [ 241.148889][ C0] ? get_signal+0x392/0x24f0 [ 241.148892][ C0] ? _raw_spin_unlock_irq+0x23/0x80 [ 241.148894][ C0] do_group_exit+0x135/0x360 [ 241.148896][ C0] get_signal+0x47c/0x24f0 [ 241.148898][ C0] ? __fd_install+0x1fb/0x640 [ 241.148901][ C0] ? fd_install+0x4d/0x60 [ 241.148903][ C0] do_signal+0x87/0x1700 [ 241.148905][ C0] ? perf_event_set_output+0x4e0/0x4e0 [ 241.148908][ C0] ? setup_sigcontext+0x7d0/0x7d0 [ 241.148910][ C0] ? put_timespec64+0xda/0x140 [ 241.148913][ C0] ? exit_to_usermode_loop+0x43/0x380 [ 241.148915][ C0] ? do_syscall_64+0x676/0x790 [ 241.148918][ C0] ? exit_to_usermode_loop+0x43/0x380 [ 241.148920][ C0] ? lockdep_hardirqs_on+0x421/0x5e0 [ 241.148923][ C0] ? trace_hardirqs_on+0x67/0x240 [ 241.148925][ C0] exit_to_usermode_loop+0x286/0x380 [ 241.148928][ C0] do_syscall_64+0x676/0x790 [ 241.148931][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 241.148933][ C0] RIP: 0033:0x45a759 [ 241.148935][ C0] Code: Bad RIP value. [ 241.148937][ C0] RSP: 002b:00007f8708cf2c88 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 241.148943][ C0] RAX: 0000000000000007 RBX: 000000000071c0f8 RCX: 000000000045a759 [ 241.148947][ C0] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 000000002001d000 [ 241.148950][ C0] RBP: 0000000000000005 R08: 0000000000000000 R09: 0000000000000000 [ 241.148954][ C0] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f8708cf36d4 [ 241.148957][ C0] R13: 00000000004aec2b R14: 00000000006f1ca8 R15: 00000000ffffffff [ 241.148993][ T1113] Kernel panic - not syncing: hung_task: blocked tasks [ 241.531683][ T1113] CPU: 3 PID: 1113 Comm: khungtaskd Not tainted 5.4.0-syzkaller #0 [ 241.531683][ T1113] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 241.531683][ T1113] Call Trace: [ 241.531683][ T1113] dump_stack+0x197/0x210 [ 241.531683][ T1113] panic+0x2e3/0x75c [ 241.531683][ T1113] ? add_taint.cold+0x16/0x16 [ 241.531683][ T1113] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 241.531683][ T1113] ? printk_safe_flush+0xf2/0x140 [ 241.531683][ T1113] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 241.531683][ T1113] ? nmi_trigger_cpumask_backtrace+0x224/0x28b [ 241.531683][ T1113] ? nmi_trigger_cpumask_backtrace+0x21b/0x28b [ 241.531683][ T1113] watchdog+0xb22/0x10c0 [ 241.531683][ T1113] kthread+0x361/0x430 [ 241.531683][ T1113] ? reset_hung_task_detector+0x30/0x30 [ 241.531683][ T1113] ? kthread_mod_delayed_work+0x1f0/0x1f0 [ 241.531683][ T1113] ret_from_fork+0x24/0x30 [ 241.531683][ T1113] Kernel Offset: disabled [ 241.531683][ T1113] Rebooting in 86400 seconds..