syzkaller login: [ 65.641738][ T37] audit: type=1400 audit(1575088151.660:41): avc: denied { map } for pid=7995 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '[localhost]:36391' (ECDSA) to the list of known hosts. [ 67.458310][ T37] audit: type=1400 audit(1575088153.480:42): avc: denied { map } for pid=8005 comm="syz-fuzzer" path="/syz-fuzzer" dev="sda1" ino=16525 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 2019/11/30 04:29:13 fuzzer started 2019/11/30 04:29:14 dialing manager at 10.0.2.10:40921 2019/11/30 04:29:14 syscalls: 2533 2019/11/30 04:29:14 code coverage: enabled 2019/11/30 04:29:14 comparison tracing: enabled 2019/11/30 04:29:14 extra coverage: extra coverage is not supported by the kernel 2019/11/30 04:29:14 setuid sandbox: enabled 2019/11/30 04:29:14 namespace sandbox: enabled 2019/11/30 04:29:14 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/30 04:29:14 fault injection: enabled 2019/11/30 04:29:14 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/30 04:29:14 net packet injection: enabled 2019/11/30 04:29:14 net device setup: enabled 2019/11/30 04:29:14 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/11/30 04:29:14 devlink PCI setup: PCI device 0000:00:10.0 is not available 04:29:25 executing program 0: socket$netlink(0x10, 0x3, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) open(0x0, 0x0, 0x0) mkdir(0x0, 0x100) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x4, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=@ipv4_delrule={0x20, 0x21, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb}}, 0x20}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') socketpair(0xa, 0x2, 0xdf, &(0x7f0000000080)={0xffffffffffffffff}) r2 = syz_genetlink_get_family_id$nbd(&(0x7f00000001c0)='nbd\x00') sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0xa8900}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x38, r2, 0x4, 0x70bd27, 0x25dfdbfe, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x9}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x4}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x7f}]}, 0x38}}, 0x800) ftruncate(0xffffffffffffffff, 0x2007fff) socket(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x80000000000000c) r3 = openat$null(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/null\x00', 0xb4000, 0x0) lstat(&(0x7f0000000500)='./file0\x00', &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r5 = socket$inet_udp(0x2, 0x2, 0x0) close(r5) connect$inet(r5, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r6 = geteuid() setreuid(r6, 0x0) mount$fuseblk(&(0x7f0000000400)='/dev/loop0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='fuseblk\x00', 0x8048, &(0x7f0000000680)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@allow_other='allow_other'}], [{@mask={'mask', 0x3d, 'MAY_WRITE'}}, {@seclabel='seclabel'}, {@euid_eq={'euid'}}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}, {@fowner_gt={'fowner>', r6}}]}}) [ 79.065559][ T37] audit: type=1400 audit(1575088165.090:43): avc: denied { map } for pid=8029 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=3127 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 04:29:25 executing program 1: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x1f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$hfs(&(0x7f0000000300)='hfs\x00', &(0x7f0000000340)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)={[{@iocharset={'iocharset', 0x3d, 'macroman'}}]}) [ 79.220450][ T8030] IPVS: ftp: loaded support on port[0] = 21 [ 79.255527][ T8032] IPVS: ftp: loaded support on port[0] = 21 [ 79.297604][ T8030] chnl_net:caif_netlink_parms(): no params data found [ 79.332346][ T8030] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.339713][ T8030] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.347466][ T8030] device bridge_slave_0 entered promiscuous mode [ 79.356747][ T8030] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.364295][ T8030] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.372025][ T8030] device bridge_slave_1 entered promiscuous mode [ 79.391714][ T8030] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.406220][ T8030] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.443901][ T8030] team0: Port device team_slave_0 added [ 79.452229][ T8030] team0: Port device team_slave_1 added [ 79.458224][ T8032] chnl_net:caif_netlink_parms(): no params data found [ 79.536409][ T8030] device hsr_slave_0 entered promiscuous mode [ 79.614476][ T8030] device hsr_slave_1 entered promiscuous mode [ 79.704936][ T8032] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.712168][ T8032] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.720013][ T8032] device bridge_slave_0 entered promiscuous mode [ 79.728259][ T8032] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.735785][ T8032] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.743203][ T8032] device bridge_slave_1 entered promiscuous mode [ 79.766826][ T8032] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.779748][ T8032] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.792791][ T37] audit: type=1400 audit(1575088165.810:44): avc: denied { create } for pid=8030 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 79.818062][ T37] audit: type=1400 audit(1575088165.810:45): avc: denied { write } for pid=8030 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 79.842817][ T37] audit: type=1400 audit(1575088165.810:46): avc: denied { read } for pid=8030 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 79.868940][ T8030] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 79.942023][ T8032] team0: Port device team_slave_0 added [ 79.948054][ T8030] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 80.026899][ T8032] team0: Port device team_slave_1 added [ 80.032538][ T8030] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 80.116696][ T8030] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 80.256129][ T8032] device hsr_slave_0 entered promiscuous mode [ 80.324513][ T8032] device hsr_slave_1 entered promiscuous mode [ 80.384390][ T8032] debugfs: Directory 'hsr0' with parent '/' already present! [ 80.423038][ T8032] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 80.476448][ T8032] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 80.546370][ T8032] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 80.608617][ T8032] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 80.708852][ T8030] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.723933][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 80.732147][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 80.741851][ T8030] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.753561][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 80.762918][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 80.771466][ T34] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.778675][ T34] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.789132][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 80.804355][ T8032] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.814947][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 80.823057][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 80.831596][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.838443][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.845704][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 80.855015][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 80.867015][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 80.875540][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 80.883603][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 80.894833][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 80.902390][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 80.910409][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 80.919062][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 80.932587][ T8030] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 80.943875][ T8030] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 80.956431][ T8032] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.964046][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 80.972489][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 80.981253][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 80.990023][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 80.999153][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 81.010387][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 81.019216][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 81.027752][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.034922][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.043865][ T8036] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 81.056096][ T1204] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 81.066134][ T1204] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 81.076710][ T1204] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.084691][ T1204] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.098244][ T3109] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 81.106694][ T3109] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 81.114037][ T3109] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 81.126396][ T8030] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.135165][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 81.143396][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 81.151878][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 81.160299][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 81.171352][ T37] audit: type=1400 audit(1575088167.190:47): avc: denied { associate } for pid=8030 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 81.176053][ T8032] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 81.206662][ T8032] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 81.220549][ T1204] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 81.230752][ T1204] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 81.240552][ T1204] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 81.249975][ T1204] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 81.259649][ T1204] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 81.269153][ T1204] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 81.279674][ T1204] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 81.299546][ T8032] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.308678][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 81.316282][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 81.327853][ T37] audit: type=1400 audit(1575088167.350:48): avc: denied { open } for pid=8039 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 [ 81.354033][ T37] audit: type=1400 audit(1575088167.350:49): avc: denied { kernel } for pid=8039 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 [ 81.379337][ T8045] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 81.408417][ T8047] hfs: can't find a HFS filesystem on dev loop1 [ 81.451230][ C1] hrtimer: interrupt took 34778 ns 04:31:19 executing program 1: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x1f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$hfs(&(0x7f0000000300)='hfs\x00', &(0x7f0000000340)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)={[{@iocharset={'iocharset', 0x3d, 'macroman'}}]}) [ 194.312736][ T8065] IPVS: ftp: loaded support on port[0] = 21 [ 194.381435][ T8065] chnl_net:caif_netlink_parms(): no params data found [ 194.413101][ T8065] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.420457][ T8065] bridge0: port 1(bridge_slave_0) entered disabled state [ 194.429067][ T8065] device bridge_slave_0 entered promiscuous mode [ 194.438091][ T8065] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.446029][ T8065] bridge0: port 2(bridge_slave_1) entered disabled state [ 194.454711][ T8065] device bridge_slave_1 entered promiscuous mode [ 194.471898][ T8065] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 194.483294][ T8065] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 194.509741][ T8065] team0: Port device team_slave_0 added [ 194.517386][ T8065] team0: Port device team_slave_1 added [ 207.619172][ T8065] device hsr_slave_0 entered promiscuous mode [ 209.714573][ T8065] device hsr_slave_1 entered promiscuous mode [ 214.704423][ T8065] debugfs: Directory 'hsr0' with parent '/' already present! [ 214.722203][ T8065] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.729162][ T8065] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.736593][ T8065] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.743812][ T8065] bridge0: port 1(bridge_slave_0) entered forwarding state [ 214.777051][ T8065] 8021q: adding VLAN 0 to HW filter on device bond0 [ 214.791974][ T8065] 8021q: adding VLAN 0 to HW filter on device team0 [ 214.820806][ T8065] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 214.838863][ T8065] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 215.014561][ T1204] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 215.021843][ T1204] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 217.274859][ T1204] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 217.285154][ T1204] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 217.293764][ T1204] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 217.303160][ T1204] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 217.311052][ T1204] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 217.320245][ T1204] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 217.328868][ T1204] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 217.336887][ T1204] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 217.345173][ T1204] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 217.945613][ T8077] hfs: can't find a HFS filesystem on dev loop1 04:31:53 executing program 1: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x1f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$hfs(&(0x7f0000000300)='hfs\x00', &(0x7f0000000340)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)={[{@iocharset={'iocharset', 0x3d, 'macroman'}}]}) [ 227.170926][ T8083] hfs: can't find a HFS filesystem on dev loop1 [ 344.144353][ T1114] INFO: task kworker/2:2:3109 blocked for more than 143 seconds. [ 344.151891][ T1114] Not tainted 5.4.0-syzkaller #0 [ 344.157977][ T1114] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 344.167594][ T1114] kworker/2:2 D26888 3109 2 0x80004000 [ 344.174064][ T1114] Workqueue: events nsim_dev_trap_report_work [ 344.179936][ T1114] Call Trace: [ 344.183231][ T1114] __schedule+0x8e1/0x1f30 [ 344.187630][ T1114] ? __sched_text_start+0x8/0x8 [ 344.192370][ T1114] ? _raw_spin_unlock_irq+0x59/0x80 [ 344.197695][ T1114] schedule+0xdc/0x2b0 [ 344.201703][ T1114] schedule_preempt_disabled+0x13/0x20 [ 344.207028][ T1114] __mutex_lock+0x7ab/0x13c0 [ 344.211535][ T1114] ? nsim_dev_trap_report_work+0x61/0xaf0 [ 344.217233][ T1114] ? mutex_trylock+0x2f0/0x2f0 [ 344.221825][ T1114] ? __lock_acquire+0x16f2/0x4a00 [ 344.226857][ T1114] mutex_lock_nested+0x16/0x20 [ 344.231808][ T1114] ? mutex_lock_nested+0x16/0x20 [ 344.237109][ T1114] nsim_dev_trap_report_work+0x61/0xaf0 [ 344.242830][ T1114] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 344.248546][ T1114] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 344.254751][ T1114] ? trace_hardirqs_on+0x67/0x240 [ 344.259424][ T1114] process_one_work+0x9af/0x1740 [ 344.264254][ T1114] ? pwq_dec_nr_in_flight+0x320/0x320 [ 344.269549][ T1114] ? lock_acquire+0x190/0x410 [ 344.274304][ T1114] worker_thread+0x98/0xe40 [ 344.278770][ T1114] ? trace_hardirqs_on+0x67/0x240 [ 344.283811][ T1114] kthread+0x361/0x430 [ 344.287905][ T1114] ? process_one_work+0x1740/0x1740 [ 344.293176][ T1114] ? kthread_mod_delayed_work+0x1f0/0x1f0 [ 344.298736][ T1114] ret_from_fork+0x24/0x30 [ 344.303085][ T1114] [ 344.303085][ T1114] Showing all locks held in the system: [ 344.310861][ T1114] 1 lock held by khungtaskd/1114: [ 344.315883][ T1114] #0: ffffffff895a4080 (rcu_read_lock){....}, at: debug_show_all_locks+0x5f/0x279 [ 344.325060][ T1114] 3 locks held by kworker/2:2/3109: [ 344.330331][ T1114] #0: ffff88802cc27d28 ((wq_completion)events){+.+.}, at: process_one_work+0x88b/0x1740 [ 344.340324][ T1114] #1: ffff88802574fdc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}, at: process_one_work+0x8c1/0x1740 [ 344.353196][ T1114] #2: ffff88802a645ae0 (&nsim_dev->port_list_lock){+.+.}, at: nsim_dev_trap_report_work+0x61/0xaf0 [ 344.363436][ T1114] 1 lock held by rsyslogd/7851: [ 344.368011][ T1114] #0: ffff88800e63a0e0 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xee/0x110 [ 344.376765][ T1114] 2 locks held by getty/7973: [ 344.381399][ T1114] #0: ffff88801e5b8090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 344.390586][ T1114] #1: ffffc900040022e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 344.399748][ T1114] 2 locks held by getty/7974: [ 344.404266][ T1114] #0: ffff88802687f090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 344.412734][ T1114] #1: ffffc9000400a2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 344.422017][ T1114] 2 locks held by getty/7975: [ 344.426652][ T1114] #0: ffff8880224fd090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 344.435278][ T1114] #1: ffffc9000401a2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 344.444570][ T1114] 2 locks held by getty/7976: [ 344.448928][ T1114] #0: ffff888025280090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 344.457537][ T1114] #1: ffffc900040222e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 344.466524][ T1114] 2 locks held by getty/7977: [ 344.471205][ T1114] #0: ffff888025a50090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 344.480196][ T1114] #1: ffffc9000401e2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 344.489056][ T1114] 2 locks held by getty/7978: [ 344.493517][ T1114] #0: ffff88802662a090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 344.502006][ T1114] #1: ffffc900040162e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 344.511232][ T1114] 2 locks held by getty/7979: [ 344.516066][ T1114] #0: ffff88801e6a0090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 344.524750][ T1114] #1: ffffc900026f22e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 344.533806][ T1114] 7 locks held by kworker/u16:3/8037: [ 344.538923][ T1114] #0: ffff88802c7e4d28 ((wq_completion)netns){+.+.}, at: process_one_work+0x88b/0x1740 [ 344.548221][ T1114] #1: ffff88806ce4fdc0 (net_cleanup_work){+.+.}, at: process_one_work+0x8c1/0x1740 [ 344.557499][ T1114] #2: ffffffff8a087e08 (pernet_ops_rwsem){++++}, at: cleanup_net+0xae/0xaf0 [ 344.566126][ T1114] #3: ffffffff8a0b12e0 (devlink_mutex){+.+.}, at: devlink_pernet_pre_exit+0x21/0x1a0 [ 344.575715][ T1114] #4: ffff88802a645ae0 (&nsim_dev->port_list_lock){+.+.}, at: nsim_dev_port_del_all+0x2d/0xe0 [ 344.586178][ T1114] #5: ffffffff8a094100 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 [ 344.594447][ T1114] #6: ffffffff895a7e38 (rcu_state.exp_mutex){+.+.}, at: synchronize_rcu_expedited+0x4d6/0x5f0 [ 344.605000][ T1114] 3 locks held by syz-executor.0/8040: [ 344.610186][ T1114] 2 locks held by kworker/2:3/8067: [ 344.615384][ T1114] #0: ffff88802cc38928 ((wq_completion)rcu_gp){+.+.}, at: process_one_work+0x88b/0x1740 [ 344.624739][ T1114] #1: ffff88806d33fdc0 ((work_completion)(&rew.rew_work)){+.+.}, at: process_one_work+0x8c1/0x1740 [ 344.635220][ T1114] [ 344.637421][ T1114] ============================================= [ 344.637421][ T1114] [ 344.645440][ T1114] NMI backtrace for cpu 0 [ 344.649505][ T1114] CPU: 0 PID: 1114 Comm: khungtaskd Not tainted 5.4.0-syzkaller #0 [ 344.655392][ T1114] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 344.655392][ T1114] Call Trace: [ 344.655392][ T1114] dump_stack+0x197/0x210 [ 344.655392][ T1114] nmi_cpu_backtrace.cold+0x70/0xb2 [ 344.655392][ T1114] ? vprintk_func+0x86/0x189 [ 344.655392][ T1114] ? lapic_can_unplug_cpu.cold+0x3a/0x3a [ 344.655392][ T1114] nmi_trigger_cpumask_backtrace+0x23b/0x28b [ 344.655392][ T1114] arch_trigger_cpumask_backtrace+0x14/0x20 [ 344.655392][ T1114] watchdog+0xb11/0x10c0 [ 344.655392][ T1114] kthread+0x361/0x430 [ 344.655392][ T1114] ? reset_hung_task_detector+0x30/0x30 [ 344.655392][ T1114] ? kthread_mod_delayed_work+0x1f0/0x1f0 [ 344.655392][ T1114] ret_from_fork+0x24/0x30 [ 344.730425][ T1114] Sending NMI from CPU 0 to CPUs 1-3: [ 344.736417][ C1] NMI backtrace for cpu 1 skipped: idling at native_safe_halt+0xe/0x10 [ 344.736430][ C2] NMI backtrace for cpu 2 skipped: idling at native_safe_halt+0xe/0x10 [ 344.737136][ C3] NMI backtrace for cpu 3 [ 344.737140][ C3] CPU: 3 PID: 8040 Comm: syz-executor.0 Not tainted 5.4.0-syzkaller #0 [ 344.737146][ C3] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 344.737149][ C3] RIP: 0010:neigh_resolve_output+0x266/0x990 [ 344.737157][ C3] Code: 45 97 7c 08 84 c0 0f 85 4d 05 00 00 48 b9 00 00 00 00 00 fc ff df 48 8b 45 a8 45 0f b7 a7 b4 00 00 00 48 c1 e8 03 80 3c 08 00 <0f> 85 37 06 00 00 48 b9 00 00 00 00 00 fc ff df 48 8b 45 a0 4d 03 [ 344.737159][ C3] RSP: 0018:ffff88802d509738 EFLAGS: 00000246 [ 344.737165][ C3] RAX: 1ffff11004f4ed80 RBX: ffff8880225f8800 RCX: dffffc0000000000 [ 344.737169][ C3] RDX: 0000000000000100 RSI: ffffffff860f3934 RDI: dffffc0000000000 [ 344.737172][ C3] RBP: ffff88802d5097b0 R08: 1ffffffff15d29b3 R09: fffffbfff15d29b4 [ 344.737176][ C3] R10: fffffbfff15d29b3 R11: ffffffff8ae94d9f R12: 0000000000000010 [ 344.737179][ C3] R13: ffff8880225f8828 R14: ffffffff88b5e440 R15: ffff888027a76b40 [ 344.737183][ C3] FS: 00007ff8557fa700(0000) GS:ffff88802d500000(0000) knlGS:0000000000000000 [ 344.737186][ C3] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 344.737190][ C3] CR2: 00000000006fb194 CR3: 000000006c81e000 CR4: 00000000003406e0 [ 344.737193][ C3] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 344.737197][ C3] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 344.737199][ C3] Call Trace: [ 344.737200][ C3] [ 344.737203][ C3] ip6_finish_output2+0x109a/0x25c0 [ 344.737205][ C3] ? ip6_mtu+0x2e6/0x450 [ 344.737207][ C3] ? ip6_frag_next+0xb20/0xb20 [ 344.737210][ C3] ? lock_downgrade+0x920/0x920 [ 344.737212][ C3] ? rcu_read_lock_held+0x9c/0xb0 [ 344.737215][ C3] ? __kasan_check_read+0x11/0x20 [ 344.737217][ C3] __ip6_finish_output+0x444/0xaa0 [ 344.737220][ C3] ? __ip6_finish_output+0x444/0xaa0 [ 344.737222][ C3] ip6_finish_output+0x38/0x1f0 [ 344.737224][ C3] ip6_output+0x25e/0x880 [ 344.737227][ C3] ? ip6_finish_output+0x1f0/0x1f0 [ 344.737230][ C3] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 344.737232][ C3] ? __ip6_finish_output+0xaa0/0xaa0 [ 344.737235][ C3] ? rcu_read_lock_held_common+0x130/0x130 [ 344.737237][ C3] ndisc_send_skb+0xf1f/0x1490 [ 344.737240][ C3] ? nf_hook.constprop.0+0x560/0x560 [ 344.737242][ C3] ? memcpy+0x46/0x50 [ 344.737245][ C3] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 344.737247][ C3] ndisc_send_rs+0x134/0x720 [ 344.737250][ C3] addrconf_rs_timer+0x30f/0x6e0 [ 344.737252][ C3] ? ipv6_get_lladdr+0x490/0x490 [ 344.737255][ C3] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 344.737257][ C3] call_timer_fn+0x1ac/0x780 [ 344.737260][ C3] ? ipv6_get_lladdr+0x490/0x490 [ 344.737262][ C3] ? msleep_interruptible+0x150/0x150 [ 344.737265][ C3] ? run_timer_softirq+0x6b1/0x1790 [ 344.737267][ C3] ? trace_hardirqs_on+0x67/0x240 [ 344.737270][ C3] ? ipv6_get_lladdr+0x490/0x490 [ 344.737272][ C3] ? ipv6_get_lladdr+0x490/0x490 [ 344.737275][ C3] run_timer_softirq+0x6c3/0x1790 [ 344.737277][ C3] ? add_timer+0x930/0x930 [ 344.737280][ C3] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 344.737282][ C3] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 344.737285][ C3] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 344.737287][ C3] __do_softirq+0x262/0x98c [ 344.737290][ C3] ? sched_clock_cpu+0x14e/0x1b0 [ 344.737292][ C3] irq_exit+0x19b/0x1e0 [ 344.737295][ C3] smp_apic_timer_interrupt+0x1a3/0x610 [ 344.737297][ C3] apic_timer_interrupt+0xf/0x20 [ 344.737299][ C3] [ 344.737302][ C3] RIP: 0010:_raw_spin_unlock_irq+0x4f/0x80 [ 344.737310][ C3] Code: c0 68 34 53 89 48 ba 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 75 33 48 83 3d 12 2a 99 01 00 74 20 fb 66 0f 1f 44 00 00 01 00 00 00 e8 e7 6b 96 f9 65 8b 05 18 14 48 78 85 c0 74 06 41 [ 344.737312][ C3] RSP: 0018:ffff88806c90fb20 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 [ 344.737318][ C3] RAX: 1ffffffff12a668d RBX: ffff88806c900040 RCX: 0000000000000000 [ 344.737322][ C3] RDX: dffffc0000000000 RSI: 0000000000000006 RDI: ffff88806c9008d4 [ 344.737326][ C3] RBP: ffff88806c90fb28 R08: ffff88806c900040 R09: 0000000000000000 [ 344.737331][ C3] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88802d537380 [ 344.737335][ C3] R13: ffff88802c44c200 R14: ffff8880293244c0 R15: 0000000000000402 [ 344.737337][ C3] finish_task_switch+0x147/0x750 [ 344.737340][ C3] ? finish_task_switch+0x119/0x750 [ 344.737342][ C3] __schedule+0x8e9/0x1f30 [ 344.737344][ C3] ? __sched_text_start+0x8/0x8 [ 344.737347][ C3] ? preempt_schedule_irq+0x8d/0x160 [ 344.737349][ C3] ? lockdep_hardirqs_on+0x421/0x5e0 [ 344.737352][ C3] ? trace_hardirqs_on+0x67/0x240 [ 344.737354][ C3] preempt_schedule_irq+0xb5/0x160 [ 344.737356][ C3] retint_kernel+0x1b/0x2b [ 344.737359][ C3] RIP: 0010:__do_sys_perf_event_open+0x1eff/0x2c70 [ 344.737367][ C3] Code: 9d a8 fe ff ff 31 ff 89 de e8 bd 2f e6 ff 85 db 0f 85 78 07 00 00 e8 30 2e e6 ff 8b 9d b4 fe ff ff 48 8b b5 78 fe ff ff 89 df <4c> 63 f3 e8 39 c8 35 00 e9 d0 e1 ff ff 48 89 c3 48 89 85 80 fe ff [ 344.737370][ C3] RSP: 0018:ffff88806c90fd40 EFLAGS: 00010246 ORIG_RAX: ffffffffffffff13 [ 344.737376][ C3] RAX: 0000000000040000 RBX: 0000000000000004 RCX: ffffc9000409c000 [ 344.737379][ C3] RDX: 0000000000040000 RSI: ffff888020208300 RDI: 0000000000000004 [ 344.737383][ C3] RBP: ffff88806c90fed8 R08: ffff88806c900040 R09: ffffed100d920242 [ 344.737386][ C3] R10: ffffed100d920241 R11: ffff88806c90120f R12: ffff8880292fa2e0 [ 344.737390][ C3] R13: ffff88806c900040 R14: ffff88806c901290 R15: 1ffff1100d921fb6 [ 344.737392][ C3] ? perf_event_set_output+0x4e0/0x4e0 [ 344.737395][ C3] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 344.737398][ C3] ? put_timespec64+0xda/0x140 [ 344.737400][ C3] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 344.737403][ C3] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 344.737405][ C3] ? do_syscall_64+0x26/0x790 [ 344.737408][ C3] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 344.737410][ C3] ? do_syscall_64+0x26/0x790 [ 344.737413][ C3] __x64_sys_perf_event_open+0xbe/0x150 [ 344.737415][ C3] do_syscall_64+0xfa/0x790 [ 344.737418][ C3] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 344.737420][ C3] RIP: 0033:0x45a759 [ 344.737428][ C3] Code: bd b1 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 8b b1 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 344.737430][ C3] RSP: 002b:00007ff8557f9c88 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 344.737436][ C3] RAX: ffffffffffffffda RBX: 000000000071bf00 RCX: 000000000045a759 [ 344.737440][ C3] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 000000002001d000 [ 344.737443][ C3] RBP: 0000000000000005 R08: 0000000000000000 R09: 0000000000000000 [ 344.737447][ C3] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007ff8557fa6d4 [ 344.737450][ C3] R13: 00000000004aec2b R14: 00000000006f1ca8 R15: 00000000ffffffff [ 344.737621][ T1114] Kernel panic - not syncing: hung_task: blocked tasks [ 344.746166][ T1114] CPU: 0 PID: 1114 Comm: khungtaskd Not tainted 5.4.0-syzkaller #0 [ 344.746166][ T1114] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 344.746166][ T1114] Call Trace: [ 344.746166][ T1114] dump_stack+0x197/0x210 [ 344.746166][ T1114] panic+0x2e3/0x75c [ 344.746166][ T1114] ? add_taint.cold+0x16/0x16 [ 344.746166][ T1114] ? lapic_can_unplug_cpu.cold+0x3a/0x3a [ 344.746166][ T1114] ? ___preempt_schedule+0x16/0x18 [ 344.746166][ T1114] ? nmi_trigger_cpumask_backtrace+0x21b/0x28b [ 344.746166][ T1114] ? nmi_trigger_cpumask_backtrace+0x24c/0x28b [ 344.746166][ T1114] ? nmi_trigger_cpumask_backtrace+0x256/0x28b [ 344.746166][ T1114] ? nmi_trigger_cpumask_backtrace+0x21b/0x28b [ 344.746166][ T1114] watchdog+0xb22/0x10c0 [ 344.746166][ T1114] kthread+0x361/0x430 [ 344.746166][ T1114] ? reset_hung_task_detector+0x30/0x30 [ 344.746166][ T1114] ? kthread_mod_delayed_work+0x1f0/0x1f0 [ 344.746166][ T1114] ret_from_fork+0x24/0x30 [ 344.746166][ T1114] Kernel Offset: disabled [ 344.746166][ T1114] Rebooting in 86400 seconds..