[ 111.016874][ T48] audit: type=1400 audit(1609116188.467:41): avc: denied { map } for pid=9669 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '[localhost]:18490' (ECDSA) to the list of known hosts. [ 115.145702][ T48] audit: type=1400 audit(1609116192.597:42): avc: denied { map } for pid=9683 comm="syz-fuzzer" path="/syz-fuzzer" dev="sda1" ino=16526 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 2020/12/28 00:43:12 fuzzer started 2020/12/28 00:43:13 dialing manager at 10.0.2.10:42733 [ 115.913336][ T48] audit: type=1400 audit(1609116193.357:43): avc: denied { integrity } for pid=9700 comm="syz-executor" lockdown_reason="debugfs access" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1 2020/12/28 00:43:13 syscalls: 3496 2020/12/28 00:43:13 code coverage: enabled 2020/12/28 00:43:13 comparison tracing: enabled 2020/12/28 00:43:13 extra coverage: enabled 2020/12/28 00:43:13 setuid sandbox: enabled 2020/12/28 00:43:13 namespace sandbox: enabled 2020/12/28 00:43:13 Android sandbox: /sys/fs/selinux/policy does not exist 2020/12/28 00:43:13 fault injection: enabled 2020/12/28 00:43:13 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/12/28 00:43:13 net packet injection: enabled 2020/12/28 00:43:13 net device setup: enabled 2020/12/28 00:43:13 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/12/28 00:43:13 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/12/28 00:43:13 USB emulation: enabled 2020/12/28 00:43:13 hci packet injection: enabled 2020/12/28 00:43:13 wifi device emulation: enabled 00:44:35 executing program 0: bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x1d, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x78) [ 198.552484][ T48] audit: type=1400 audit(1609116275.997:44): avc: denied { map } for pid=9703 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=23898 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 00:44:36 executing program 1: syz_emit_ethernet(0x1e, &(0x7f0000000000)={@broadcast, @local, @val, {@mpls_mc={0x8848, {[], @llc={@snap={0x0, 0x0, "dc", "0100"}}}}}}, 0x0) 00:44:36 executing program 2: r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video36\x00', 0x2, 0x0) ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000140)={0x0, 0x3, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "ecdf5509"}}) 00:44:36 executing program 3: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet6_buf(r0, 0x29, 0x8, 0x0, 0x0) [ 199.921719][ T9704] IPVS: ftp: loaded support on port[0] = 21 [ 200.020039][ T9706] IPVS: ftp: loaded support on port[0] = 21 [ 200.078962][ T9704] chnl_net:caif_netlink_parms(): no params data found [ 200.196473][ T9704] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.210964][ T9704] bridge0: port 1(bridge_slave_0) entered disabled state [ 200.230612][ T9704] device bridge_slave_0 entered promiscuous mode [ 200.270772][ T9704] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.288034][ T9704] bridge0: port 2(bridge_slave_1) entered disabled state [ 200.302466][ T9704] device bridge_slave_1 entered promiscuous mode [ 200.334259][ T9708] IPVS: ftp: loaded support on port[0] = 21 [ 200.336350][ T9704] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 200.366207][ T9704] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 200.399543][ T9706] chnl_net:caif_netlink_parms(): no params data found [ 200.441142][ T9704] team0: Port device team_slave_0 added [ 200.453009][ T9704] team0: Port device team_slave_1 added [ 200.499578][ T9704] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 200.509026][ T9704] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 200.544999][ T9704] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 200.584871][ T9704] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 200.594000][ T9704] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 200.633833][ T9704] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 200.675898][ T9710] IPVS: ftp: loaded support on port[0] = 21 [ 200.713887][ T9704] device hsr_slave_0 entered promiscuous mode [ 200.723262][ T9704] device hsr_slave_1 entered promiscuous mode [ 200.734148][ T9706] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.742970][ T9706] bridge0: port 1(bridge_slave_0) entered disabled state [ 200.753101][ T9706] device bridge_slave_0 entered promiscuous mode [ 200.764241][ T9706] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.771962][ T9706] bridge0: port 2(bridge_slave_1) entered disabled state [ 200.781156][ T9706] device bridge_slave_1 entered promiscuous mode [ 200.813103][ T9706] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 200.831822][ T9706] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 200.872099][ T9706] team0: Port device team_slave_0 added [ 200.893072][ T9706] team0: Port device team_slave_1 added [ 200.940909][ T9706] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 200.949040][ T9706] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 200.979019][ T9706] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 201.003294][ T9706] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 201.011380][ T9706] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 201.040829][ T9706] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 201.085495][ T9708] chnl_net:caif_netlink_parms(): no params data found [ 201.102364][ T9706] device hsr_slave_0 entered promiscuous mode [ 201.112080][ T9706] device hsr_slave_1 entered promiscuous mode [ 201.125749][ T9706] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 201.134694][ T9706] Cannot create hsr debugfs directory [ 201.256178][ T9708] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.265778][ T9708] bridge0: port 1(bridge_slave_0) entered disabled state [ 201.275338][ T9708] device bridge_slave_0 entered promiscuous mode [ 201.286850][ T9708] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.294858][ T9708] bridge0: port 2(bridge_slave_1) entered disabled state [ 201.303304][ T9708] device bridge_slave_1 entered promiscuous mode [ 201.383498][ T9708] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 201.407918][ T9708] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 201.427638][ T9710] chnl_net:caif_netlink_parms(): no params data found [ 201.491888][ T9708] team0: Port device team_slave_0 added [ 201.506033][ T48] audit: type=1400 audit(1609116278.957:45): avc: denied { create } for pid=9704 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 201.512938][ T9708] team0: Port device team_slave_1 added [ 201.534382][ T48] audit: type=1400 audit(1609116278.957:46): avc: denied { write } for pid=9704 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 201.534455][ T48] audit: type=1400 audit(1609116278.957:47): avc: denied { read } for pid=9704 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 201.619296][ T9704] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 201.633978][ T9704] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 201.672643][ T9704] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 201.689860][ T9710] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.697304][ T9710] bridge0: port 1(bridge_slave_0) entered disabled state [ 201.706242][ T9710] device bridge_slave_0 entered promiscuous mode [ 201.714998][ T9708] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 201.722597][ T9708] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 201.751441][ T9708] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 201.764965][ T9704] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 201.775281][ T9710] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.783376][ T9710] bridge0: port 2(bridge_slave_1) entered disabled state [ 201.792403][ T9710] device bridge_slave_1 entered promiscuous mode [ 201.806474][ T9708] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 201.814264][ T9708] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 201.842506][ T9708] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 201.879481][ T9710] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 201.898674][ T113] Bluetooth: hci0: command 0x0409 tx timeout [ 201.926291][ T9710] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 201.950624][ T9708] device hsr_slave_0 entered promiscuous mode [ 201.958616][ T9708] device hsr_slave_1 entered promiscuous mode [ 201.967279][ T9708] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 201.978490][ T9708] Cannot create hsr debugfs directory [ 201.996029][ T9706] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 202.016754][ T9710] team0: Port device team_slave_0 added [ 202.027529][ T9710] team0: Port device team_slave_1 added [ 202.034465][ T9706] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 202.047172][ T9706] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 202.058417][ T9706] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 202.063919][ T3073] Bluetooth: hci1: command 0x0409 tx timeout [ 202.093984][ T9710] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 202.101742][ T9710] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 202.132235][ T9710] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 202.156726][ T9710] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 202.164587][ T9710] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 202.195676][ T9710] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 202.257612][ T9710] device hsr_slave_0 entered promiscuous mode [ 202.265530][ T9710] device hsr_slave_1 entered promiscuous mode [ 202.274462][ T9710] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 202.283043][ T9710] Cannot create hsr debugfs directory [ 202.303796][ T3076] Bluetooth: hci2: command 0x0409 tx timeout [ 202.405487][ T9708] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 202.416861][ T9708] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 202.431015][ T9708] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 202.446234][ T9708] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 202.464299][ T9704] 8021q: adding VLAN 0 to HW filter on device bond0 [ 202.503444][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 202.512918][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 202.528980][ T9706] 8021q: adding VLAN 0 to HW filter on device bond0 [ 202.533750][ T3073] Bluetooth: hci3: command 0x0409 tx timeout [ 202.541666][ T9704] 8021q: adding VLAN 0 to HW filter on device team0 [ 202.556566][ T9710] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 202.567774][ T9710] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 202.579026][ T9710] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 202.600958][ T9706] 8021q: adding VLAN 0 to HW filter on device team0 [ 202.609160][ T9710] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 202.618820][ T113] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 202.629824][ T113] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 202.642306][ T113] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.651476][ T113] bridge0: port 1(bridge_slave_0) entered forwarding state [ 202.663363][ T113] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 202.675450][ T113] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 202.691093][ T113] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 202.725942][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 202.736258][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 202.748034][ T28] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.756632][ T28] bridge0: port 2(bridge_slave_1) entered forwarding state [ 202.765767][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 202.776316][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 202.786085][ T28] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.793966][ T28] bridge0: port 1(bridge_slave_0) entered forwarding state [ 202.805861][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 202.816598][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 202.836757][ T3073] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 202.848723][ T3073] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 202.860649][ T3073] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.870339][ T3073] bridge0: port 2(bridge_slave_1) entered forwarding state [ 202.881420][ T3073] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 202.905587][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 202.919558][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 202.940903][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 202.953276][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 202.966115][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 202.978188][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 202.989991][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 203.000850][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 203.021818][ T9708] 8021q: adding VLAN 0 to HW filter on device bond0 [ 203.031814][ T113] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 203.043217][ T113] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 203.054163][ T113] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 203.064661][ T113] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 203.083434][ T9704] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 203.096348][ T9704] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 203.117890][ T3757] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 203.127717][ T3757] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 203.138507][ T3757] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 203.148547][ T3757] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 203.158526][ T3757] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 203.179985][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 203.190313][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 203.200631][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 203.211680][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 203.247414][ T3757] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 203.257453][ T3757] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 203.278441][ T9708] 8021q: adding VLAN 0 to HW filter on device team0 [ 203.300399][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 203.309717][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 203.320689][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 203.332654][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 203.345082][ T3076] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.354560][ T3076] bridge0: port 1(bridge_slave_0) entered forwarding state [ 203.368105][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 203.386624][ T9704] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 203.400918][ T3073] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 203.413944][ T3073] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 203.426641][ T3073] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.437095][ T3073] bridge0: port 2(bridge_slave_1) entered forwarding state [ 203.452077][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 203.463263][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 203.482769][ T113] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 203.494652][ T113] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 203.514680][ T9710] 8021q: adding VLAN 0 to HW filter on device bond0 [ 203.529083][ T9706] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 203.546185][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 203.569345][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 203.591471][ T9710] 8021q: adding VLAN 0 to HW filter on device team0 [ 203.603319][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 203.615537][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 203.625054][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 203.635132][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 203.647942][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 203.668102][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 203.678285][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 203.690244][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 203.701001][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 203.712109][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 203.724129][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 203.734992][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.744032][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 203.752798][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 203.772302][ T9708] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 203.785979][ T9708] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 203.805543][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 203.815301][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 203.827322][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 203.837582][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 203.848516][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 203.860216][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 203.870563][ T28] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.880135][ T28] bridge0: port 2(bridge_slave_1) entered forwarding state [ 203.897698][ T9704] device veth0_vlan entered promiscuous mode [ 203.916897][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 203.928614][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 203.939538][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 203.964225][ T9708] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 203.972142][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 203.974093][ T3073] Bluetooth: hci0: command 0x041b tx timeout [ 203.981784][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 203.998107][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 204.007742][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 204.016781][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 204.026533][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 204.036731][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 204.046624][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 204.061021][ T9704] device veth1_vlan entered promiscuous mode [ 204.069163][ T9706] device veth0_vlan entered promiscuous mode [ 204.084868][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 204.095451][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 204.106862][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 204.117041][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 204.130905][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 204.141652][ T3073] Bluetooth: hci1: command 0x041b tx timeout [ 204.157314][ T9706] device veth1_vlan entered promiscuous mode [ 204.178400][ T113] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 204.189015][ T113] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 204.198629][ T113] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 204.209801][ T113] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 204.220876][ T113] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 204.233280][ T113] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 204.246607][ T113] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 204.265111][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 204.274762][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 204.290367][ T9704] device veth0_macvtap entered promiscuous mode [ 204.311008][ T9710] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 204.324603][ T9710] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 204.337212][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 204.346926][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 204.363964][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 204.374139][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 204.383665][ T35] Bluetooth: hci2: command 0x041b tx timeout [ 204.386215][ T9704] device veth1_macvtap entered promiscuous mode [ 204.430586][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 204.442637][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 204.454169][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 204.465221][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 204.480630][ T9706] device veth0_macvtap entered promiscuous mode [ 204.493220][ T9708] device veth0_vlan entered promiscuous mode [ 204.503466][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 204.512948][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 204.522188][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 204.531880][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 204.541385][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 204.553267][ T9706] device veth1_macvtap entered promiscuous mode [ 204.567959][ T9708] device veth1_vlan entered promiscuous mode [ 204.580558][ T9704] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 204.594997][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 204.604439][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 204.613338][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 204.623775][ T35] Bluetooth: hci3: command 0x041b tx timeout [ 204.624335][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 204.644839][ T9704] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 204.654748][ T9710] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 204.668013][ T3757] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 204.677829][ T3757] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 204.688587][ T3757] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 204.702554][ T9704] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.713298][ T9704] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.724033][ T9704] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.733934][ T9704] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.758430][ T9706] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 204.770750][ T9706] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.783491][ T9706] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 204.807644][ T3073] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 204.817878][ T3073] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 204.833263][ T9706] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 204.846632][ T9706] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.861059][ T9706] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 204.881580][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 204.891513][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 204.907913][ T3757] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 204.918596][ T3757] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 204.929342][ T3757] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 204.939087][ T3757] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 204.950065][ T9706] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.960300][ T9706] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.970231][ T9706] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.980150][ T9706] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.999809][ T9708] device veth0_macvtap entered promiscuous mode [ 205.026507][ T9708] device veth1_macvtap entered promiscuous mode [ 205.066630][ T2960] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 205.076057][ T2960] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 205.084006][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 205.093309][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 205.102213][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 205.111864][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 205.121477][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 205.131096][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 205.140018][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 205.152052][ T9710] device veth0_vlan entered promiscuous mode [ 205.168337][ T9708] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 205.181100][ T9708] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.191979][ T9708] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 205.203187][ T9708] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.215781][ T9708] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 205.243471][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 205.253410][ T2969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 205.266799][ T9727] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 205.267597][ T9708] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 205.276399][ T9727] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 205.288497][ T9708] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.308219][ T9708] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 205.321096][ T9708] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.334856][ T9708] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 205.356910][ T9731] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 205.365825][ T9731] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 205.375422][ T9731] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 205.388922][ T9708] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.398751][ T9708] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.408372][ T9708] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.419382][ T9708] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.434109][ T48] audit: type=1400 audit(1609116282.877:48): avc: denied { associate } for pid=9704 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 205.475676][ T9710] device veth1_vlan entered promiscuous mode [ 205.486778][ T2960] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 205.497389][ T2960] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 205.512830][ T9704] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 205.525202][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 205.562461][ T9738] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready 00:44:43 executing program 0: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f00000000c0)={0x400, 0x300}) [ 205.576140][ T48] audit: type=1400 audit(1609116283.017:49): avc: denied { prog_load } for pid=9740 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 205.581450][ T9738] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 205.612310][ T48] audit: type=1400 audit(1609116283.027:50): avc: denied { bpf } for pid=9740 comm="syz-executor.0" capability=39 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 [ 205.624934][ T9710] device veth0_macvtap entered promiscuous mode [ 205.630496][ T2960] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 205.630552][ T2960] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 205.655599][ T48] audit: type=1400 audit(1609116283.027:51): avc: denied { perfmon } for pid=9740 comm="syz-executor.0" capability=38 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 [ 205.685624][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 205.718246][ T2960] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 205.723916][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 205.733083][ T2960] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 205.742278][ T9739] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 205.774441][ T9739] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 205.774869][ T9739] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready 00:44:43 executing program 0: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/loop-control\x00', 0x1a42, 0x0) [ 205.775267][ T9739] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 205.778600][ T9710] device veth1_macvtap entered promiscuous mode [ 205.799103][ T9739] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 205.846623][ T9710] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 205.867287][ T9710] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.883844][ T9710] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 205.898180][ T9710] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.911638][ T9710] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 205.924061][ T9710] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.938271][ T9710] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 205.954482][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 205.967153][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready 00:44:43 executing program 0: syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100001ddf8308c007121562300000000109021b0001000000010904130001faf40d0009058203"], 0x0) 00:44:43 executing program 1: r0 = syz_open_dev$swradio(&(0x7f0000000240)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_S_FREQUENCY(r0, 0x402c5639, &(0x7f0000000280)={0x0, 0x4}) [ 205.985487][ T9710] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 206.000446][ T9710] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 206.015419][ T9710] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 206.029081][ T9710] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 206.041570][ T9710] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 206.054705][ T9710] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 206.064333][ T9738] Bluetooth: hci0: command 0x040f tx timeout [ 206.071930][ T9710] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 206.090899][ T113] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 206.102605][ T113] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 206.120869][ T9710] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 206.131905][ T9710] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 206.143141][ T9710] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 206.154551][ T9710] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 206.224421][ T9738] Bluetooth: hci1: command 0x040f tx timeout 00:44:43 executing program 2: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, {0x8, 0x1}, {0xac, 0x2}, {}, {}, 0x0, 0x100, 0x0, 0x0, 0x0, 0x1, 0x800, 0x0, 0x0, 0x7ff, 0x2, 0x100}) 00:44:43 executing program 1: r0 = syz_open_dev$swradio(&(0x7f0000000240)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_S_FREQUENCY(r0, 0x402c5639, &(0x7f0000000280)={0x0, 0x4}) [ 206.247218][ T9746] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.261794][ T9746] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 206.278687][ T9739] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 206.294243][ T9746] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 00:44:43 executing program 1: r0 = syz_open_dev$swradio(&(0x7f0000000240)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_S_FREQUENCY(r0, 0x402c5639, &(0x7f0000000280)={0x0, 0x4}) [ 206.306712][ T9746] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 206.307988][ T9739] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 00:44:43 executing program 1: r0 = syz_open_dev$swradio(&(0x7f0000000240)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_S_FREQUENCY(r0, 0x402c5639, &(0x7f0000000280)={0x0, 0x4}) 00:44:43 executing program 3: pselect6(0x0, 0x0, &(0x7f0000000040), 0x0, &(0x7f00000000c0)={0x0, 0x3938700}, &(0x7f0000000140)={&(0x7f0000000100)={[0x1]}, 0x8}) 00:44:43 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x4, 0x1}, 0x40) [ 206.435289][ T48] audit: type=1400 audit(1609116283.887:52): avc: denied { map_create } for pid=9778 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 206.469982][ T9739] Bluetooth: hci2: command 0x040f tx timeout [ 206.483896][ T2969] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 206.694039][ T9739] Bluetooth: hci3: command 0x040f tx timeout [ 206.763821][ T2969] usb 5-1: Using ep0 maxpacket: 8 [ 206.903807][ T2969] usb 5-1: config 0 has an invalid interface number: 19 but max is 0 [ 206.913444][ T2969] usb 5-1: config 0 has no interface number 0 [ 206.920820][ T2969] usb 5-1: config 0 interface 19 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 206.933462][ T2969] usb 5-1: config 0 interface 19 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 206.944891][ T2969] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.62 [ 206.956581][ T2969] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 206.974376][ T2969] usb 5-1: config 0 descriptor?? [ 207.024703][ T2969] iowarrior 5-1:0.19: IOWarrior product=0x1512, serial= interface=19 now attached to iowarrior0 [ 207.221418][ T2969] usb 5-1: USB disconnect, device number 2 [ 207.232922][ T2969] iowarrior 5-1:0.19: I/O-Warror #0 now disconnected [ 208.003756][ T9736] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 208.134140][ T9738] Bluetooth: hci0: command 0x0419 tx timeout [ 208.253875][ T9736] usb 5-1: Using ep0 maxpacket: 8 [ 208.293719][ T9738] Bluetooth: hci1: command 0x0419 tx timeout [ 208.374166][ T9736] usb 5-1: config 0 has an invalid interface number: 19 but max is 0 [ 208.385802][ T9736] usb 5-1: config 0 has no interface number 0 [ 208.395798][ T9736] usb 5-1: config 0 interface 19 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 208.412598][ T9736] usb 5-1: config 0 interface 19 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 208.426897][ T9736] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.62 [ 208.440332][ T9736] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 208.456923][ T9736] usb 5-1: config 0 descriptor?? [ 208.506802][ T9736] iowarrior 5-1:0.19: IOWarrior product=0x1512, serial= interface=19 now attached to iowarrior0 [ 208.544699][ T9738] Bluetooth: hci2: command 0x0419 tx timeout [ 208.705476][ T28] usb 5-1: USB disconnect, device number 3 00:44:46 executing program 0: syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100001ddf8308c007121562300000000109021b0001000000010904130001faf40d0009058203"], 0x0) 00:44:46 executing program 1: ioctl$VIDIOC_S_FREQUENCY(0xffffffffffffffff, 0x402c5639, &(0x7f0000000280)={0x0, 0x4}) 00:44:46 executing program 2: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f00000000c0)={0x400}) [ 208.718372][ T28] iowarrior 5-1:0.19: I/O-Warror #0 now disconnected 00:44:46 executing program 3: socketpair(0x3, 0x0, 0x0, &(0x7f0000000140)) 00:44:46 executing program 3: perf_event_open$cgroup(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41d04, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x8000}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 00:44:46 executing program 1: ioctl$VIDIOC_S_FREQUENCY(0xffffffffffffffff, 0x402c5639, &(0x7f0000000280)={0x0, 0x4}) 00:44:46 executing program 2: r0 = socket$can_bcm(0x1d, 0x2, 0x2) accept4(r0, 0x0, 0xffffffffffffffff, 0x0) [ 208.773870][ T9738] Bluetooth: hci3: command 0x0419 tx timeout 00:44:46 executing program 3: bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_lsm={0x1d, 0x1, &(0x7f0000000000)=@raw=[@func], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) [ 208.788861][ T48] audit: type=1400 audit(1609116286.237:53): avc: denied { open } for pid=9798 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 [ 208.827027][ T48] audit: type=1400 audit(1609116286.237:54): avc: denied { kernel } for pid=9798 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 [ 209.163641][ T28] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 209.433820][ T28] usb 5-1: Using ep0 maxpacket: 8 [ 209.574582][ T28] usb 5-1: config 0 has an invalid interface number: 19 but max is 0 [ 209.584316][ T28] usb 5-1: config 0 has no interface number 0 [ 209.593281][ T28] usb 5-1: config 0 interface 19 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 209.608306][ T28] usb 5-1: config 0 interface 19 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 209.621033][ T28] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.62 [ 209.634610][ T28] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 209.646137][ T28] usb 5-1: config 0 descriptor?? [ 209.687695][ T28] iowarrior 5-1:0.19: IOWarrior product=0x1512, serial= interface=19 now attached to iowarrior0 [ 209.888154][ T5] usb 5-1: USB disconnect, device number 4 [ 209.896837][ T5] iowarrior 5-1:0.19: I/O-Warror #0 now disconnected 00:44:47 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000b40)='/dev/ppp\x00', 0x0, 0x0) ioctl$PPPIOCCONNECT(r0, 0x4004743a, 0x0) 00:44:47 executing program 1: ioctl$VIDIOC_S_FREQUENCY(0xffffffffffffffff, 0x402c5639, &(0x7f0000000280)={0x0, 0x4}) 00:44:47 executing program 3: r0 = socket$l2tp6(0xa, 0x2, 0x73) getsockname$l2tp6(r0, 0x0, 0x0) 00:44:47 executing program 2: openat$fb1(0xffffffffffffff9c, 0x0, 0x400000, 0x0) 00:44:47 executing program 1: r0 = syz_open_dev$swradio(0x0, 0x1, 0x2) ioctl$VIDIOC_S_FREQUENCY(r0, 0x402c5639, &(0x7f0000000280)={0x0, 0x4}) 00:44:47 executing program 3: connect$l2tp6(0xffffffffffffffff, 0x0, 0x0) 00:44:47 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop-control\x00', 0x10000, 0x0) 00:44:47 executing program 0: openat$misdntimer(0xffffffffffffff9c, 0x0, 0x434080, 0x0) 00:44:47 executing program 1: r0 = syz_open_dev$swradio(0x0, 0x1, 0x2) ioctl$VIDIOC_S_FREQUENCY(r0, 0x402c5639, &(0x7f0000000280)={0x0, 0x4}) 00:44:47 executing program 0: getrlimit(0x0, &(0x7f00000000c0)) 00:44:47 executing program 3: r0 = socket$l2tp6(0xa, 0x2, 0x73) getsockname$l2tp6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private0}, &(0x7f0000000040)=0x20) 00:44:47 executing program 2: getgroups(0x1, &(0x7f0000003100)=[0xee00]) 00:44:47 executing program 1: r0 = syz_open_dev$swradio(0x0, 0x1, 0x2) ioctl$VIDIOC_S_FREQUENCY(r0, 0x402c5639, &(0x7f0000000280)={0x0, 0x4}) 00:44:48 executing program 0: syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0xdc940) 00:44:48 executing program 3: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000080)={0x578, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0xc}) 00:44:48 executing program 2: io_uring_setup(0x8, &(0x7f0000000140)) 00:44:48 executing program 1: syz_open_dev$swradio(&(0x7f0000000240)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_S_FREQUENCY(0xffffffffffffffff, 0x402c5639, &(0x7f0000000280)={0x0, 0x4}) 00:44:48 executing program 0: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 00:44:48 executing program 1: syz_open_dev$swradio(&(0x7f0000000240)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_S_FREQUENCY(0xffffffffffffffff, 0x402c5639, &(0x7f0000000280)={0x0, 0x4}) [ 210.654129][ T9861] ------------[ cut here ]------------ [ 210.658190][ T9704] [ 210.658195][ T9704] ============================= [ 210.658199][ T9704] WARNING: suspicious RCU usage [ 210.658202][ T9704] 5.10.0-syzkaller #0 Not tainted [ 210.658209][ T9704] ----------------------------- [ 210.658212][ T9704] kernel/sched/core.c:7877 Illegal context switch in RCU-bh read-side critical section! [ 210.658221][ T9704] [ 210.658221][ T9704] other info that might help us debug this: [ 210.658221][ T9704] [ 210.658241][ T9704] [ 210.658241][ T9704] rcu_scheduler_active = 2, debug_locks = 0 [ 210.658248][ T9704] 1 lock held by syz-executor.0/9704: [ 210.658255][ T9704] #0: ffff888013794458 (&xt[i].mutex){+.+.}-{3:3}, at: xt_find_table_lock+0x41/0x540 [ 210.658530][ T9704] [ 210.658530][ T9704] stack backtrace: [ 210.658949][ T9704] CPU: 0 PID: 9704 Comm: syz-executor.0 Not tainted 5.10.0-syzkaller #0 [ 210.658951][ T9861] WARNING: CPU: 3 PID: 9861 at include/linux/cpumask.h:137 try_to_wake_up+0xf72/0x13b0 [ 210.658962][ T9704] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 210.658970][ T9704] Call Trace: [ 210.658976][ T9704] dump_stack+0x107/0x163 [ 210.658974][ T9861] Modules linked in: [ 210.658989][ T9704] ___might_sleep+0x229/0x2c0 [ 210.659001][ T9861] [ 210.659004][ T9861] CPU: 3 PID: 9861 Comm: io_wq_manager Not tainted 5.10.0-syzkaller #0 [ 210.659016][ T9861] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 210.659024][ T9861] RIP: 0010:try_to_wake_up+0xf72/0x13b0 [ 210.659040][ T9861] Code: 80 3d c6 3d 8c 0b 00 0f 84 f1 00 00 00 e8 76 16 11 00 48 c7 c6 75 b7 4e 81 48 c7 c7 e0 37 36 8b e8 b3 d5 09 00 e9 43 f9 ff ff <0f> 0b e9 23 f4 ff ff 4c 89 ff 48 89 4c 24 08 e8 2a 30 ff ff 48 8b [ 210.659052][ T9861] RSP: 0018:ffffc90002d87d50 EFLAGS: 00010002 [ 210.659062][ T9861] RAX: dffffc0000000000 RBX: 1ffff920005b0faf RCX: ffff88806f220978 [ 210.659070][ T9861] RDX: 1ffff1100de4412e RSI: ffffffff83bb9d1b RDI: 0000000000000003 [ 210.659078][ T9861] RBP: ffff88806f2205c0 R08: 0000000000000040 R09: ffffffff8cef31cf [ 210.659086][ T9861] R10: ffffffff83bb9cd8 R11: 0000000000000000 R12: 0000000000000202 [ 210.659094][ T9861] R13: ffff88806f220e68 R14: 0000000000000008 R15: ffff88806f220970 [ 210.659010][ T9704] __might_fault+0x6e/0x180 [ 210.659108][ T9861] FS: 0000000000000000(0000) GS:ffff88802cd00000(0000) knlGS:0000000000000000 [ 210.659111][ T9704] xt_obj_to_user+0x31/0x110 [ 210.659193][ T9704] xt_target_to_user+0xa8/0x200 [ 210.659214][ T9861] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 210.659224][ T9861] CR2: 0000000001bb2d48 CR3: 000000007119e000 CR4: 0000000000350ee0 [ 210.659208][ T9704] ? _copy_to_user+0xdc/0x150 [ 210.659232][ T9861] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 210.659240][ T9861] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 210.659248][ T9861] Call Trace: [ 210.659252][ T9861] ? migrate_swap_stop+0x9f0/0x9f0 [ 210.659268][ T9861] ? rwlock_bug.part.0+0x90/0x90 [ 210.659283][ T9861] ? _raw_spin_unlock_irq+0x1f/0x40 [ 210.659298][ T9861] create_io_worker+0x590/0x8d0 [ 210.659312][ T9861] io_wq_manager+0x16b/0xb80 [ 210.659243][ T9704] do_arpt_get_ctl+0x733/0x8f0 [ 210.659326][ T9861] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 210.659331][ T9704] ? get_info+0x720/0x720 [ 210.659341][ T9861] ? lockdep_hardirqs_on+0x79/0x100 [ 210.659344][ T9704] ? __mutex_unlock_slowpath+0xe2/0x610 [ 210.659356][ T9861] ? io_wq_cpu_online+0x250/0x250 [ 210.659359][ T9704] ? find_held_lock+0x2d/0x110 [ 210.659369][ T9861] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 210.659373][ T9704] ? wait_for_completion_io+0x260/0x260 [ 210.659385][ T9861] ? __kthread_parkme+0x13f/0x1e0 [ 210.659398][ T9861] ? io_wq_cpu_online+0x250/0x250 [ 210.659411][ T9861] kthread+0x3b1/0x4a0 [ 210.659389][ T9704] ? nf_sockopt_find.constprop.0+0x22d/0x2a0 [ 210.659422][ T9861] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 210.659434][ T9704] nf_getsockopt+0x72/0xd0 [ 210.659435][ T9861] ret_from_fork+0x1f/0x30 [ 210.659447][ T9704] ip_getsockopt+0x164/0x1c0 [ 210.659488][ T9704] ? do_ip_getsockopt+0x18e0/0x18e0 [ 210.659500][ T9861] Kernel panic - not syncing: panic_on_warn set ... [ 210.659503][ T9704] ? fd_install+0x1e3/0x640 [ 210.659549][ T9704] ? lock_downgrade+0x6d0/0x6d0 [ 210.659563][ T9704] ? alloc_file+0x5a0/0x5a0 [ 210.659607][ T9704] tcp_getsockopt+0x86/0xd0 [ 210.659620][ T9704] ? sock_def_destruct+0x10/0x10 [ 210.659746][ T9704] __sys_getsockopt+0x219/0x4c0 [ 210.659759][ T9704] ? __ia32_sys_setsockopt+0x150/0x150 [ 210.659771][ T9704] ? __sys_socket+0x16d/0x200 [ 210.659800][ T9704] __x64_sys_getsockopt+0xba/0x150 [ 210.659812][ T9704] ? syscall_enter_from_user_mode+0x1d/0x50 [ 210.659828][ T9704] do_syscall_64+0x2d/0x70 [ 210.659840][ T9704] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 210.659857][ T9704] RIP: 0033:0x45ef5a [ 210.659878][ T9704] Code: b8 34 01 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd 9f fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 aa 9f fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 210.659897][ T9704] RSP: 002b:00007ffcf91ed728 EFLAGS: 00000212 ORIG_RAX: 0000000000000037 [ 210.659924][ T9704] RAX: ffffffffffffffda RBX: 00007ffcf91ed790 RCX: 000000000045ef5a [ 210.659933][ T9704] RDX: 0000000000000061 RSI: 0000000000000000 RDI: 0000000000000003 [ 210.659940][ T9704] RBP: 0000000000000003 R08: 00007ffcf91ed73c R09: 000000000000000a [ 210.659948][ T9704] R10: 00007ffcf91ed790 R11: 0000000000000212 R12: 00007ffcf91ed73c [ 210.659956][ T9704] R13: 0000000000000000 R14: 0000000000000032 R15: 000000000003354d [ 210.659968][ T9861] CPU: 3 PID: 9861 Comm: io_wq_manager Not tainted 5.10.0-syzkaller #0 [ 210.659982][ T9861] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 210.659994][ T9861] Call Trace: [ 210.659998][ T9861] dump_stack+0x107/0x163 [ 210.660010][ T9861] panic+0x306/0x73d [ 210.660046][ T9861] ? __warn_printk+0xf3/0xf3 [ 210.660062][ T9861] ? __warn.cold+0x1a/0x44 [ 210.660076][ T9861] ? try_to_wake_up+0xf72/0x13b0 [ 210.660091][ T9861] __warn.cold+0x35/0x44 [ 210.660105][ T9861] ? try_to_wake_up+0xf72/0x13b0 [ 210.660120][ T9861] report_bug+0x1bd/0x210 [ 210.660144][ T9861] handle_bug+0x3c/0x60 [ 210.660156][ T9861] exc_invalid_op+0x14/0x40 [ 210.660168][ T9861] asm_exc_invalid_op+0x12/0x20 [ 210.660183][ T9861] RIP: 0010:try_to_wake_up+0xf72/0x13b0 [ 210.660199][ T9861] Code: 80 3d c6 3d 8c 0b 00 0f 84 f1 00 00 00 e8 76 16 11 00 48 c7 c6 75 b7 4e 81 48 c7 c7 e0 37 36 8b e8 b3 d5 09 00 e9 43 f9 ff ff <0f> 0b e9 23 f4 ff ff 4c 89 ff 48 89 4c 24 08 e8 2a 30 ff ff 48 8b [ 210.660210][ T9861] RSP: 0018:ffffc90002d87d50 EFLAGS: 00010002 [ 210.660220][ T9861] RAX: dffffc0000000000 RBX: 1ffff920005b0faf RCX: ffff88806f220978 [ 210.660229][ T9861] RDX: 1ffff1100de4412e RSI: ffffffff83bb9d1b RDI: 0000000000000003 [ 210.660237][ T9861] RBP: ffff88806f2205c0 R08: 0000000000000040 R09: ffffffff8cef31cf [ 210.660245][ T9861] R10: ffffffff83bb9cd8 R11: 0000000000000000 R12: 0000000000000202 [ 210.660253][ T9861] R13: ffff88806f220e68 R14: 0000000000000008 R15: ffff88806f220970 [ 210.660262][ T9861] ? find_first_bit+0x48/0xb0 [ 210.660276][ T9861] ? find_first_bit+0x8b/0xb0 [ 210.660290][ T9861] ? migrate_swap_stop+0x9f0/0x9f0 [ 210.660305][ T9861] ? rwlock_bug.part.0+0x90/0x90 [ 210.660320][ T9861] ? _raw_spin_unlock_irq+0x1f/0x40 [ 210.660335][ T9861] create_io_worker+0x590/0x8d0 [ 210.660349][ T9861] io_wq_manager+0x16b/0xb80 [ 210.660362][ T9861] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 210.660387][ T9861] ? lockdep_hardirqs_on+0x79/0x100 [ 210.660401][ T9861] ? io_wq_cpu_online+0x250/0x250 [ 210.660414][ T9861] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 210.660430][ T9861] ? __kthread_parkme+0x13f/0x1e0 [ 210.660441][ T9861] ? io_wq_cpu_online+0x250/0x250 [ 210.660455][ T9861] kthread+0x3b1/0x4a0 [ 210.660466][ T9861] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 210.660479][ T9861] ret_from_fork+0x1f/0x30 [ 210.660524][ T9861] [ 210.660528][ T9861] ====================================================== [ 210.660533][ T9861] WARNING: possible circular locking dependency detected [ 210.660538][ T9861] 5.10.0-syzkaller #0 Not tainted [ 210.660549][ T9861] ------------------------------------------------------ [ 210.660554][ T9861] io_wq_manager/9861 is trying to acquire lock: [ 210.660558][ T9861] ffffffff8b3547f8 ((console_sem).lock){-...}-{2:2}, at: down_trylock+0xe/0x60 [ 210.660574][ T9861] [ 210.660577][ T9861] but task is already holding lock: [ 210.660584][ T9861] ffff88806f220e80 (&p->pi_lock){-.-.}-{2:2}, at: try_to_wake_up+0x98/0x13b0 [ 210.660600][ T9861] [ 210.660603][ T9861] which lock already depends on the new lock. [ 210.660606][ T9861] [ 210.660608][ T9861] [ 210.660611][ T9861] the existing dependency chain (in reverse order) is: [ 210.660615][ T9861] [ 210.660617][ T9861] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 210.660630][ T9861] _raw_spin_lock_irqsave+0x39/0x50 [ 210.660634][ T9861] try_to_wake_up+0x98/0x13b0 [ 210.660638][ T9861] up+0x75/0xb0 [ 210.660641][ T9861] __up_console_sem+0x4a/0x80 [ 210.660644][ T9861] console_unlock+0x591/0xbb0 [ 210.660648][ T9861] vprintk_emit+0x189/0x490 [ 210.660652][ T9861] vprintk_func+0x8d/0x1e0 [ 210.660655][ T9861] printk+0xba/0xed [ 210.660658][ T9861] kauditd_hold_skb.cold+0x41/0x50 [ 210.660662][ T9861] kauditd_send_queue+0x19d/0x210 [ 210.660666][ T9861] kauditd_thread+0x7f0/0xb80 [ 210.660670][ T9861] kthread+0x3b1/0x4a0 [ 210.660673][ T9861] ret_from_fork+0x1f/0x30 [ 210.660676][ T9861] [ 210.660678][ T9861] -> #0 ((console_sem).lock){-...}-{2:2}: [ 210.660692][ T9861] __lock_acquire+0x2ade/0x5500 [ 210.660709][ T9861] lock_acquire+0x29d/0x740 [ 210.660713][ T9861] _raw_spin_lock_irqsave+0x39/0x50 [ 210.660717][ T9861] down_trylock+0xe/0x60 [ 210.660720][ T9861] __down_trylock_console_sem+0x3e/0xd0 [ 210.660724][ T9861] vprintk_emit+0x137/0x490 [ 210.660728][ T9861] vprintk_func+0x8d/0x1e0 [ 210.660731][ T9861] printk+0xba/0xed [ 210.660735][ T9861] report_bug.cold+0x72/0xab [ 210.660738][ T9861] handle_bug+0x3c/0x60 [ 210.660742][ T9861] exc_invalid_op+0x14/0x40 [ 210.660745][ T9861] asm_exc_invalid_op+0x12/0x20 [ 210.660749][ T9861] try_to_wake_up+0xf72/0x13b0 [ 210.660753][ T9861] create_io_worker+0x590/0x8d0 [ 210.660757][ T9861] io_wq_manager+0x16b/0xb80 [ 210.660760][ T9861] kthread+0x3b1/0x4a0 [ 210.660763][ T9861] ret_from_fork+0x1f/0x30 [ 210.660766][ T9861] [ 210.660783][ T9861] other info that might help us debug this: [ 210.660787][ T9861] [ 210.660789][ T9861] Possible unsafe locking scenario: [ 210.660793][ T9861] [ 210.660795][ T9861] CPU0 CPU1 [ 210.660799][ T9861] ---- ---- [ 210.660802][ T9861] lock(&p->pi_lock); [ 210.660811][ T9861] lock((console_sem).lock); [ 210.660820][ T9861] lock(&p->pi_lock); [ 210.660829][ T9861] lock((console_sem).lock); [ 210.660836][ T9861] [ 210.660838][ T9861] *** DEADLOCK *** [ 210.660841][ T9861] [ 210.660843][ T9861] 1 lock held by io_wq_manager/9861: [ 210.660847][ T9861] #0: ffff88806f220e80 (&p->pi_lock){-.-.}-{2:2}, at: try_to_wake_up+0x98/0x13b0 [ 210.660864][ T9861] [ 210.660866][ T9861] stack backtrace: [ 210.660870][ T9861] CPU: 3 PID: 9861 Comm: io_wq_manager Not tainted 5.10.0-syzkaller #0 [ 210.660877][ T9861] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 210.660883][ T9861] Call Trace: [ 210.660885][ T9861] dump_stack+0x107/0x163 [ 210.660889][ T9861] check_noncircular+0x25f/0x2e0 [ 210.660892][ T9861] ? print_circular_bug+0x480/0x480 [ 210.660896][ T9861] ? enable_ptr_key_workfn+0x30/0x30 [ 210.660900][ T9861] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 210.660904][ T9861] ? format_decode+0x230/0xad0 [ 210.660907][ T9861] ? lockdep_lock+0xc6/0x200 [ 210.660911][ T9861] ? call_rcu_zapped+0xb0/0xb0 [ 210.660914][ T9861] __lock_acquire+0x2ade/0x5500 [ 210.660918][ T9861] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 210.660922][ T9861] lock_acquire+0x29d/0x740 [ 210.660925][ T9861] ? down_trylock+0xe/0x60 [ 210.660928][ T9861] ? lock_release+0x710/0x710 [ 210.660931][ T9861] ? lock_chain_count+0x20/0x20 [ 210.660935][ T9861] ? vprintk_func+0x8d/0x1e0 [ 210.660938][ T9861] _raw_spin_lock_irqsave+0x39/0x50 [ 210.660942][ T9861] ? down_trylock+0xe/0x60 [ 210.660945][ T9861] down_trylock+0xe/0x60 [ 210.660949][ T9861] ? vprintk_func+0x8d/0x1e0 [ 210.660952][ T9861] __down_trylock_console_sem+0x3e/0xd0 [ 210.660956][ T9861] vprintk_emit+0x137/0x490 [ 210.660959][ T9861] vprintk_func+0x8d/0x1e0 [ 210.660962][ T9861] printk+0xba/0xed [ 210.660965][ T9861] ? record_print_text.cold+0x16/0x16 [ 210.660969][ T9861] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 210.660973][ T9861] ? __lock_acquire+0x16b7/0x5500 [ 210.660976][ T9861] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 210.661004][ T9861] ? report_bug.cold+0x66/0xab [ 210.661008][ T9861] ? try_to_wake_up+0xf72/0x13b0 [ 210.661011][ T9861] report_bug.cold+0x72/0xab [ 210.661015][ T9861] handle_bug+0x3c/0x60 [ 210.661018][ T9861] exc_invalid_op+0x14/0x40 [ 210.661021][ T9861] asm_exc_invalid_op+0x12/0x20 [ 210.661025][ T9861] RIP: 0010:try_to_wake_up+0xf72/0x13b0 [ 210.661032][ T9861] Code: 80 3d c6 3d 8c 0b 00 0f 84 f1 00 00 00 e8 76 16 11 00 48 c7 c6 75 b7 4e 81 48 c7 c7 e0 37 36 8b e8 b3 d5 09 00 e9 43 f9 ff ff <0f> 0b e9 23 f4 ff ff 4c 89 ff 48 89 4c 24 08 e8 2a 30 ff ff 48 8b [ 210.661042][ T9861] RSP: 0018:ffffc90002d87d50 EFLAGS: 00010002 [ 210.661049][ T9861] RAX: dffffc0000000000 RBX: 1ffff920005b0faf RCX: ffff88806f220978 [ 210.661054][ T9861] RDX: 1ffff1100de4412e RSI: ffffffff83bb9d1b RDI: 0000000000000003 [ 210.661060][ T9861] RBP: ffff88806f2205c0 R08: 0000000000000040 R09: ffffffff8cef31cf [ 210.661065][ T9861] R10: ffffffff83bb9cd8 R11: 0000000000000000 R12: 0000000000000202 [ 210.661071][ T9861] R13: ffff88806f220e68 R14: 0000000000000008 R15: ffff88806f220970 [ 210.661075][ T9861] ? find_first_bit+0x48/0xb0 [ 210.661079][ T9861] ? find_first_bit+0x8b/0xb0 [ 210.661082][ T9861] ? migrate_swap_stop+0x9f0/0x9f0 [ 210.661086][ T9861] ? rwlock_bug.part.0+0x90/0x90 [ 210.661089][ T9861] ? _raw_spin_unlock_irq+0x1f/0x40 [ 210.661093][ T9861] create_io_worker+0x590/0x8d0 [ 210.661104][ T9861] io_wq_manager+0x16b/0xb80 [ 210.661108][ T9861] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 210.661112][ T9861] ? lockdep_hardirqs_on+0x79/0x100 [ 210.661115][ T9861] ? io_wq_cpu_online+0x250/0x250 [ 210.661119][ T9861] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 210.661123][ T9861] ? __kthread_parkme+0x13f/0x1e0 [ 210.661127][ T9861] ? io_wq_cpu_online+0x250/0x250 [ 210.661130][ T9861] kthread+0x3b1/0x4a0 [ 210.661134][ T9861] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 210.661137][ T9861] ret_from_fork+0x1f/0x30 [ 210.662282][ T9861] Kernel Offset: disabled [ 210.663570][ T9861] Rebooting in 86400 seconds.. VM DIAGNOSIS: 00:44:48 Registers: info registers vcpu 0 RAX=ae03000200000121 RBX=ffff88802ca19460 RCX=ffffffff8128e478 RDX=dffffc0000000000 RSI=0000000000000008 RDI=ffffffff8cef1998 RBP=0000000000000000 RSP=ffffc90000007f68 R8 =0000000000000000 R9 =ffffffff8cef199f R10=fffffbfff19de333 R11=0000000000000000 R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff8128e4b0 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000001ad3940 ffffffff 00c00000 GS =0000 ffff88802ca00000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000000000072f2d8 CR3=000000006399b000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=0000000000000000000000524f525245 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=ae03000200000121 RBX=ffff88802cb19460 RCX=ffffffff8128e478 RDX=dffffc0000000000 RSI=0000000000000008 RDI=ffffffff8cef1998 RBP=0000000000000001 RSP=ffffc900004e8f68 R8 =0000000000000000 R9 =ffffffff8cef199f R10=fffffbfff19de333 R11=0000000000000000 R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff8128e4b0 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f3837d787a0 ffffffff 00c00000 GS =0000 ffff88802cb00000 ffffffff 00c00000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe000003e000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000003c000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f3837d7f000 CR3=00000000124d8000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=0000000000372f6b636f6c622f766564 XMM01=ff000000000000ff00000000000000ff XMM02=00007f3837736e9800007f007379732f XMM03=000000000000ff000000000000000000 XMM04=2064657a696e676f6365726e75002f40 XMM05=614d6c65766172547c2a323932362a65 XMM06=392d305b646d7c2a5d392d305b2d6d64 XMM07=2d63707276633a3174633a554d45516e XMM08=ffffffffffffffffffffffffffffffff XMM09=00000020202020202020202020202000 XMM10=ffffffffffffffffffffffffffffffff XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 2 RAX=ae03000200000121 RBX=ffff88802cc19460 RCX=ffffffff8128e478 RDX=dffffc0000000000 RSI=0000000000000008 RDI=ffffffff8cef1998 RBP=0000000000000002 RSP=ffffc90000540f68 R8 =0000000000000000 R9 =ffffffff8cef199f R10=fffffbfff19de333 R11=0000000000000000 R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff8128e4b0 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007ff0c9c2b700 ffffffff 00c00000 GS =0000 ffff88802cc00000 ffffffff 00c00000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe0000079000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000077000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000000000075c000 CR3=000000007119e000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000007369680000000000736980 XMM02=00000000007369600000000000736968 XMM03=00000000007369800000000000736960 XMM04=0000000000000000000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 3 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff8414ec9c RDI=ffffffff8fb26ba0 RBP=ffffffff8fb26b60 RSP=ffffc90002d877d0 R8 =0000000000000037 R9 =0000000000000023 R10=ffffffff841356f8 R11=000000000000000a R12=0000000000000020 R13=fffffbfff1f64dbf R14=fffffbfff1f64d76 R15=dffffc0000000000 RIP=ffffffff8414ecf0 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802cd00000 ffffffff 00c00000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe00000b4000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000b2000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000001bb2d48 CR3=000000007119e000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff0000000000ff0000ff000000000000 XMM01=ffff000000000000ffffffff00000000 XMM02=00000000000000000000000000000000 XMM03=000000ff0000000000000000ff000000 XMM04=acffff7bacffff7bacffff7eb9002f2f XMM05=5b6d626974627c2a5d392d305b646d7c XMM06=2d305b6d626974627c2a5d392d305b64 XMM07=2d63707276633a3174633a554d45516e XMM08=ffffffffffffffffffffffffffffffff XMM09=00000020202020202020202020202000 XMM10=ffffffffffffffffffffffffffffffff XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000