================================
WARNING: inconsistent lock state
4.14.195-syzkaller #0 Not tainted
--------------------------------
inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage.
syz-executor.1/10377 [HC0[0]:SC0[0]:HE1:SE1] takes:
 (slock-AF_BLUETOOTH-BTPROTO_SCO){+.?.}, at: [<ffffffff85bb5910>] spin_lock include/linux/spinlock.h:317 [inline]
 (slock-AF_BLUETOOTH-BTPROTO_SCO){+.?.}, at: [<ffffffff85bb5910>] sco_conn_del+0xb0/0x1e0 net/bluetooth/sco.c:175
{IN-SOFTIRQ-W} state was registered at:
  lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
  __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
  _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:152
  spin_lock include/linux/spinlock.h:317 [inline]
  sco_sock_timeout+0x1a/0x150 net/bluetooth/sco.c:82
  call_timer_fn+0x14a/0x650 kernel/time/timer.c:1280
  expire_timers+0x232/0x4d0 kernel/time/timer.c:1319
  __run_timers kernel/time/timer.c:1644 [inline]
  run_timer_softirq+0x1d5/0x5a0 kernel/time/timer.c:1657
  __do_softirq+0x254/0xa1d kernel/softirq.c:288
  invoke_softirq kernel/softirq.c:368 [inline]
  irq_exit+0x193/0x240 kernel/softirq.c:409
  exiting_irq arch/x86/include/asm/apic.h:648 [inline]
  smp_apic_timer_interrupt+0x141/0x5e0 arch/x86/kernel/apic/apic.c:1102
  apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:793
  orc_ip arch/x86/kernel/unwind_orc.c:27 [inline]
  __orc_find+0x6f/0xf0 arch/x86/kernel/unwind_orc.c:49
  orc_find arch/x86/kernel/unwind_orc.c:118 [inline]
  unwind_next_frame+0x59a/0x17d0 arch/x86/kernel/unwind_orc.c:355
  __save_stack_trace+0x90/0x160 arch/x86/kernel/stacktrace.c:44
  save_stack mm/kasan/kasan.c:447 [inline]
  set_track mm/kasan/kasan.c:459 [inline]
  kasan_kmalloc+0xeb/0x160 mm/kasan/kasan.c:551
  slab_post_alloc_hook mm/slab.h:442 [inline]
  slab_alloc mm/slab.c:3390 [inline]
  kmem_cache_alloc_trace+0x11b/0x3d0 mm/slab.c:3616
  kmalloc include/linux/slab.h:488 [inline]
  kzalloc include/linux/slab.h:661 [inline]
  do_execveat_common+0x2c8/0x1f30 fs/exec.c:1731
  do_execve+0x33/0x50 fs/exec.c:1847
  call_usermodehelper_exec_async+0x28f/0x4a0 kernel/umh.c:100
  ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
irq event stamp: 2489
hardirqs last  enabled at (2489): [<ffffffff86548d94>] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline]
hardirqs last  enabled at (2489): [<ffffffff86548d94>] _raw_spin_unlock_irq+0x24/0x80 kernel/locking/spinlock.c:200
hardirqs last disabled at (2488): [<ffffffff86548a25>] __raw_spin_lock_irq include/linux/spinlock_api_smp.h:126 [inline]
hardirqs last disabled at (2488): [<ffffffff86548a25>] _raw_spin_lock_irq+0x35/0x80 kernel/locking/spinlock.c:168
softirqs last  enabled at (202): [<ffffffff868006ab>] __do_softirq+0x6ab/0xa1d kernel/softirq.c:314
softirqs last disabled at (171): [<ffffffff81377433>] invoke_softirq kernel/softirq.c:368 [inline]
softirqs last disabled at (171): [<ffffffff81377433>] irq_exit+0x193/0x240 kernel/softirq.c:409

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(slock-AF_BLUETOOTH-BTPROTO_SCO);
  <Interrupt>
    lock(slock-AF_BLUETOOTH-BTPROTO_SCO);

 *** DEADLOCK ***

3 locks held by syz-executor.1/10377:
 #0:  (&hdev->req_lock){+.+.}, at: [<ffffffff85af853d>] hci_dev_do_close+0xfd/0xc50 net/bluetooth/hci_core.c:1576
 #1:  (&hdev->lock){+.+.}, at: [<ffffffff85af8650>] hci_dev_do_close+0x210/0xc50 net/bluetooth/hci_core.c:1607
 #2:  (hci_cb_list_lock){+.+.}, at: [<ffffffff85b0c8b7>] hci_disconn_cfm include/net/bluetooth/hci_core.h:1223 [inline]
 #2:  (hci_cb_list_lock){+.+.}, at: [<ffffffff85b0c8b7>] hci_conn_hash_flush+0xc7/0x220 net/bluetooth/hci_conn.c:1376

stack backtrace:
CPU: 0 PID: 10377 Comm: syz-executor.1 Not tainted 4.14.195-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x283 lib/dump_stack.c:58
 print_usage_bug.cold+0x42e/0x570 kernel/locking/lockdep.c:2589
 valid_state kernel/locking/lockdep.c:2602 [inline]
 mark_lock_irq kernel/locking/lockdep.c:2796 [inline]
 mark_lock+0xb4d/0x1050 kernel/locking/lockdep.c:3194
 mark_irqflags kernel/locking/lockdep.c:3090 [inline]
 __lock_acquire+0xd5c/0x3f20 kernel/locking/lockdep.c:3448
 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
 _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:152
 spin_lock include/linux/spinlock.h:317 [inline]
 sco_conn_del+0xb0/0x1e0 net/bluetooth/sco.c:175
 sco_disconn_cfm net/bluetooth/sco.c:1134 [inline]
 sco_disconn_cfm+0x50/0x60 net/bluetooth/sco.c:1127
 hci_disconn_cfm include/net/bluetooth/hci_core.h:1226 [inline]
 hci_conn_hash_flush+0x114/0x220 net/bluetooth/hci_conn.c:1376
 hci_dev_do_close+0x542/0xc50 net/bluetooth/hci_core.c:1620
 hci_unregister_dev+0x170/0x7a0 net/bluetooth/hci_core.c:3191
 vhci_release+0x70/0xe0 drivers/bluetooth/hci_vhci.c:354
 __fput+0x25f/0x7a0 fs/file_table.c:210
 task_work_run+0x11f/0x190 kernel/task_work.c:113
 exit_task_work include/linux/task_work.h:22 [inline]
 do_exit+0xa08/0x27f0 kernel/exit.c:865
 do_group_exit+0x100/0x2e0 kernel/exit.c:962
 get_signal+0x38d/0x1ca0 kernel/signal.c:2423
 do_signal+0x7c/0x1550 arch/x86/kernel/signal.c:814
 exit_to_usermode_loop+0x160/0x200 arch/x86/entry/common.c:160
 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:270 [inline]
 do_syscall_64+0x4a3/0x640 arch/x86/entry/common.c:297
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45d5b9
RSP: 002b:00007f3289bd8cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 000000000118cfe8 RCX: 000000000045d5b9
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000118cfe8
RBP: 000000000118cfe0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cfec
R13: 00007ffc6070cc2f R14: 00007f3289bd99c0 R15: 000000000118cfec
bond22 (unregistering): Released all slaves
audit: type=1804 audit(1598662051.292:190): pid=17181 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir941742759/syzkaller.vQtaV5/97/bus" dev="sda1" ino=15891 res=1
bond22 (unregistering): Released all slaves
FAULT_INJECTION: forcing a failure.
name fail_page_alloc, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 17329 Comm: syz-executor.4 Not tainted 4.14.195-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x283 lib/dump_stack.c:58
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0x10a/0x154 lib/fault-inject.c:149
 should_fail_alloc_page mm/page_alloc.c:2897 [inline]
 prepare_alloc_pages mm/page_alloc.c:4130 [inline]
 __alloc_pages_nodemask+0x22c/0x2720 mm/page_alloc.c:4178
 __alloc_pages include/linux/gfp.h:484 [inline]
 __alloc_pages_node include/linux/gfp.h:497 [inline]
 alloc_pages_vma+0x4b3/0x6d0 mm/mempolicy.c:2070
 do_huge_pmd_wp_page+0x7c6/0x4730 mm/huge_memory.c:1288
 wp_huge_pmd mm/memory.c:3890 [inline]
 __handle_mm_fault+0x20b2/0x4620 mm/memory.c:4103
 handle_mm_fault+0x306/0x7a0 mm/memory.c:4150
 __do_page_fault+0x578/0xb50 arch/x86/mm/fault.c:1442
 page_fault+0x25/0x50 arch/x86/entry/entry_64.S:1123
RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181
RSP: 0018:ffff888088a2fb68 EFLAGS: 00010206
RAX: ffffed100aa15a00 RBX: 0000000000001000 RCX: 0000000000000500
RDX: 0000000000001000 RSI: ffff8880550acb00 RDI: 0000000020400000
RBP: 00000000203ff500 R08: 0000000000000000 R09: ffffed100aa159ff
R10: ffff8880550acfff R11: 0000000000000000 R12: ffff8880550ac000
R13: 00007ffffffff000 R14: 0000000020400500 R15: ffff888088a2fdf0
 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline]
 raw_copy_to_user arch/x86/include/asm/uaccess_64.h:112 [inline]
 copyout+0x99/0xc0 lib/iov_iter.c:137
 copy_page_to_iter_iovec lib/iov_iter.c:206 [inline]
 copy_page_to_iter+0x324/0xca0 lib/iov_iter.c:723
 pipe_to_user+0xa8/0x160 fs/splice.c:1237
 splice_from_pipe_feed fs/splice.c:502 [inline]
 __splice_from_pipe+0x326/0x7a0 fs/splice.c:626
 vmsplice_to_user+0x190/0x1b0 fs/splice.c:1272
 SYSC_vmsplice fs/splice.c:1353 [inline]
 SyS_vmsplice+0x12a/0x150 fs/splice.c:1334
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45d5b9
RSP: 002b:00007f6bdd79ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116
RAX: ffffffffffffffda RBX: 0000000000036640 RCX: 000000000045d5b9
RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000003
RBP: 00007f6bdd79eca0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00007ffde73d867f R14: 00007f6bdd79f9c0 R15: 000000000118cfec
bond1 (unregistering): Released all slaves
audit: type=1804 audit(1598662052.282:191): pid=17453 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir941742759/syzkaller.vQtaV5/98/bus" dev="sda1" ino=16224 res=1
bond22 (unregistering): Released all slaves
FAULT_INJECTION: forcing a failure.
name fail_page_alloc, interval 1, probability 0, space 0, times 0
bond1 (unregistering): Released all slaves
CPU: 1 PID: 17498 Comm: syz-executor.4 Not tainted 4.14.195-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x283 lib/dump_stack.c:58
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0x10a/0x154 lib/fault-inject.c:149
 should_fail_alloc_page mm/page_alloc.c:2897 [inline]
 prepare_alloc_pages mm/page_alloc.c:4130 [inline]
 __alloc_pages_nodemask+0x22c/0x2720 mm/page_alloc.c:4178
 __alloc_pages include/linux/gfp.h:484 [inline]
 __alloc_pages_node include/linux/gfp.h:497 [inline]
 alloc_pages_vma+0x4b3/0x6d0 mm/mempolicy.c:2070
 do_huge_pmd_wp_page+0x7c6/0x4730 mm/huge_memory.c:1288
 wp_huge_pmd mm/memory.c:3890 [inline]
 __handle_mm_fault+0x20b2/0x4620 mm/memory.c:4103
 handle_mm_fault+0x306/0x7a0 mm/memory.c:4150
 __do_page_fault+0x578/0xb50 arch/x86/mm/fault.c:1442
 page_fault+0x25/0x50 arch/x86/entry/entry_64.S:1123
RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181
RSP: 0018:ffff88804e8ffb68 EFLAGS: 00010206
RAX: ffffed100abfb200 RBX: 0000000000001000 RCX: 0000000000000500
RDX: 0000000000001000 RSI: ffff888055fd8b00 RDI: 0000000020600000
RBP: 00000000205ff500 R08: 0000000000000000 R09: ffffed100abfb1ff
R10: ffff888055fd8fff R11: 0000000000000000 R12: ffff888055fd8000
R13: 00007ffffffff000 R14: 0000000020600500 R15: ffff88804e8ffdf0
 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline]
 raw_copy_to_user arch/x86/include/asm/uaccess_64.h:112 [inline]
 copyout+0x99/0xc0 lib/iov_iter.c:137
 copy_page_to_iter_iovec lib/iov_iter.c:206 [inline]
 copy_page_to_iter+0x324/0xca0 lib/iov_iter.c:723
 pipe_to_user+0xa8/0x160 fs/splice.c:1237
 splice_from_pipe_feed fs/splice.c:502 [inline]
 __splice_from_pipe+0x326/0x7a0 fs/splice.c:626
 vmsplice_to_user+0x190/0x1b0 fs/splice.c:1272
 SYSC_vmsplice fs/splice.c:1353 [inline]
 SyS_vmsplice+0x12a/0x150 fs/splice.c:1334
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45d5b9
RSP: 002b:00007f6bdd79ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116
RAX: ffffffffffffffda RBX: 0000000000036640 RCX: 000000000045d5b9
RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000003
RBP: 00007f6bdd79eca0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
R13: 00007ffde73d867f R14: 00007f6bdd79f9c0 R15: 000000000118cfec
audit: type=1804 audit(1598662052.452:192): pid=17535 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir777339373/syzkaller.3nQsL3/131/bus" dev="sda1" ino=16225 res=1
bond22 (unregistering): Released all slaves
audit: type=1804 audit(1598662053.242:193): pid=17718 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir941742759/syzkaller.vQtaV5/99/bus" dev="sda1" ino=16227 res=1
bond1 (unregistering): Released all slaves
bond2: Enslaving bridge4 as a backup interface with an up link
bond3 (unregistering): Released all slaves
FAULT_INJECTION: forcing a failure.
name fail_page_alloc, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 17730 Comm: syz-executor.4 Not tainted 4.14.195-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x283 lib/dump_stack.c:58
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0x10a/0x154 lib/fault-inject.c:149
 should_fail_alloc_page mm/page_alloc.c:2897 [inline]
 prepare_alloc_pages mm/page_alloc.c:4130 [inline]
 __alloc_pages_nodemask+0x22c/0x2720 mm/page_alloc.c:4178
 __alloc_pages include/linux/gfp.h:484 [inline]
 __alloc_pages_node include/linux/gfp.h:497 [inline]
 alloc_pages_vma+0x4b3/0x6d0 mm/mempolicy.c:2070
 do_huge_pmd_wp_page+0x7c6/0x4730 mm/huge_memory.c:1288
 wp_huge_pmd mm/memory.c:3890 [inline]
 __handle_mm_fault+0x20b2/0x4620 mm/memory.c:4103
 handle_mm_fault+0x306/0x7a0 mm/memory.c:4150
 __do_page_fault+0x578/0xb50 arch/x86/mm/fault.c:1442
 page_fault+0x25/0x50 arch/x86/entry/entry_64.S:1123
RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181
RSP: 0018:ffff888051837b68 EFLAGS: 00010206
RAX: ffffed1011a90400 RBX: 0000000000001000 RCX: 0000000000000500
RDX: 0000000000001000 RSI: ffff88808d481b00 RDI: 0000000020800000
RBP: 00000000207ff500 R08: 0000000000000000 R09: ffffed1011a903ff
R10: ffff88808d481fff R11: 0000000000000000 R12: ffff88808d481000
R13: 00007ffffffff000 R14: 0000000020800500 R15: ffff888051837df0
 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline]
 raw_copy_to_user arch/x86/include/asm/uaccess_64.h:112 [inline]
 copyout+0x99/0xc0 lib/iov_iter.c:137
 copy_page_to_iter_iovec lib/iov_iter.c:206 [inline]
 copy_page_to_iter+0x324/0xca0 lib/iov_iter.c:723
 pipe_to_user+0xa8/0x160 fs/splice.c:1237
 splice_from_pipe_feed fs/splice.c:502 [inline]
 __splice_from_pipe+0x326/0x7a0 fs/splice.c:626
 vmsplice_to_user+0x190/0x1b0 fs/splice.c:1272
 SYSC_vmsplice fs/splice.c:1353 [inline]
 SyS_vmsplice+0x12a/0x150 fs/splice.c:1334
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45d5b9
RSP: 002b:00007f6bdd79ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116
RAX: ffffffffffffffda RBX: 0000000000036640 RCX: 000000000045d5b9
RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000003
RBP: 00007f6bdd79eca0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
R13: 00007ffde73d867f R14: 00007f6bdd79f9c0 R15: 000000000118cfec
bond22 (unregistering): Released all slaves
batman_adv: batadv0: Removing interface: batadv_slave_0
batman_adv: batadv0: Removing interface: batadv_slave_1
device bridge_slave_1 left promiscuous mode
bridge0: port 2(bridge_slave_1) entered disabled state
device bridge_slave_0 left promiscuous mode
bridge0: port 1(bridge_slave_0) entered disabled state
bond1 (unregistering): Releasing backup interface bridge1
bond1 (unregistering): Released all slaves
device hsr_slave_1 left promiscuous mode
device hsr_slave_0 left promiscuous mode
team0 (unregistering): Port device team_slave_1 removed
team0 (unregistering): Port device team_slave_0 removed
bond0 (unregistering): Releasing backup interface bond_slave_1
bond0 (unregistering): Releasing backup interface bond_slave_0
bond0 (unregistering): Released all slaves
IPVS: ftp: loaded support on port[0] = 21
chnl_net:caif_netlink_parms(): no params data found
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered disabled state
device bridge_slave_0 entered promiscuous mode
bridge0: port 2(bridge_slave_1) entered blocking state
bridge0: port 2(bridge_slave_1) entered disabled state
device bridge_slave_1 entered promiscuous mode
bond0: Enslaving bond_slave_0 as an active interface with an up link
bond0: Enslaving bond_slave_1 as an active interface with an up link
IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
team0: Port device team_slave_0 added
IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
team0: Port device team_slave_1 added
batman_adv: batadv0: Adding interface: batadv_slave_0
batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
batman_adv: batadv0: Adding interface: batadv_slave_1
batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
device hsr_slave_0 entered promiscuous mode
device hsr_slave_1 entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
8021q: adding VLAN 0 to HW filter on device bond0
IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
8021q: adding VLAN 0 to HW filter on device team0
IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered forwarding state
IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
bridge0: port 2(bridge_slave_1) entered blocking state
bridge0: port 2(bridge_slave_1) entered forwarding state
IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
8021q: adding VLAN 0 to HW filter on device batadv0
IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready
IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
device veth0_vlan entered promiscuous mode
device veth1_vlan entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
device veth0_macvtap entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready
device veth1_macvtap entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready
batman_adv: batadv0: Interface activated: batadv_slave_0
IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready
batman_adv: batadv0: Interface activated: batadv_slave_1
IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
FAULT_INJECTION: forcing a failure.
name fail_page_alloc, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 18213 Comm: syz-executor.4 Not tainted 4.14.195-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x283 lib/dump_stack.c:58
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0x10a/0x154 lib/fault-inject.c:149
 should_fail_alloc_page mm/page_alloc.c:2897 [inline]
 prepare_alloc_pages mm/page_alloc.c:4130 [inline]
 __alloc_pages_nodemask+0x22c/0x2720 mm/page_alloc.c:4178
audit: type=1804 audit(1598662056.592:194): pid=18261 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir941742759/syzkaller.vQtaV5/100/bus" dev="sda1" ino=16245 res=1
 __alloc_pages include/linux/gfp.h:484 [inline]
 __alloc_pages_node include/linux/gfp.h:497 [inline]
 alloc_pages_vma+0x4b3/0x6d0 mm/mempolicy.c:2070
 do_huge_pmd_wp_page+0x7c6/0x4730 mm/huge_memory.c:1288
 wp_huge_pmd mm/memory.c:3890 [inline]
 __handle_mm_fault+0x20b2/0x4620 mm/memory.c:4103
 handle_mm_fault+0x306/0x7a0 mm/memory.c:4150
 __do_page_fault+0x578/0xb50 arch/x86/mm/fault.c:1442
 page_fault+0x25/0x50 arch/x86/entry/entry_64.S:1123
RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181
RSP: 0018:ffff888096787b68 EFLAGS: 00010206
RAX: ffffed1011f6fc00 RBX: 0000000000001000 RCX: 0000000000000500
RDX: 0000000000001000 RSI: ffff88808fb7db00 RDI: 0000000020a00000
RBP: 00000000209ff500 R08: 0000000000000000 R09: ffffed1011f6fbff
R10: ffff88808fb7dfff R11: 0000000000000000 R12: ffff88808fb7d000
R13: 00007ffffffff000 R14: 0000000020a00500 R15: ffff888096787df0
 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline]
 raw_copy_to_user arch/x86/include/asm/uaccess_64.h:112 [inline]
 copyout+0x99/0xc0 lib/iov_iter.c:137
 copy_page_to_iter_iovec lib/iov_iter.c:206 [inline]
 copy_page_to_iter+0x324/0xca0 lib/iov_iter.c:723
 pipe_to_user+0xa8/0x160 fs/splice.c:1237
 splice_from_pipe_feed fs/splice.c:502 [inline]
 __splice_from_pipe+0x326/0x7a0 fs/splice.c:626
 vmsplice_to_user+0x190/0x1b0 fs/splice.c:1272
 SYSC_vmsplice fs/splice.c:1353 [inline]
 SyS_vmsplice+0x12a/0x150 fs/splice.c:1334
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45d5b9
RSP: 002b:00007f6bdd79ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116
RAX: ffffffffffffffda RBX: 0000000000036640 RCX: 000000000045d5b9
RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000003
RBP: 00007f6bdd79eca0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 00007ffde73d867f R14: 00007f6bdd79f9c0 R15: 000000000118cfec
bond2: Enslaving bridge5 as a backup interface with a down link
bond3 (unregistering): Released all slaves
Bluetooth: hci5 command 0x0409 tx timeout
FAULT_INJECTION: forcing a failure.
name fail_page_alloc, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 18405 Comm: syz-executor.4 Not tainted 4.14.195-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x283 lib/dump_stack.c:58
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0x10a/0x154 lib/fault-inject.c:149
 should_fail_alloc_page mm/page_alloc.c:2897 [inline]
 prepare_alloc_pages mm/page_alloc.c:4130 [inline]
 __alloc_pages_nodemask+0x22c/0x2720 mm/page_alloc.c:4178
 __alloc_pages include/linux/gfp.h:484 [inline]
 __alloc_pages_node include/linux/gfp.h:497 [inline]
 alloc_pages_vma+0x4b3/0x6d0 mm/mempolicy.c:2070
 do_huge_pmd_wp_page+0x7c6/0x4730 mm/huge_memory.c:1288
 wp_huge_pmd mm/memory.c:3890 [inline]
 __handle_mm_fault+0x20b2/0x4620 mm/memory.c:4103
audit: type=1804 audit(1598662057.402:195): pid=18484 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir941742759/syzkaller.vQtaV5/101/bus" dev="sda1" ino=16245 res=1
 handle_mm_fault+0x306/0x7a0 mm/memory.c:4150
 __do_page_fault+0x578/0xb50 arch/x86/mm/fault.c:1442
 page_fault+0x25/0x50 arch/x86/entry/entry_64.S:1123
RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181
RSP: 0018:ffff888095377b68 EFLAGS: 00010206
RAX: ffffed101116e000 RBX: 0000000000001000 RCX: 0000000000000500
RDX: 0000000000001000 RSI: ffff888088b6fb00 RDI: 0000000020c00000
RBP: 0000000020bff500 R08: 0000000000000000 R09: ffffed101116dfff
R10: ffff888088b6ffff R11: 0000000000000000 R12: ffff888088b6f000
R13: 00007ffffffff000 R14: 0000000020c00500 R15: ffff888095377df0
 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline]
 raw_copy_to_user arch/x86/include/asm/uaccess_64.h:112 [inline]
 copyout+0x99/0xc0 lib/iov_iter.c:137
 copy_page_to_iter_iovec lib/iov_iter.c:206 [inline]
 copy_page_to_iter+0x324/0xca0 lib/iov_iter.c:723
 pipe_to_user+0xa8/0x160 fs/splice.c:1237
 splice_from_pipe_feed fs/splice.c:502 [inline]
 __splice_from_pipe+0x326/0x7a0 fs/splice.c:626
 vmsplice_to_user+0x190/0x1b0 fs/splice.c:1272
 SYSC_vmsplice fs/splice.c:1353 [inline]
 SyS_vmsplice+0x12a/0x150 fs/splice.c:1334
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45d5b9
RSP: 002b:00007f6bdd79ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116
RAX: ffffffffffffffda RBX: 0000000000036640 RCX: 000000000045d5b9
RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000003
RBP: 00007f6bdd79eca0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
R13: 00007ffde73d867f R14: 00007f6bdd79f9c0 R15: 000000000118cfec
bond23 (unregistering): Released all slaves
Bluetooth: hci1 command 0x0406 tx timeout
Bluetooth: hci2 command 0x0406 tx timeout
Bluetooth: hci3 command 0x0406 tx timeout
bond2: Enslaving bridge6 as a backup interface with a down link
bond3 (unregistering): Released all slaves
FAULT_INJECTION: forcing a failure.
name fail_page_alloc, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 18559 Comm: syz-executor.4 Not tainted 4.14.195-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x283 lib/dump_stack.c:58
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0x10a/0x154 lib/fault-inject.c:149
 should_fail_alloc_page mm/page_alloc.c:2897 [inline]
 prepare_alloc_pages mm/page_alloc.c:4130 [inline]
 __alloc_pages_nodemask+0x22c/0x2720 mm/page_alloc.c:4178
 __alloc_pages include/linux/gfp.h:484 [inline]
 __alloc_pages_node include/linux/gfp.h:497 [inline]
 alloc_pages_vma+0x4b3/0x6d0 mm/mempolicy.c:2070
 do_huge_pmd_wp_page+0x7c6/0x4730 mm/huge_memory.c:1288
 wp_huge_pmd mm/memory.c:3890 [inline]
 __handle_mm_fault+0x20b2/0x4620 mm/memory.c:4103
 handle_mm_fault+0x306/0x7a0 mm/memory.c:4150
 __do_page_fault+0x578/0xb50 arch/x86/mm/fault.c:1442
 page_fault+0x25/0x50 arch/x86/entry/entry_64.S:1123
RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181
RSP: 0018:ffff8880517cfb68 EFLAGS: 00010206
RAX: ffffed1010668200 RBX: 0000000000001000 RCX: 0000000000000500
RDX: 0000000000001000 RSI: ffff888083340b00 RDI: 0000000020e00000
RBP: 0000000020dff500 R08: 0000000000000000 R09: ffffed10106681ff
R10: ffff888083340fff R11: 0000000000000000 R12: ffff888083340000
R13: 00007ffffffff000 R14: 0000000020e00500 R15: ffff8880517cfdf0
 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline]
 raw_copy_to_user arch/x86/include/asm/uaccess_64.h:112 [inline]
 copyout+0x99/0xc0 lib/iov_iter.c:137
 copy_page_to_iter_iovec lib/iov_iter.c:206 [inline]
 copy_page_to_iter+0x324/0xca0 lib/iov_iter.c:723
 pipe_to_user+0xa8/0x160 fs/splice.c:1237
 splice_from_pipe_feed fs/splice.c:502 [inline]
 __splice_from_pipe+0x326/0x7a0 fs/splice.c:626
 vmsplice_to_user+0x190/0x1b0 fs/splice.c:1272
 SYSC_vmsplice fs/splice.c:1353 [inline]
 SyS_vmsplice+0x12a/0x150 fs/splice.c:1334
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45d5b9
RSP: 002b:00007f6bdd79ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116
RAX: ffffffffffffffda RBX: 0000000000036640 RCX: 000000000045d5b9
RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000003
RBP: 00007f6bdd79eca0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
R13: 00007ffde73d867f R14: 00007f6bdd79f9c0 R15: 000000000118cfec
bond23 (unregistering): Released all slaves
audit: type=1804 audit(1598662058.642:196): pid=18719 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir941742759/syzkaller.vQtaV5/102/bus" dev="sda1" ino=16245 res=1
bond2: Enslaving bridge7 as a backup interface with a down link
bond23 (unregistering): Released all slaves
bond3 (unregistering): Released all slaves
Unknown ioctl 35306
Bluetooth: hci5 command 0x041b tx timeout
bond2: Enslaving bridge8 as a backup interface with a down link
bond23 (unregistering): Released all slaves
audit: type=1804 audit(1598662059.562:197): pid=19181 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir941742759/syzkaller.vQtaV5/103/bus" dev="sda1" ino=16254 res=1
bond2: Enslaving bridge9 as a backup interface with a down link
bond23 (unregistering): Released all slaves
bond2: Enslaving bridge10 as a backup interface with a down link
bond2: Enslaving bridge11 as a backup interface with a down link
bond23 (unregistering): Released all slaves
bond2: Enslaving bridge12 as a backup interface with a down link
audit: type=1804 audit(1598662060.522:198): pid=19602 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir941742759/syzkaller.vQtaV5/104/bus" dev="sda1" ino=16258 res=1
bond23 (unregistering): Released all slaves