[ 50.070751][ T27] audit: type=1400 audit(1663037890.546:83): avc: denied { ioctl } for pid=3615 comm="syz-executor.0" path="/dev/loop0" dev="devtmpfs" ino=644 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 52.740015][ T27] audit: type=1400 audit(1663037893.266:84): avc: denied { read } for pid=3604 comm="syz-fuzzer" name="fuse" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 52.899581][ T3613] can: request_module (can-proto-0) failed. [ 52.922748][ T3613] can: request_module (can-proto-0) failed. [ 52.943270][ T3613] can: request_module (can-proto-0) failed. [ 61.729093][ T27] kauditd_printk_skb: 79 callbacks suppressed [ 61.729107][ T27] audit: type=1400 audit(1663037902.256:164): avc: denied { append } for pid=2954 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 61.757950][ T27] audit: type=1400 audit(1663037902.256:165): avc: denied { open } for pid=2954 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 61.781073][ T27] audit: type=1400 audit(1663037902.256:166): avc: denied { getattr } for pid=2954 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 63.898457][ T27] audit: type=1400 audit(1663037904.426:167): avc: denied { transition } for pid=3666 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.249' (ECDSA) to the list of known hosts. 2022/09/13 02:58:31 parsed 1 programs [ 71.240545][ T27] audit: type=1400 audit(1663037911.766:168): avc: denied { mounton } for pid=3680 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 71.266058][ T27] audit: type=1400 audit(1663037911.766:169): avc: denied { mount } for pid=3680 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 2022/09/13 02:58:31 executed programs: 0 [ 71.476295][ T27] audit: type=1400 audit(1663037911.996:170): avc: denied { mount } for pid=3684 comm="syz-executor.0" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 71.499189][ T27] audit: type=1400 audit(1663037912.006:171): avc: denied { mounton } for pid=3684 comm="syz-executor.0" path="/syzcgroup/unified" dev="sda1" ino=1142 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 71.524025][ T27] audit: type=1400 audit(1663037912.006:172): avc: denied { mount } for pid=3684 comm="syz-executor.0" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 71.620851][ T3684] chnl_net:caif_netlink_parms(): no params data found [ 71.671553][ T3684] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.679886][ T3684] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.688858][ T3684] device bridge_slave_0 entered promiscuous mode [ 71.698753][ T3684] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.706007][ T3684] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.714402][ T3684] device bridge_slave_1 entered promiscuous mode [ 71.738121][ T3684] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.752132][ T3684] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.778427][ T3684] team0: Port device team_slave_0 added [ 71.788387][ T3684] team0: Port device team_slave_1 added [ 71.807981][ T3684] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 71.815062][ T3684] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.841411][ T3684] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 71.855505][ T3684] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 71.863524][ T3684] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.890418][ T3684] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 71.921200][ T3684] device hsr_slave_0 entered promiscuous mode [ 71.929318][ T3684] device hsr_slave_1 entered promiscuous mode [ 72.035593][ T27] audit: type=1400 audit(1663037912.556:173): avc: denied { create } for pid=3684 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 72.041111][ T3684] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 72.058418][ T27] audit: type=1400 audit(1663037912.566:174): avc: denied { write } for pid=3684 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 72.084751][ T27] audit: type=1400 audit(1663037912.566:175): avc: denied { read } for pid=3684 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 72.091938][ T3684] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 72.117142][ T3684] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 72.127949][ T3684] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 72.153436][ T3684] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.161062][ T3684] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.169255][ T3684] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.176385][ T3684] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.228658][ T3684] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.243582][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 72.255259][ T22] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.265612][ T22] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.273996][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 72.289202][ T3684] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.301885][ T143] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 72.311237][ T143] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.318561][ T143] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.331528][ T143] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 72.340681][ T143] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.348318][ T143] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.373992][ T143] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 72.384069][ T143] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 72.399531][ T143] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 72.407770][ T143] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 72.420787][ T3684] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 72.433270][ T3684] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 72.442972][ T3693] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 72.464399][ T3684] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.472534][ T3693] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 72.480658][ T3693] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 72.507872][ T27] audit: type=1400 audit(1663037913.036:176): avc: denied { sys_module } for pid=3684 comm="syz-executor.0" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 72.602410][ T3693] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 72.624215][ T3691] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 72.633392][ T3691] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 72.644591][ T3691] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 72.653466][ T3691] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 72.662358][ T3684] device veth0_vlan entered promiscuous mode [ 72.675389][ T3684] device veth1_vlan entered promiscuous mode [ 72.695264][ T3684] device veth0_macvtap entered promiscuous mode [ 72.709313][ T3684] device veth1_macvtap entered promiscuous mode [ 72.717442][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 72.725732][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 72.734550][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 72.743610][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 72.752492][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 72.761263][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 72.781427][ T3684] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.789836][ T3693] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 72.799041][ T3693] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 72.812881][ T3684] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.821290][ T143] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 72.830968][ T143] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 72.843585][ T3684] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.854136][ T3684] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.863147][ T3684] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.873348][ T3684] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.952873][ T27] audit: type=1400 audit(1663037913.476:177): avc: denied { open } for pid=3700 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 72.983970][ C0] hrtimer: interrupt took 32241 ns [ 73.755325][ T3703] [ 73.757688][ T3703] ====================================================== [ 73.764808][ T3703] WARNING: possible circular locking dependency detected [ 73.772254][ T3703] 6.0.0-rc5-syzkaller-00736-ge839a756012b #0 Not tainted [ 73.779472][ T3703] ------------------------------------------------------ [ 73.786476][ T3703] syz-executor.0/3703 is trying to acquire lock: [ 73.792826][ T3703] ffffffff8be33ab0 (cpu_hotplug_lock){++++}-{0:0}, at: static_key_slow_dec+0x4f/0xc0 [ 73.802567][ T3703] [ 73.802567][ T3703] but task is already holding lock: [ 73.809991][ T3703] ffff88802166d8e8 (&mm->mmap_lock#2){++++}-{3:3}, at: vm_mmap_pgoff+0x155/0x270 [ 73.819139][ T3703] [ 73.819139][ T3703] which lock already depends on the new lock. [ 73.819139][ T3703] [ 73.829553][ T3703] [ 73.829553][ T3703] the existing dependency chain (in reverse order) is: [ 73.838656][ T3703] [ 73.838656][ T3703] -> #2 (&mm->mmap_lock#2){++++}-{3:3}: [ 73.846487][ T3703] down_write+0x90/0x150 [ 73.851612][ T3703] mpol_rebind_mm+0x3b/0x310 [ 73.856822][ T3703] cpuset_attach+0x2e1/0x520 [ 73.861951][ T3703] cgroup_migrate_execute+0xbc7/0x1220 [ 73.867963][ T3703] cgroup_attach_task+0x416/0x7c0 [ 73.873518][ T3703] __cgroup1_procs_write.constprop.0+0x3be/0x4b0 [ 73.880466][ T3703] cgroup_file_write+0x1de/0x770 [ 73.885942][ T3703] kernfs_fop_write_iter+0x3f8/0x610 [ 73.891763][ T3703] vfs_write+0x9e9/0xdd0 [ 73.896558][ T3703] ksys_write+0x127/0x250 [ 73.901442][ T3703] do_syscall_64+0x35/0xb0 [ 73.906380][ T3703] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 73.912926][ T3703] [ 73.912926][ T3703] -> #1 (&cpuset_rwsem){++++}-{0:0}: [ 73.920903][ T3703] percpu_down_write+0x4d/0x440 [ 73.926724][ T3703] cpuset_css_online+0x61/0x900 [ 73.932134][ T3703] online_css+0xaf/0x2a0 [ 73.938307][ T3703] cgroup_apply_control_enable+0x69b/0xc00 [ 73.945183][ T3703] cgroup_mkdir+0x5ba/0x12f0 [ 73.950300][ T3703] kernfs_iop_mkdir+0x146/0x1d0 [ 73.955778][ T3703] vfs_mkdir+0x489/0x740 [ 73.960993][ T3703] do_mkdirat+0x28c/0x310 [ 73.965842][ T3703] __x64_sys_mkdir+0xf2/0x140 [ 73.971318][ T3703] do_syscall_64+0x35/0xb0 [ 73.976365][ T3703] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 73.982970][ T3703] [ 73.982970][ T3703] -> #0 (cpu_hotplug_lock){++++}-{0:0}: [ 73.990725][ T3703] __lock_acquire+0x2a43/0x56d0 [ 73.996691][ T3703] lock_acquire+0x1ab/0x570 [ 74.001871][ T3703] cpus_read_lock+0x3e/0x140 [ 74.007081][ T3703] static_key_slow_dec+0x4f/0xc0 [ 74.012693][ T3703] sw_perf_event_destroy+0xa5/0x240 [ 74.018536][ T3703] _free_event+0x2ee/0x1390 [ 74.023673][ T3703] perf_mmap_close+0x540/0xe30 [ 74.028964][ T3703] remove_vma+0xac/0x170 [ 74.033725][ T3703] __do_munmap+0x7a6/0x10b0 [ 74.038847][ T3703] mmap_region+0x1d8/0x1460 [ 74.043876][ T3703] do_mmap+0x863/0xfa0 [ 74.049084][ T3703] vm_mmap_pgoff+0x1ab/0x270 [ 74.054368][ T3703] ksys_mmap_pgoff+0x41b/0x5a0 [ 74.059658][ T3703] do_syscall_64+0x35/0xb0 [ 74.064594][ T3703] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 74.071090][ T3703] [ 74.071090][ T3703] other info that might help us debug this: [ 74.071090][ T3703] [ 74.081309][ T3703] Chain exists of: [ 74.081309][ T3703] cpu_hotplug_lock --> &cpuset_rwsem --> &mm->mmap_lock#2 [ 74.081309][ T3703] [ 74.094348][ T3703] Possible unsafe locking scenario: [ 74.094348][ T3703] [ 74.102042][ T3703] CPU0 CPU1 [ 74.107394][ T3703] ---- ---- [ 74.112833][ T3703] lock(&mm->mmap_lock#2); [ 74.117420][ T3703] lock(&cpuset_rwsem); [ 74.124182][ T3703] lock(&mm->mmap_lock#2); [ 74.131198][ T3703] lock(cpu_hotplug_lock); [ 74.135696][ T3703] [ 74.135696][ T3703] *** DEADLOCK *** [ 74.135696][ T3703] [ 74.143839][ T3703] 1 lock held by syz-executor.0/3703: [ 74.149224][ T3703] #0: ffff88802166d8e8 (&mm->mmap_lock#2){++++}-{3:3}, at: vm_mmap_pgoff+0x155/0x270 [ 74.159019][ T3703] [ 74.159019][ T3703] stack backtrace: [ 74.164934][ T3703] CPU: 0 PID: 3703 Comm: syz-executor.0 Not tainted 6.0.0-rc5-syzkaller-00736-ge839a756012b #0 [ 74.175491][ T3703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 74.185649][ T3703] Call Trace: [ 74.188934][ T3703] [ 74.191962][ T3703] dump_stack_lvl+0xcd/0x134 [ 74.196562][ T3703] check_noncircular+0x25f/0x2e0 [ 74.201597][ T3703] ? print_circular_bug+0x1e0/0x1e0 [ 74.206797][ T3703] ? do_raw_spin_unlock+0x171/0x230 [ 74.212004][ T3703] __lock_acquire+0x2a43/0x56d0 [ 74.216875][ T3703] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 74.222885][ T3703] lock_acquire+0x1ab/0x570 [ 74.227569][ T3703] ? static_key_slow_dec+0x4f/0xc0 [ 74.232691][ T3703] ? lock_release+0x780/0x780 [ 74.237361][ T3703] ? do_raw_spin_unlock+0x171/0x230 [ 74.242667][ T3703] cpus_read_lock+0x3e/0x140 [ 74.247420][ T3703] ? static_key_slow_dec+0x4f/0xc0 [ 74.252636][ T3703] static_key_slow_dec+0x4f/0xc0 [ 74.257587][ T3703] sw_perf_event_destroy+0xa5/0x240 [ 74.262789][ T3703] ? swevent_hlist_put_cpu+0x1e0/0x1e0 [ 74.268250][ T3703] _free_event+0x2ee/0x1390 [ 74.272758][ T3703] perf_mmap_close+0x540/0xe30 [ 74.277601][ T3703] ? __do_sys_perf_event_open+0x2fc0/0x2fc0 [ 74.283717][ T3703] ? __do_sys_perf_event_open+0x2fc0/0x2fc0 [ 74.290003][ T3703] remove_vma+0xac/0x170 [ 74.294257][ T3703] __do_munmap+0x7a6/0x10b0 [ 74.298893][ T3703] mmap_region+0x1d8/0x1460 [ 74.303411][ T3703] ? vm_munmap+0x20/0x20 [ 74.307723][ T3703] ? cap_mmap_addr+0x50/0x300 [ 74.312411][ T3703] ? selinux_mmap_addr+0x29/0x110 [ 74.317453][ T3703] ? security_mmap_addr+0x73/0x90 [ 74.322617][ T3703] ? get_unmapped_area+0x1e4/0x3c0 [ 74.327826][ T3703] do_mmap+0x863/0xfa0 [ 74.331926][ T3703] vm_mmap_pgoff+0x1ab/0x270 [ 74.336586][ T3703] ? randomize_page+0xb0/0xb0 [ 74.341396][ T3703] ksys_mmap_pgoff+0x41b/0x5a0 [ 74.346175][ T3703] ? lockdep_hardirqs_on+0x79/0x100 [ 74.351571][ T3703] do_syscall_64+0x35/0xb0 [ 74.356093][ T3703] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 74.362167][ T3703] RIP: 0033:0x463fe9 [ 74.366062][ T3703] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 74.386446][ T3703] RSP: 002b:00007f9e4fd47198 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 74.395476][ T3703] RAX: ffffffffffffffda RBX: 0000000000000737 RCX: 0000000000463fe9 [ 74.403824][ T3703] RDX: 0000000000000000 RSI: 0000000000003000 RDI: 0000000020ffd000 [ 74.412413][ T3703] RBP: 0000000000000009 R08: 0000000000000004 R09: 0000000000000000 [ 74.421032][ T3703] R10: 0000000000000011 R11: 0000000000000246 R12: 000000000053c040 [ 74.429269][ T3703] R13: 00007f9e4fd476bc R14: 00000000ffffffff R15: 0000000000000006 [ 74.437598][ T3703] [ 76.857003][ T146] cfg80211: failed to load regulatory.db 2022/09/13 02:58:37 executed programs: 4 2022/09/13 02:58:43 executed programs: 11