syzkaller login: [ 32.694304] kauditd_printk_skb: 9 callbacks suppressed [ 32.694310] audit: type=1400 audit(1576288845.431:35): avc: denied { map } for pid=6877 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 39.917170] audit: type=1400 audit(1576288852.651:36): avc: denied { map } for pid=6888 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16480 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 40.689307] IPVS: ftp: loaded support on port[0] = 21 [ 41.098638] can: request_module (can-proto-0) failed. [ 42.196715] can: request_module (can-proto-0) failed. [ 42.374374] audit: type=1400 audit(1576288855.111:37): avc: denied { create } for pid=6888 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 [ 42.398358] audit: type=1400 audit(1576288855.111:38): avc: denied { create } for pid=6888 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 42.421960] audit: type=1400 audit(1576288855.111:39): avc: denied { create } for pid=6888 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 Warning: Permanently added '10.128.0.50' (ECDSA) to the list of known hosts. 2019/12/14 02:01:01 parsed 1 programs 2019/12/14 02:01:02 executed programs: 0 [ 49.777479] IPVS: ftp: loaded support on port[0] = 21 [ 49.790415] IPVS: ftp: loaded support on port[0] = 21 [ 49.823239] IPVS: ftp: loaded support on port[0] = 21 [ 49.841356] IPVS: ftp: loaded support on port[0] = 21 [ 49.855139] IPVS: ftp: loaded support on port[0] = 21 [ 49.866041] IPVS: ftp: loaded support on port[0] = 21 [ 49.995482] chnl_net:caif_netlink_parms(): no params data found [ 50.043041] chnl_net:caif_netlink_parms(): no params data found [ 50.137504] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.144831] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.152347] device bridge_slave_0 entered promiscuous mode [ 50.183662] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.190850] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.198914] device bridge_slave_1 entered promiscuous mode [ 50.206090] chnl_net:caif_netlink_parms(): no params data found [ 50.222225] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.229051] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.236582] device bridge_slave_0 entered promiscuous mode [ 50.245419] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.252043] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.259019] device bridge_slave_1 entered promiscuous mode [ 50.281036] chnl_net:caif_netlink_parms(): no params data found [ 50.295244] chnl_net:caif_netlink_parms(): no params data found [ 50.311894] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.350022] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.358908] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 50.387087] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 50.421153] chnl_net:caif_netlink_parms(): no params data found [ 50.433304] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.439836] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.448189] device bridge_slave_0 entered promiscuous mode [ 50.467696] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 50.475742] team0: Port device team_slave_0 added [ 50.481584] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.488659] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.498142] device bridge_slave_0 entered promiscuous mode [ 50.508179] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.515231] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.522201] device bridge_slave_1 entered promiscuous mode [ 50.534020] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.541665] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.549072] device bridge_slave_1 entered promiscuous mode [ 50.555610] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 50.565859] team0: Port device team_slave_0 added [ 50.572015] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 50.579901] team0: Port device team_slave_1 added [ 50.588509] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.604822] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.611681] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.619909] device bridge_slave_0 entered promiscuous mode [ 50.629859] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.636796] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.643965] device bridge_slave_1 entered promiscuous mode [ 50.652884] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 50.660894] team0: Port device team_slave_1 added [ 50.666577] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.674746] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 50.689798] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.706221] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.715077] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 50.744376] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 50.758012] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 50.776232] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.852005] device hsr_slave_0 entered promiscuous mode [ 50.900564] device hsr_slave_1 entered promiscuous mode [ 50.940712] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.947310] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.954998] device bridge_slave_0 entered promiscuous mode [ 50.965693] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.972979] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.980417] device bridge_slave_1 entered promiscuous mode [ 50.990911] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 50.999274] team0: Port device team_slave_0 added [ 51.009381] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 51.018273] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 51.025988] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 51.033839] team0: Port device team_slave_0 added [ 51.049190] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 51.057113] team0: Port device team_slave_1 added [ 51.111749] device hsr_slave_0 entered promiscuous mode [ 51.150468] device hsr_slave_1 entered promiscuous mode [ 51.190669] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 51.202413] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 51.212150] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 51.219854] team0: Port device team_slave_1 added [ 51.225916] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 51.237343] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 51.245258] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 51.258368] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 51.267426] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 51.277051] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 51.285789] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 51.301592] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 51.309106] team0: Port device team_slave_0 added [ 51.318375] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 51.326321] team0: Port device team_slave_1 added [ 51.336637] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 51.401863] device hsr_slave_0 entered promiscuous mode [ 51.440444] device hsr_slave_1 entered promiscuous mode [ 51.484117] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 51.495412] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 51.503830] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 51.512972] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.571721] device hsr_slave_0 entered promiscuous mode [ 51.610539] device hsr_slave_1 entered promiscuous mode [ 51.661284] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 51.668624] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 51.676021] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 51.686113] team0: Port device team_slave_0 added [ 51.696139] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 51.705890] team0: Port device team_slave_1 added [ 51.772870] device hsr_slave_0 entered promiscuous mode [ 51.810659] device hsr_slave_1 entered promiscuous mode [ 51.850913] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 51.858721] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 51.871856] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.884658] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 51.897396] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.907328] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.921925] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 51.982190] device hsr_slave_0 entered promiscuous mode [ 52.020609] device hsr_slave_1 entered promiscuous mode [ 52.061776] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 52.069147] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 52.100873] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 52.112723] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 52.146925] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.156674] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 52.165903] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 52.182979] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.192779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.203191] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 52.209444] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.224176] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.235908] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 52.256986] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.265484] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.273967] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.280935] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.289715] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 52.299133] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 52.307941] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.319112] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.326697] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.335399] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.343638] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.350509] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.366294] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.380751] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 52.396703] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.404236] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 52.413660] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 52.423589] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.431623] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.439293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 52.447657] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 52.457342] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 52.469050] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 52.475801] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.485202] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 52.495395] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 52.503615] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 52.515029] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.523858] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 52.533126] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.541869] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.549406] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.557853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.565387] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.576389] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 52.586415] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 52.593167] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.602202] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 52.609120] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 52.617976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.627362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.635400] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.642568] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.650182] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.658512] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.667935] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 52.676727] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 52.683467] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.692559] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 52.704223] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 52.712043] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.720012] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.729140] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.735579] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.742658] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.751921] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.760486] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.767290] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.774850] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.782030] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.790843] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 52.798641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.807794] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.816419] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.824417] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.835722] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 52.843437] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.850908] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 52.859889] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 52.868977] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 52.879784] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 52.887654] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.896411] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.904773] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.913411] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.921649] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.929474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.938806] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.947038] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.953766] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.961701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.970477] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.979129] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.985835] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.994369] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 53.004318] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 53.014060] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 53.025278] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 53.032150] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 53.042715] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 53.051788] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 53.061219] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.069345] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.076615] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.084364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 53.092375] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 53.100219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 53.110507] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 53.121068] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 53.129316] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 53.139730] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 53.148763] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.156892] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 53.165615] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 53.174150] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 53.182745] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 53.191482] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.199712] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.206575] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.214532] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 53.224994] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 53.236094] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 53.251243] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 53.259848] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 53.273273] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 53.281186] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 53.293500] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.301951] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.308849] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.316816] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 53.325194] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 53.334524] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.342678] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.349871] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.357373] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 53.367666] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 53.378712] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 53.389607] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 53.399309] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 53.411880] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 53.421809] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 53.434923] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 53.443039] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 53.452786] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 53.461094] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 53.469290] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 53.477325] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 53.487050] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 53.495669] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 53.504318] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 53.512029] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 53.521329] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 53.536299] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 53.544688] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 53.555526] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 53.564959] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 53.573357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 53.581753] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 53.589990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 53.598823] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 53.607411] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 53.614901] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 53.624094] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 53.633524] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 53.644936] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 53.658538] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 53.666834] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 53.675528] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 53.683559] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 53.692314] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.700808] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.707523] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.714867] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 53.724310] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 53.732529] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 53.740742] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 53.750416] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 53.759110] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 53.769494] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 53.777898] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 53.786486] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 53.795408] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 53.803711] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 53.812695] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 53.820894] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 53.828642] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 53.836869] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 53.845035] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 53.855100] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 53.861799] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 53.871214] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 53.879609] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 53.891324] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 53.897442] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 53.906151] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 53.917342] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 53.924862] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 53.935131] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 53.942920] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 53.950591] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 53.958131] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 53.966655] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 53.975969] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 53.989721] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 53.996224] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 54.003394] audit: type=1400 audit(1576288866.731:40): avc: denied { associate } for pid=6984 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 54.044522] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 54.054721] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 54.062606] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 54.072917] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 54.082961] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 54.100205] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 54.106555] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 54.118846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 54.126858] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 54.134665] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 54.142443] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.150392] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 54.162566] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.174886] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 54.190697] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 54.208699] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 54.221515] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 54.239350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 54.252404] ------------[ cut here ]------------ [ 54.257804] ODEBUG: free active (active state 0) object type: timer_list hint: rfcomm_dlc_timeout+0x0/0x50 [ 54.268010] WARNING: CPU: 1 PID: 7012 at lib/debugobjects.c:328 debug_print_object+0x168/0x210 [ 54.277060] Kernel panic - not syncing: panic_on_warn set ... [ 54.277060] [ 54.284438] CPU: 1 PID: 7012 Comm: syz-executor.2 Not tainted 4.19.89-syzkaller #0 [ 54.292124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.301578] Call Trace: [ 54.304302] dump_stack+0x123/0x177 [ 54.307993] ? debug_print_object+0x168/0x210 [ 54.312484] panic+0x1cd/0x375 [ 54.315668] ? __warn_printk+0xd6/0xd6 [ 54.319560] __warn.cold.8+0x1b/0x3e [ 54.323284] ? debug_print_object+0x168/0x210 [ 54.331114] report_bug+0x1a4/0x200 [ 54.334732] do_error_trap+0x200/0x350 [ 54.338622] ? math_error+0x340/0x340 [ 54.342601] ? irq_work_queue+0xd/0x50 [ 54.346498] ? wake_up_klogd+0x71/0xa0 [ 54.350378] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 54.355267] ? trace_hardirqs_off_caller+0x49/0x180 [ 54.360401] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 54.365243] do_invalid_op+0x1b/0x20 [ 54.368975] invalid_op+0x14/0x20 [ 54.372556] RIP: 0010:debug_print_object+0x168/0x210 [ 54.377648] Code: ff 86 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 92 00 00 00 48 8b 14 dd 40 22 ff 86 4c 89 fe 48 c7 c7 80 17 ff 86 e8 6b 62 48 fe <0f> 0b 83 05 1b 89 c2 05 01 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f [ 54.396560] RSP: 0018:ffff888096e4f868 EFLAGS: 00010086 [ 54.402011] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 54.409437] RDX: 0000000000000004 RSI: 0000000000000008 RDI: ffffffff89a7e6e0 [ 54.416700] RBP: ffff888096e4f8a8 R08: ffffed1015d63ee3 R09: ffffed1015d63ee2 [ 54.424144] R10: ffffed1015d63ee2 R11: ffff8880aeb1f717 R12: 0000000000000001 [ 54.431638] R13: ffffffff87fa51c0 R14: ffffffff8152e460 R15: ffffffff86ff1e60 [ 54.440572] ? __internal_add_timer+0x1e0/0x1e0 [ 54.446225] ? debug_print_object+0x168/0x210 [ 54.450739] debug_check_no_obj_freed+0x264/0x472 [ 54.455851] kfree+0xbd/0x220 [ 54.458972] rfcomm_dlc_free+0x19/0x20 [ 54.463067] rfcomm_dev_ioctl+0x1435/0x18b0 [ 54.467599] ? __local_bh_enable_ip+0x160/0x260 [ 54.472441] ? lock_sock_nested+0xc5/0x100 [ 54.477113] ? lockdep_hardirqs_on+0x421/0x5c0 [ 54.481962] ? __local_bh_enable_ip+0x160/0x260 [ 54.487387] ? lock_sock_nested+0x82/0x100 [ 54.491739] ? rfcomm_dev_state_change+0x110/0x110 [ 54.496740] ? __local_bh_enable_ip+0x160/0x260 [ 54.501556] rfcomm_sock_ioctl+0x71/0xa0 [ 54.505602] sock_do_ioctl+0xd9/0x230 [ 54.509542] ? compat_ifr_data_ioctl+0x100/0x100 [ 54.514335] ? avc_has_extended_perms+0x4e2/0x1170 [ 54.519374] ? __lock_acquire+0x792/0x4980 [ 54.523605] ? avc_ss_reset+0x130/0x130 [ 54.527570] sock_ioctl+0x281/0x500 [ 54.531208] ? dlci_ioctl_set+0x30/0x30 [ 54.535177] do_vfs_ioctl+0x196/0x10c0 [ 54.539060] ? ioctl_preallocate+0x1c0/0x1c0 [ 54.543762] ? selinux_file_mprotect+0x5f0/0x5f0 [ 54.548662] ? ksys_dup3+0x2e0/0x2e0 [ 54.552631] ? put_timespec64+0xa9/0x100 [ 54.556795] ? nsecs_to_jiffies+0x20/0x20 [ 54.560951] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 54.566886] ? security_file_ioctl+0x4a/0x90 [ 54.571294] ? __fget_light+0x174/0x1e0 [ 54.575367] ksys_ioctl+0x62/0x90 [ 54.578809] ? lockdep_hardirqs_on+0x421/0x5c0 [ 54.583382] __x64_sys_ioctl+0x6e/0xb0 [ 54.587273] do_syscall_64+0xd0/0x4e0 [ 54.591148] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.596335] RIP: 0033:0x459f49 [ 54.599511] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 54.618969] RSP: 002b:00007f0000913c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 54.627328] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f49 [ 54.634619] RDX: 0000000020000100 RSI: 00000000400452c8 RDI: 0000000000000005 [ 54.641871] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 54.649137] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f00009146d4 [ 54.656399] R13: 00000000004c288e R14: 00000000004d6538 R15: 00000000ffffffff [ 54.663765] [ 54.663766] ====================================================== [ 54.663767] WARNING: possible circular locking dependency detected [ 54.663767] 4.19.89-syzkaller #0 Not tainted [ 54.663768] ------------------------------------------------------ [ 54.663769] syz-executor.2/7012 is trying to acquire lock: [ 54.663770] 00000000d0ad4b90 ((console_sem).lock){-.-.}, at: down_trylock+0x13/0x70 [ 54.663773] [ 54.663774] but task is already holding lock: [ 54.663774] 00000000609cc704 (&obj_hash[i].lock){-.-.}, at: debug_check_no_obj_freed+0xad/0x472 [ 54.663777] [ 54.663778] which lock already depends on the new lock. [ 54.663778] [ 54.663779] [ 54.663780] the existing dependency chain (in reverse order) is: [ 54.663780] [ 54.663781] -> #5 (&obj_hash[i].lock){-.-.}: [ 54.663783] _raw_spin_lock_irqsave+0x99/0xd0 [ 54.663784] debug_object_activate+0x11c/0x4e0 [ 54.663785] enqueue_hrtimer+0x26/0x2f0 [ 54.663786] hrtimer_start_range_ns+0x4b8/0xa50 [ 54.663786] schedule_hrtimeout_range_clock+0x140/0x310 [ 54.663787] schedule_hrtimeout+0x12/0x20 [ 54.663788] wait_task_inactive+0x47c/0x570 [ 54.663788] __kthread_bind_mask+0x19/0x90 [ 54.663789] kthread_bind_mask+0xe/0x10 [ 54.663790] init_rescuer.part.25+0xde/0x160 [ 54.663791] workqueue_init+0x386/0x5c1 [ 54.663791] kernel_init_freeable+0x285/0x505 [ 54.663792] kernel_init+0xc/0x10e [ 54.663793] ret_from_fork+0x24/0x30 [ 54.663793] [ 54.663794] -> #4 (hrtimer_bases.lock){-.-.}: [ 54.663796] _raw_spin_lock_irqsave+0x99/0xd0 [ 54.663797] lock_hrtimer_base.isra.17+0x6b/0x140 [ 54.663798] hrtimer_start_range_ns+0xd4/0xa50 [ 54.663798] enqueue_task_rt+0x9af/0xe00 [ 54.663799] __sched_setscheduler+0xd92/0x1f50 [ 54.663800] _sched_setscheduler+0x102/0x1b0 [ 54.663800] sched_setscheduler+0xe/0x10 [ 54.663801] watchdog_dev_init+0xbe/0x15f [ 54.663802] watchdog_init+0x12/0x13b [ 54.663802] do_one_initcall+0xbc/0x518 [ 54.663803] kernel_init_freeable+0x461/0x505 [ 54.663804] kernel_init+0xc/0x10e [ 54.663804] ret_from_fork+0x24/0x30 [ 54.663805] [ 54.663805] -> #3 (&rt_b->rt_runtime_lock){-...}: [ 54.663808] _raw_spin_lock+0x2d/0x40 [ 54.663808] rq_online_rt+0xb7/0x390 [ 54.663809] set_rq_online.part.77+0xe1/0x140 [ 54.663810] sched_cpu_activate+0x17b/0x270 [ 54.663811] cpuhp_invoke_callback+0x188/0x1360 [ 54.663811] cpuhp_thread_fun+0x39b/0x6f0 [ 54.663812] smpboot_thread_fn+0x55f/0x8a0 [ 54.663813] kthread+0x324/0x3e0 [ 54.663813] ret_from_fork+0x24/0x30 [ 54.663814] [ 54.663814] -> #2 (&rq->lock){-.-.}: [ 54.663817] _raw_spin_lock+0x2d/0x40 [ 54.663817] task_fork_fair+0x65/0x4b0 [ 54.663818] sched_fork+0x3ad/0x8b0 [ 54.663819] copy_process.part.35+0x1aab/0x7330 [ 54.663819] _do_fork+0x15d/0xba0 [ 54.663820] kernel_thread+0x24/0x30 [ 54.663821] rest_init+0x1d/0x199 [ 54.663821] start_kernel+0x70d/0x746 [ 54.663822] x86_64_start_reservations+0x29/0x2b [ 54.663823] x86_64_start_kernel+0x76/0x79 [ 54.663823] secondary_startup_64+0xa4/0xb0 [ 54.663824] [ 54.663824] -> #1 (&p->pi_lock){-.-.}: [ 54.663827] _raw_spin_lock_irqsave+0x99/0xd0 [ 54.663828] try_to_wake_up+0x8a/0xf20 [ 54.663828] wake_up_process+0x10/0x20 [ 54.663829] __up.isra.1+0x136/0x1a0 [ 54.663830] up+0x95/0xe0 [ 54.663830] __up_console_sem+0xa0/0x150 [ 54.663831] console_unlock+0x54f/0xde0 [ 54.663832] vprintk_emit+0x191/0x540 [ 54.663832] vprintk_default+0x1a/0x20 [ 54.663833] vprintk_func+0x49/0x12c [ 54.663834] printk+0x9a/0xc0 [ 54.663834] kobject_uevent_env+0xc5/0xcf3 [ 54.663835] reg_query_database+0x1d0/0x2a0 [ 54.663836] reg_todo+0xcdb/0x1400 [ 54.663836] process_one_work+0x830/0x1670 [ 54.663837] worker_thread+0x85/0xb60 [ 54.663838] kthread+0x324/0x3e0 [ 54.663838] ret_from_fork+0x24/0x30 [ 54.663839] [ 54.663839] -> #0 ((console_sem).lock){-.-.}: [ 54.663842] lock_acquire+0x173/0x3d0 [ 54.663842] _raw_spin_lock_irqsave+0x99/0xd0 [ 54.663843] down_trylock+0x13/0x70 [ 54.663844] __down_trylock_console_sem+0x93/0x190 [ 54.663844] console_trylock+0x11/0x50 [ 54.663845] vprintk_emit+0x184/0x540 [ 54.663846] vprintk_default+0x1a/0x20 [ 54.663846] vprintk_func+0x49/0x12c [ 54.663847] printk+0x9a/0xc0 [ 54.663848] __warn_printk+0x86/0xd6 [ 54.663848] debug_print_object+0x168/0x210 [ 54.663849] debug_check_no_obj_freed+0x264/0x472 [ 54.663850] kfree+0xbd/0x220 [ 54.663850] rfcomm_dlc_free+0x19/0x20 [ 54.663851] rfcomm_dev_ioctl+0x1435/0x18b0 [ 54.663852] rfcomm_sock_ioctl+0x71/0xa0 [ 54.663852] sock_do_ioctl+0xd9/0x230 [ 54.663853] sock_ioctl+0x281/0x500 [ 54.663854] do_vfs_ioctl+0x196/0x10c0 [ 54.663854] ksys_ioctl+0x62/0x90 [ 54.663855] __x64_sys_ioctl+0x6e/0xb0 [ 54.663856] do_syscall_64+0xd0/0x4e0 [ 54.663856] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.663857] [ 54.663858] other info that might help us debug this: [ 54.663858] [ 54.663859] Chain exists of: [ 54.663859] (console_sem).lock --> hrtimer_bases.lock --> &obj_hash[i].lock [ 54.663863] [ 54.663863] Possible unsafe locking scenario: [ 54.663864] [ 54.663865] CPU0 CPU1 [ 54.663865] ---- ---- [ 54.663866] lock(&obj_hash[i].lock); [ 54.663867] lock(hrtimer_bases.lock); [ 54.663869] lock(&obj_hash[i].lock); [ 54.663871] lock((console_sem).lock); [ 54.663872] [ 54.663873] *** DEADLOCK *** [ 54.663873] [ 54.663874] 3 locks held by syz-executor.2/7012: [ 54.663874] #0: 00000000c2f02bb8 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}, at: rfcomm_sock_ioctl+0x63/0xa0 [ 54.663877] #1: 00000000646693ef (rfcomm_ioctl_mutex){+.+.}, at: rfcomm_dev_ioctl+0x2bb/0x18b0 [ 54.663880] #2: 00000000609cc704 (&obj_hash[i].lock){-.-.}, at: debug_check_no_obj_freed+0xad/0x472 [ 54.663883] [ 54.663884] stack backtrace: [ 54.663885] CPU: 1 PID: 7012 Comm: syz-executor.2 Not tainted 4.19.89-syzkaller #0 [ 54.663886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.663886] Call Trace: [ 54.663887] dump_stack+0x123/0x177 [ 54.663888] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 54.663888] ? save_trace+0xe0/0x290 [ 54.663889] __lock_acquire+0x30df/0x4980 [ 54.663890] ? mark_held_locks+0x130/0x130 [ 54.663890] ? enable_ptr_key_workfn+0x30/0x30 [ 54.663891] ? is_bpf_text_address+0x60/0xe0 [ 54.663892] ? kvm_clock_read+0x18/0x30 [ 54.663892] ? kvm_sched_clock_read+0x9/0x20 [ 54.663893] lock_acquire+0x173/0x3d0 [ 54.663894] ? down_trylock+0x13/0x70 [ 54.663894] ? vprintk_emit+0x184/0x540 [ 54.663895] ? vprintk_emit+0x184/0x540 [ 54.663896] _raw_spin_lock_irqsave+0x99/0xd0 [ 54.663896] ? down_trylock+0x13/0x70 [ 54.663897] down_trylock+0x13/0x70 [ 54.663898] ? vprintk_emit+0x184/0x540 [ 54.663899] __down_trylock_console_sem+0x93/0x190 [ 54.663899] console_trylock+0x11/0x50 [ 54.663900] vprintk_emit+0x184/0x540 [ 54.663901] ? __internal_add_timer+0x1e0/0x1e0 [ 54.663901] vprintk_default+0x1a/0x20 [ 54.663902] vprintk_func+0x49/0x12c [ 54.663902] printk+0x9a/0xc0 [ 54.663903] ? kmsg_dump_rewind_nolock+0xdf/0xdf [ 54.663904] ? rfcomm_session_add+0x2b0/0x2b0 [ 54.663904] __warn_printk+0x86/0xd6 [ 54.663905] ? add_taint.cold.5+0x11/0x11 [ 54.663906] ? rfcomm_session_add+0x2b0/0x2b0 [ 54.663906] debug_print_object+0x168/0x210 [ 54.663907] debug_check_no_obj_freed+0x264/0x472 [ 54.663908] kfree+0xbd/0x220 [ 54.663908] rfcomm_dlc_free+0x19/0x20 [ 54.663909] rfcomm_dev_ioctl+0x1435/0x18b0 [ 54.663910] ? __local_bh_enable_ip+0x160/0x260 [ 54.663910] ? lock_sock_nested+0xc5/0x100 [ 54.663911] ? lockdep_hardirqs_on+0x421/0x5c0 [ 54.663912] ? __local_bh_enable_ip+0x160/0x260 [ 54.663913] ? lock_sock_nested+0x82/0x100 [ 54.663913] ? rfcomm_dev_state_change+0x110/0x110 [ 54.663914] ? __local_bh_enable_ip+0x160/0x260 [ 54.663915] rfcomm_sock_ioctl+0x71/0xa0 [ 54.663915] sock_do_ioctl+0xd9/0x230 [ 54.663916] ? compat_ifr_data_ioctl+0x100/0x100 [ 54.663917] ? avc_has_extended_perms+0x4e2/0x1170 [ 54.663917] ? __lock_acquire+0x792/0x4980 [ 54.663918] ? avc_ss_reset+0x130/0x130 [ 54.663919] sock_ioctl+0x281/0x500 [ 54.663919] ? dlci_ioctl_set+0x30/0x30 [ 54.663920] do_vfs_ioctl+0x196/0x10c0 [ 54.663921] ? ioctl_preallocate+0x1c0/0x1c0 [ 54.663921] ? selinux_file_mprotect+0x5f0/0x5f0 [ 54.663922] ? ksys_dup3+0x2e0/0x2e0 [ 54.663923] ? put_timespec64+0xa9/0x100 [ 54.663923] ? nsecs_to_jiffies+0x20/0x20 [ 54.663924] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 54.663925] ? security_file_ioctl+0x4a/0x90 [ 54.663926] ? __fget_light+0x174/0x1e0 [ 54.663926] ksys_ioctl+0x62/0x90 [ 54.663927] ? lockdep_hardirqs_on+0x421/0x5c0 [ 54.663928] __x64_sys_ioctl+0x6e/0xb0 [ 54.663928] do_syscall_64+0xd0/0x4e0 [ 54.663929] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.663930] RIP: 0033:0x459f49 [ 54.663931] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 54.663932] RSP: 002b:00007f0000913c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 54.663934] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f49 [ 54.663935] RDX: 0000000020000100 RSI: 00000000400452c8 RDI: 0000000000000005 [ 54.663935] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 54.663936] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f00009146d4 [ 54.663937] R13: 00000000004c288e R14: 00000000004d6538 R15: 00000000ffffffff [ 54.664789] Kernel Offset: disabled [ 55.645086] Rebooting in 86400 seconds..