syzkaller login: [ 124.873949][ T45] kauditd_printk_skb: 6 callbacks suppressed [ 124.873960][ T45] audit: type=1400 audit(1605040879.534:41): avc: denied { map } for pid=9663 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '[localhost]:5161' (ECDSA) to the list of known hosts. [ 129.897735][ T45] audit: type=1400 audit(1605040884.564:42): avc: denied { map } for pid=9677 comm="syz-fuzzer" path="/syz-fuzzer" dev="sda1" ino=16526 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 2020/11/10 20:41:24 fuzzer started 2020/11/10 20:41:25 connecting to host at 10.0.2.10:37319 2020/11/10 20:41:25 checking machine... 2020/11/10 20:41:25 checking revisions... 2020/11/10 20:41:25 testing simple program... [ 130.408841][ T45] audit: type=1400 audit(1605040885.074:43): avc: denied { integrity } for pid=9677 comm="syz-fuzzer" lockdown_reason="debugfs access" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1 [ 130.447200][ T45] audit: type=1400 audit(1605040885.084:44): avc: denied { map } for pid=9677 comm="syz-fuzzer" path="/sys/kernel/debug/kcov" dev="debugfs" ino=23 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 131.891428][ T9697] IPVS: ftp: loaded support on port[0] = 21 [ 131.999975][ T9697] chnl_net:caif_netlink_parms(): no params data found [ 132.250610][ T9697] bridge0: port 1(bridge_slave_0) entered blocking state [ 132.266650][ T9697] bridge0: port 1(bridge_slave_0) entered disabled state [ 132.285137][ T9697] device bridge_slave_0 entered promiscuous mode [ 132.302376][ T9697] bridge0: port 2(bridge_slave_1) entered blocking state [ 132.320814][ T9697] bridge0: port 2(bridge_slave_1) entered disabled state [ 132.335721][ T9697] device bridge_slave_1 entered promiscuous mode [ 132.372940][ T9697] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 132.396531][ T9697] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 132.432480][ T9697] team0: Port device team_slave_0 added [ 132.452167][ T9697] team0: Port device team_slave_1 added [ 132.484331][ T9697] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 132.499571][ T9697] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 132.550572][ T9697] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 132.571489][ T9697] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 132.585474][ T9697] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 132.629746][ T9697] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 132.667892][ T9697] device hsr_slave_0 entered promiscuous mode [ 132.681438][ T9697] device hsr_slave_1 entered promiscuous mode [ 132.816360][ T45] audit: type=1400 audit(1605040887.484:45): avc: denied { create } for pid=9697 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 132.819053][ T9697] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 132.865584][ T45] audit: type=1400 audit(1605040887.484:46): avc: denied { write } for pid=9697 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 132.865613][ T45] audit: type=1400 audit(1605040887.484:47): avc: denied { read } for pid=9697 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 133.001043][ T9697] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 133.018421][ T9697] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 133.048394][ T9697] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 133.126491][ T9697] 8021q: adding VLAN 0 to HW filter on device bond0 [ 133.144700][ T68] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 133.158679][ T68] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 133.182240][ T9697] 8021q: adding VLAN 0 to HW filter on device team0 [ 133.204832][ T3869] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 133.314044][ T3869] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 133.333418][ T3869] bridge0: port 1(bridge_slave_0) entered blocking state [ 133.350573][ T3869] bridge0: port 1(bridge_slave_0) entered forwarding state executing program [ 133.405965][ T3869] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 133.438504][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 133.472778][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 133.489946][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 133.502155][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 133.517168][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 133.543811][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 133.568921][ T3869] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 133.583242][ T3869] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 133.597567][ T3869] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 133.612614][ T3869] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 133.627016][ T3869] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 133.643551][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 133.658561][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 133.678220][ T9697] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 133.701339][ T9697] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 133.716739][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 133.733942][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 133.772660][ T68] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 133.786742][ T68] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 133.815887][ T9697] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 133.842810][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 133.856428][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 133.888381][ T9697] device veth0_vlan entered promiscuous mode [ 133.898817][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 133.906405][ T68] Bluetooth: hci0: command 0x0409 tx timeout [ 133.914486][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 133.944442][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 133.956789][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 133.984100][ T9697] device veth1_vlan entered promiscuous mode [ 134.026239][ T9697] device veth0_macvtap entered promiscuous mode [ 134.054766][ T1711] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 134.080891][ T1711] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 134.104472][ T1711] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 134.122876][ T1711] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 134.137034][ T1711] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 134.163693][ T9697] device veth1_macvtap entered promiscuous mode [ 134.202744][ T9697] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 134.217434][ T68] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 134.247587][ T68] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 134.282233][ T9697] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 134.307829][ T1711] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 134.324376][ T1711] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 134.348488][ T9697] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.364236][ T9697] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.377954][ T9697] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.395426][ T9697] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.495044][ T9705] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 134.518760][ T9705] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 134.543113][ T9706] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 134.559508][ T2960] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 134.579947][ T2960] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 134.598520][ T9706] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 134.615521][ T45] audit: type=1400 audit(1605040889.274:48): avc: denied { associate } for pid=9697 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 134.685148][ T9705] BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1962 [ 134.706229][ T9705] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 9705, name: kworker/u16:2 [ 134.725782][ T9705] 4 locks held by kworker/u16:2/9705: [ 134.736353][ T9705] #0: ffff88801fc6c938 ((wq_completion)phy3){+.+.}-{0:0}, at: process_one_work+0x821/0x15a0 [ 134.764109][ T9705] #1: ffffc900017e7da8 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x15a0 [ 134.792952][ T9705] #2: ffff88802c020d00 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0x93/0xe80 [ 134.817640][ T9705] #3: ffffffff8b337060 (rcu_read_lock){....}-{1:2}, at: sta_info_insert_rcu+0x680/0x2ba0 [ 134.836540][ T9705] Preemption disabled at: [ 134.836694][ T9705] [] __mutex_lock+0x10f/0x10e0 [ 134.856895][ T9705] CPU: 3 PID: 9705 Comm: kworker/u16:2 Not tainted 5.10.0-rc3-syzkaller #0 [ 134.866784][ T9705] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 134.866784][ T9705] Workqueue: phy3 ieee80211_iface_work [ 134.866784][ T9705] Call Trace: [ 134.866784][ T9705] dump_stack+0x107/0x163 [ 134.866784][ T9705] ? __mutex_lock+0x10f/0x10e0 [ 134.866784][ T9705] ___might_sleep.cold+0x1e8/0x22e [ 134.866784][ T9705] sta_info_move_state+0x32/0x8d0 [ 134.866784][ T9705] sta_info_free+0x65/0x3b0 [ 134.866784][ T9705] sta_info_insert_rcu+0x303/0x2ba0 [ 134.866784][ T9705] ? find_held_lock+0x2d/0x110 [ 134.866784][ T9705] ? rate_control_rate_init+0x32c/0x6a0 [ 134.866784][ T9705] ? sta_info_free+0x3b0/0x3b0 [ 134.866784][ T9705] ? __local_bh_enable_ip+0x9c/0x110 [ 134.866784][ T9705] ? rate_control_rate_init+0x35f/0x6a0 [ 134.866784][ T9705] ieee80211_ibss_finish_sta+0x212/0x390 [ 134.866784][ T9705] ? ieee80211_ibss_build_presp+0x15f0/0x15f0 [ 134.866784][ T9705] ? __local_bh_enable_ip+0x9c/0x110 [ 134.866784][ T9705] ieee80211_ibss_work+0x2c7/0xe80 [ 134.866784][ T9705] ? ieee80211_ibss_rx_queued_mgmt+0x1870/0x1870 [ 134.866784][ T9705] ? mark_held_locks+0x9f/0xe0 [ 134.866784][ T9705] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 134.866784][ T9705] ? lockdep_hardirqs_on+0x79/0x100 [ 134.866784][ T9705] ? _raw_spin_unlock_irqrestore+0x2f/0x50 [ 135.135420][ T9705] ieee80211_iface_work+0x82e/0x970 [ 135.135420][ T9705] process_one_work+0x933/0x15a0 [ 135.146349][ T9705] ? lock_release+0x710/0x710 [ 135.155438][ T9705] ? pwq_dec_nr_in_flight+0x320/0x320 [ 135.166206][ T9705] ? rwlock_bug.part.0+0x90/0x90 [ 135.175772][ T9705] ? _raw_spin_lock_irq+0x41/0x50 [ 135.175772][ T9705] worker_thread+0x64c/0x1120 [ 135.186624][ T9705] ? __kthread_parkme+0x13f/0x1e0 [ 135.195396][ T9705] ? process_one_work+0x15a0/0x15a0 [ 135.205435][ T9705] kthread+0x3af/0x4a0 [ 135.205435][ T9705] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 135.216174][ T9705] ret_from_fork+0x1f/0x30 [ 135.229615][ T9705] [ 135.235261][ T9705] ============================= [ 135.238800][ T9705] [ BUG: Invalid wait context ] [ 135.238800][ T9705] 5.10.0-rc3-syzkaller #0 Tainted: G W [ 135.238800][ T9705] ----------------------------- [ 135.238800][ T9705] kworker/u16:2/9705 is trying to lock: [ 135.238800][ T9705] ffff88802bfe29d0 (&local->chanctx_mtx){+.+.}-{3:3}, at: ieee80211_recalc_min_chandef+0x49/0x140 [ 135.238800][ T9705] other info that might help us debug this: [ 135.238800][ T9705] context-{4:4} [ 135.238800][ T9705] 4 locks held by kworker/u16:2/9705: [ 135.238800][ T9705] #0: ffff88801fc6c938 ((wq_completion)phy3){+.+.}-{0:0}, at: process_one_work+0x821/0x15a0 [ 135.238800][ T9705] #1: ffffc900017e7da8 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x15a0 [ 135.238800][ T9705] #2: ffff88802c020d00 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0x93/0xe80 [ 135.238800][ T9705] #3: ffffffff8b337060 (rcu_read_lock){....}-{1:2}, at: sta_info_insert_rcu+0x680/0x2ba0 [ 135.238800][ T9705] stack backtrace: [ 135.238800][ T9705] CPU: 0 PID: 9705 Comm: kworker/u16:2 Tainted: G W 5.10.0-rc3-syzkaller #0 [ 135.238800][ T9705] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 135.238800][ T9705] Workqueue: phy3 ieee80211_iface_work [ 135.238800][ T9705] Call Trace: [ 135.238800][ T9705] dump_stack+0x107/0x163 [ 135.238800][ T9705] __lock_acquire.cold+0x310/0x3a2 [ 135.238800][ T9705] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 135.238800][ T9705] ? find_held_lock+0x2d/0x110 [ 135.238800][ T9705] lock_acquire+0x2a3/0x8c0 [ 135.238800][ T9705] ? ieee80211_recalc_min_chandef+0x49/0x140 [ 135.238800][ T9705] ? lock_release+0x710/0x710 [ 135.238800][ T9705] __mutex_lock+0x134/0x10e0 [ 135.238800][ T9705] ? ieee80211_recalc_min_chandef+0x49/0x140 [ 135.238800][ T9705] ? ieee80211_recalc_min_chandef+0x49/0x140 [ 135.238800][ T9705] ? mutex_lock_io_nested+0xf60/0xf60 [ 135.238800][ T9705] ? ieee80211_clear_fast_rx+0x58/0x80 [ 135.238800][ T9705] ? mark_held_locks+0x9f/0xe0 [ 135.238800][ T9705] ieee80211_recalc_min_chandef+0x49/0x140 [ 135.238800][ T9705] sta_info_move_state+0x3cf/0x8d0 [ 135.238800][ T9705] sta_info_free+0x65/0x3b0 [ 135.238800][ T9705] sta_info_insert_rcu+0x303/0x2ba0 [ 135.238800][ T9705] ? find_held_lock+0x2d/0x110 [ 135.238800][ T9705] ? rate_control_rate_init+0x32c/0x6a0 [ 135.238800][ T9705] ? sta_info_free+0x3b0/0x3b0 [ 135.238800][ T9705] ? __local_bh_enable_ip+0x9c/0x110 [ 135.238800][ T9705] ? rate_control_rate_init+0x35f/0x6a0 [ 135.238800][ T9705] ieee80211_ibss_finish_sta+0x212/0x390 [ 135.238800][ T9705] ? ieee80211_ibss_build_presp+0x15f0/0x15f0 [ 135.238800][ T9705] ? __local_bh_enable_ip+0x9c/0x110 [ 135.238800][ T9705] ieee80211_ibss_work+0x2c7/0xe80 [ 135.238800][ T9705] ? ieee80211_ibss_rx_queued_mgmt+0x1870/0x1870 [ 135.238800][ T9705] ? mark_held_locks+0x9f/0xe0 [ 135.238800][ T9705] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 135.238800][ T9705] ? lockdep_hardirqs_on+0x79/0x100 [ 135.238800][ T9705] ? _raw_spin_unlock_irqrestore+0x2f/0x50 [ 135.238800][ T9705] ieee80211_iface_work+0x82e/0x970 [ 135.238800][ T9705] process_one_work+0x933/0x15a0 [ 135.238800][ T9705] ? lock_release+0x710/0x710 [ 135.238800][ T9705] ? pwq_dec_nr_in_flight+0x320/0x320 [ 135.238800][ T9705] ? rwlock_bug.part.0+0x90/0x90 [ 135.238800][ T9705] ? _raw_spin_lock_irq+0x41/0x50 [ 135.238800][ T9705] worker_thread+0x64c/0x1120 [ 135.238800][ T9705] ? __kthread_parkme+0x13f/0x1e0 [ 135.238800][ T9705] ? process_one_work+0x15a0/0x15a0 [ 135.905452][ T9705] kthread+0x3af/0x4a0 [ 135.905452][ T9705] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 135.905452][ T9705] ret_from_fork+0x1f/0x30 [ 135.937679][ T9705] BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1962 [ 135.954586][ T9705] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 9705, name: kworker/u16:2 [ 135.974676][ T9705] INFO: lockdep is turned off. [ 135.984859][ T9705] Preemption disabled at: [ 135.984875][ T9705] [] preempt_schedule_thunk+0x16/0x18 [ 135.987331][ T68] Bluetooth: hci0: command 0x041b tx timeout [ 135.998047][ T9705] CPU: 0 PID: 9705 Comm: kworker/u16:2 Tainted: G W 5.10.0-rc3-syzkaller #0 [ 136.007941][ T9705] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 136.007941][ T9705] Workqueue: phy3 ieee80211_iface_work [ 136.007941][ T9705] Call Trace: [ 136.007941][ T9705] dump_stack+0x107/0x163 [ 136.007941][ T9705] ? preempt_schedule_thunk+0x16/0x18 [ 136.007941][ T9705] ___might_sleep.cold+0x1e8/0x22e [ 136.007941][ T9705] sta_info_move_state+0x32/0x8d0 [ 136.007941][ T9705] sta_info_free+0x65/0x3b0 [ 136.007941][ T9705] sta_info_insert_rcu+0x303/0x2ba0 [ 136.007941][ T9705] ? find_held_lock+0x2d/0x110 [ 136.007941][ T9705] ? rate_control_rate_init+0x32c/0x6a0 [ 136.007941][ T9705] ? sta_info_free+0x3b0/0x3b0 [ 136.007941][ T9705] ? __local_bh_enable_ip+0x9c/0x110 [ 136.007941][ T9705] ? rate_control_rate_init+0x35f/0x6a0 [ 136.007941][ T9705] ieee80211_ibss_finish_sta+0x212/0x390 [ 136.007941][ T9705] ? ieee80211_ibss_build_presp+0x15f0/0x15f0 [ 136.007941][ T9705] ? __local_bh_enable_ip+0x9c/0x110 [ 136.007941][ T9705] ieee80211_ibss_work+0x2c7/0xe80 [ 136.007941][ T9705] ? ieee80211_ibss_rx_queued_mgmt+0x1870/0x1870 [ 136.007941][ T9705] ? mark_held_locks+0x9f/0xe0 [ 136.007941][ T9705] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 136.007941][ T9705] ? lockdep_hardirqs_on+0x79/0x100 [ 136.007941][ T9705] ? _raw_spin_unlock_irqrestore+0x2f/0x50 [ 136.007941][ T9705] ieee80211_iface_work+0x82e/0x970 [ 136.007941][ T9705] process_one_work+0x933/0x15a0 [ 136.007941][ T9705] ? lock_release+0x710/0x710 [ 136.007941][ T9705] ? pwq_dec_nr_in_flight+0x320/0x320 [ 136.007941][ T9705] ? rwlock_bug.part.0+0x90/0x90 [ 136.007941][ T9705] ? _raw_spin_lock_irq+0x41/0x50 [ 136.007941][ T9705] worker_thread+0x64c/0x1120 [ 136.007941][ T9705] ? __kthread_parkme+0x13f/0x1e0 [ 136.007941][ T9705] ? process_one_work+0x15a0/0x15a0 [ 136.007941][ T9705] kthread+0x3af/0x4a0 [ 136.007941][ T9705] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 136.007941][ T9705] ret_from_fork+0x1f/0x30 [ 136.337532][ T9697] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation executing program 2020/11/10 20:41:31 building call list... [ 136.468288][ T9709] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 136.574722][ T9709] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 136.664504][ T9709] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 136.783295][ T9709] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.923475][ T9709] device hsr_slave_0 left promiscuous mode [ 137.933420][ T9709] device hsr_slave_1 left promiscuous mode [ 137.949147][ T9709] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 137.963737][ T9709] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 137.976074][ T9709] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 137.990637][ T9709] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 138.003827][ T9709] device bridge_slave_1 left promiscuous mode [ 138.015667][ T9709] bridge0: port 2(bridge_slave_1) entered disabled state [ 138.027644][ T9709] device bridge_slave_0 left promiscuous mode [ 138.036495][ T9709] bridge0: port 1(bridge_slave_0) entered disabled state [ 138.048859][ T9709] device veth1_macvtap left promiscuous mode [ 138.056750][ T9709] device veth0_macvtap left promiscuous mode [ 138.064340][ T9709] device veth1_vlan left promiscuous mode [ 138.072270][ T9709] device veth0_vlan left promiscuous mode [ 138.388044][ T9709] team0 (unregistering): Port device team_slave_1 removed [ 138.403598][ T9709] team0 (unregistering): Port device team_slave_0 removed [ 138.422866][ T9709] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 138.445103][ T9709] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 138.478769][ T9709] bond0 (unregistering): Released all slaves [ 138.558589][ T9692] can: request_module (can-proto-0) failed. [ 139.124525][ T9692] can: request_module (can-proto-0) failed. [ 139.138405][ T9692] can: request_module (can-proto-0) failed. executing program [ 139.397077][ T9692] base_sock_release(000000003d4fc7c1) sk=00000000c08c3688 [ 139.445606][ T45] audit: type=1400 audit(1605040894.114:49): avc: denied { create } for pid=9677 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 [ 139.496317][ T45] audit: type=1400 audit(1605040894.114:50): avc: denied { create } for pid=9677 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 139.558257][ T45] audit: type=1400 audit(1605040894.114:51): avc: denied { create } for pid=9677 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_rdma_socket permissive=1 VM DIAGNOSIS: 20:41:30 Registers: info registers vcpu 0 RAX=0000000000048983 RBX=ffffffff8b09af80 RCX=1ffffffff19d8ea9 RDX=0000000000000000 RSI=0000000000000001 RDI=0000000000000000 RBP=fffffbfff16135f0 RSP=ffffffff8b007e40 R8 =0000000000000001 R9 =0000000000000001 R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=0000000000000000 R14=ffffffff8cecaf08 R15=0000000000000000 RIP=ffffffff88e7b163 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802ca00000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000016932c0 CR3=0000000029ca4000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=0000000000000000ff000000000000ff XMM01=25252525252525252525252525252525 XMM02=000600007ffef443b83e00007ffef443 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=ffffffffffffffffffffffffffffffff XMM06=ffffffffffffffffffffffffffffffff XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000049e27 RBX=ffff888010ac4380 RCX=1ffffffff19d8ea9 RDX=0000000000000000 RSI=0000000000000001 RDI=0000000000000000 RBP=ffffed1002158870 RSP=ffffc9000041fdf8 R8 =0000000000000001 R9 =0000000000000001 R10=0000000000000000 R11=0000000000000000 R12=0000000000000001 R13=0000000000000001 R14=ffffffff8cecaf08 R15=0000000000000000 RIP=ffffffff88e7b163 RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802cb00000 ffffffff 00c00000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe000003e000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000003c000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f51bff97000 CR3=0000000029ca4000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=000000000000000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=ffffffffff000000ffffffff00000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=ffffffffffffffffffffffffffffffff XMM06=ffffffffffffffffffffffffffffffff XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 2 RAX=000000000003b2b1 RBX=ffff888010acc3c0 RCX=1ffffffff19d8ea9 RDX=0000000000000000 RSI=0000000000000001 RDI=0000000000000000 RBP=ffffed1002159878 RSP=ffffc9000042fdf8 R8 =0000000000000001 R9 =0000000000000001 R10=0000000000000000 R11=0000000000000000 R12=0000000000000002 R13=0000000000000002 R14=ffffffff8cecaf08 R15=0000000000000000 RIP=ffffffff88e7b163 RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802cc00000 ffffffff 00c00000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe0000079000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000077000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f51bff97000 CR3=00000000222e7000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=323639313a632e6f666e695f6174732f XMM01=00000000000000000000000000000000 XMM02=74656e20746120747865746e6f632064 XMM03=696c61766e69206d6f72662064656c6c XMM04=6163206e6f6974636e756620676e6970 XMM05=6e6f6974636e756620676e697065656c XMM06=6562616c6e753a725f7463656a626f3a XMM07=00000000000000002000000000000020 XMM08=ffffff0000000000ff000000000000ff XMM09=00000000000000000000000000000000 XMM10=ffffff00000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 3 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff840e586c RDI=ffffffff8faec8c0 RBP=ffffffff8faec880 RSP=ffffc900017e7420 R8 =0000000000000001 R9 =0000000000000003 R10=000000000000000a R11=0000000000000000 R12=0000000000000020 R13=fffffbfff1f5d963 R14=fffffbfff1f5d91a R15=dffffc0000000000 RIP=ffffffff840e58c0 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802cd00000 ffffffff 00c00000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe00000b4000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000b2000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f51bff97000 CR3=0000000029ca4000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=0000ffffff00ffff0000ff0000000000 XMM01=b844000000010000096c00306e616c77 XMM02=000600007ffef443b83e00007ffef443 XMM03=ff000000000000000000000000ff0000 XMM04=0000000000000000000000000000ff00 XMM05=ffffffffffffffffffffffffffffffff XMM06=ffffffffffffffffffffffffffffffff XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000