Warning: Permanently added '10.128.0.19' (ECDSA) to the list of known hosts. 2020/10/20 11:02:16 parsed 1 programs 2020/10/20 11:02:16 executed programs: 0 syzkaller login: [ 33.937289] audit: type=1400 audit(1603191736.455:8): avc: denied { execmem } for pid=6353 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 35.060974] IPVS: ftp: loaded support on port[0] = 21 [ 35.164758] chnl_net:caif_netlink_parms(): no params data found [ 35.232429] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.239428] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.246741] device bridge_slave_0 entered promiscuous mode [ 35.254686] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.261356] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.268956] device bridge_slave_1 entered promiscuous mode [ 35.285703] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 35.295057] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 35.313392] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 35.320737] team0: Port device team_slave_0 added [ 35.326417] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 35.333928] team0: Port device team_slave_1 added [ 35.348552] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 35.355027] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 35.380301] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 35.391826] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 35.398300] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 35.423922] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 35.434893] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 35.442809] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 35.460558] device hsr_slave_0 entered promiscuous mode [ 35.466211] device hsr_slave_1 entered promiscuous mode [ 35.472535] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 35.479846] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 35.550586] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.557319] bridge0: port 2(bridge_slave_1) entered forwarding state [ 35.564305] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.570743] bridge0: port 1(bridge_slave_0) entered forwarding state [ 35.598697] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 35.604920] 8021q: adding VLAN 0 to HW filter on device bond0 [ 35.614576] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 35.623775] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 35.633015] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.650458] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.662248] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 35.668674] 8021q: adding VLAN 0 to HW filter on device team0 [ 35.676877] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 35.685862] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.692280] bridge0: port 1(bridge_slave_0) entered forwarding state [ 35.702245] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 35.710266] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.716925] bridge0: port 2(bridge_slave_1) entered forwarding state [ 35.737365] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 35.747993] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 35.759162] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 35.766245] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 35.774912] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 35.783347] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 35.791732] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 35.800442] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 35.811003] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 35.824126] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 35.832088] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 35.839106] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 35.851188] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 35.905869] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 35.915897] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 35.942475] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 35.950505] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 35.957063] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 35.966617] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 35.974459] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 35.982443] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 35.991903] device veth0_vlan entered promiscuous mode [ 36.001950] device veth1_vlan entered promiscuous mode [ 36.008514] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 36.016912] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 36.028811] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 36.038444] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 36.045659] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 36.053338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 36.062572] device veth0_macvtap entered promiscuous mode [ 36.068820] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 36.076813] device veth1_macvtap entered promiscuous mode [ 36.085787] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 36.095289] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 36.105995] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 36.113144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 36.121772] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 36.132025] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 36.139018] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 36.157245] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 36.253466] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready [ 36.266233] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 36.278806] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 36.300300] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 36.309972] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready [ 36.318773] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 36.325912] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 36.333001] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 36.394204] [ 36.396095] ====================================================== [ 36.402402] WARNING: possible circular locking dependency detected [ 36.408702] 4.14.198-syzkaller #0 Not tainted [ 36.413172] ------------------------------------------------------ [ 36.419480] syz-executor.0/6620 is trying to acquire lock: [ 36.425078] (event_mutex){+.+.}, at: [] perf_trace_init+0x4f/0xa30 [ 36.433042] [ 36.433042] but task is already holding lock: [ 36.438987] (&cpuctx_mutex/1){+.+.}, at: [] perf_event_ctx_lock_nested+0x14d/0x2c0 [ 36.448349] [ 36.448349] which lock already depends on the new lock. [ 36.448349] [ 36.456643] [ 36.456643] the existing dependency chain (in reverse order) is: [ 36.464497] [ 36.464497] -> #5 (&cpuctx_mutex/1){+.+.}: [ 36.470286] __mutex_lock+0xc4/0x1310 [ 36.474585] SyS_perf_event_open+0xd28/0x24b0 [ 36.479592] do_syscall_64+0x1d5/0x640 [ 36.483975] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 36.489661] [ 36.489661] -> #4 (&cpuctx_mutex){+.+.}: [ 36.495204] __mutex_lock+0xc4/0x1310 [ 36.499519] perf_event_init_cpu+0xb7/0x170 [ 36.504351] perf_event_init+0x2cc/0x308 [ 36.508940] start_kernel+0x46a/0x770 [ 36.513238] secondary_startup_64+0xa5/0xb0 [ 36.518066] [ 36.518066] -> #3 (pmus_lock){+.+.}: [ 36.523455] __mutex_lock+0xc4/0x1310 [ 36.527799] perf_event_init_cpu+0x2c/0x170 [ 36.532723] cpuhp_invoke_callback+0x1e6/0x1a80 [ 36.537888] _cpu_up+0x219/0x500 [ 36.541754] do_cpu_up+0x9a/0x160 [ 36.545709] smp_init+0x197/0x1ac [ 36.549664] kernel_init_freeable+0x3f4/0x619 [ 36.554658] kernel_init+0xd/0x15b [ 36.558695] ret_from_fork+0x24/0x30 [ 36.562902] [ 36.562902] -> #2 (cpu_hotplug_lock.rw_sem){++++}: [ 36.569293] cpus_read_lock+0x39/0xc0 [ 36.573605] static_key_slow_inc+0xe/0x20 [ 36.578336] tracepoint_add_func+0x517/0x750 [ 36.583240] tracepoint_probe_register+0x8c/0xc0 [ 36.588492] trace_event_reg+0x272/0x330 [ 36.593050] perf_trace_init+0x424/0xa30 [ 36.597607] perf_tp_event_init+0x79/0xf0 [ 36.602254] perf_try_init_event+0x15b/0x1f0 [ 36.607158] perf_event_alloc.part.0+0xe2d/0x2640 [ 36.612514] SyS_perf_event_open+0x67f/0x24b0 [ 36.617609] do_syscall_64+0x1d5/0x640 [ 36.622014] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 36.627706] [ 36.627706] -> #1 (tracepoints_mutex){+.+.}: [ 36.633593] __mutex_lock+0xc4/0x1310 [ 36.637894] tracepoint_probe_register+0x68/0xc0 [ 36.643159] trace_event_reg+0x272/0x330 [ 36.647717] perf_trace_init+0x424/0xa30 [ 36.652379] perf_tp_event_init+0x79/0xf0 [ 36.657024] perf_try_init_event+0x15b/0x1f0 [ 36.661929] perf_event_alloc.part.0+0xe2d/0x2640 [ 36.667895] SyS_perf_event_open+0x67f/0x24b0 [ 36.672900] do_syscall_64+0x1d5/0x640 [ 36.677290] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 36.682987] [ 36.682987] -> #0 (event_mutex){+.+.}: [ 36.688349] lock_acquire+0x170/0x3f0 [ 36.692651] __mutex_lock+0xc4/0x1310 [ 36.696948] perf_trace_init+0x4f/0xa30 [ 36.701420] perf_tp_event_init+0x79/0xf0 [ 36.706076] perf_try_init_event+0xdf/0x1f0 [ 36.710893] perf_event_alloc.part.0+0xe2d/0x2640 [ 36.716246] SyS_perf_event_open+0x67f/0x24b0 [ 36.721236] do_syscall_64+0x1d5/0x640 [ 36.725620] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 36.731318] [ 36.731318] other info that might help us debug this: [ 36.731318] [ 36.739526] Chain exists of: [ 36.739526] event_mutex --> &cpuctx_mutex --> &cpuctx_mutex/1 [ 36.739526] [ 36.749910] Possible unsafe locking scenario: [ 36.749910] [ 36.756030] CPU0 CPU1 [ 36.760712] ---- ---- [ 36.765352] lock(&cpuctx_mutex/1); [ 36.769043] lock(&cpuctx_mutex); [ 36.775077] lock(&cpuctx_mutex/1); [ 36.781284] lock(event_mutex); [ 36.784624] [ 36.784624] *** DEADLOCK *** [ 36.784624] [ 36.790674] 2 locks held by syz-executor.0/6620: [ 36.795403] #0: (&pmus_srcu){....}, at: [] perf_event_alloc.part.0+0xc44/0x2640 [ 36.804682] #1: (&cpuctx_mutex/1){+.+.}, at: [] perf_event_ctx_lock_nested+0x14d/0x2c0 [ 36.814471] [ 36.814471] stack backtrace: [ 36.818943] CPU: 0 PID: 6620 Comm: syz-executor.0 Not tainted 4.14.198-syzkaller #0 [ 36.826708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.836043] Call Trace: [ 36.838611] dump_stack+0x1b2/0x283 [ 36.842214] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 36.847991] __lock_acquire+0x2e0e/0x3f20 [ 36.852119] ? trace_hardirqs_on+0x10/0x10 [ 36.856354] ? kernel_text_address+0xbd/0xf0 [ 36.860745] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 36.866109] ? __save_stack_trace+0xa0/0x160 [ 36.870510] lock_acquire+0x170/0x3f0 [ 36.874334] ? perf_trace_init+0x4f/0xa30 [ 36.878488] ? perf_trace_init+0x4f/0xa30 [ 36.882663] __mutex_lock+0xc4/0x1310 [ 36.886535] ? perf_trace_init+0x4f/0xa30 [ 36.890663] ? perf_event_ctx_lock_nested+0x14d/0x2c0 [ 36.895851] ? __mutex_lock+0x360/0x1310 [ 36.899898] ? perf_trace_init+0x4f/0xa30 [ 36.904033] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 36.909478] ? perf_event_ctx_lock_nested+0x14d/0x2c0 [ 36.914773] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 36.920200] ? perf_event_ctx_lock_nested+0x117/0x2c0 [ 36.925366] ? lock_acquire+0x170/0x3f0 [ 36.929317] perf_trace_init+0x4f/0xa30 [ 36.933270] perf_tp_event_init+0x79/0xf0 [ 36.937395] perf_try_init_event+0xdf/0x1f0 [ 36.941710] perf_event_alloc.part.0+0xe2d/0x2640 [ 36.946562] SyS_perf_event_open+0x67f/0x24b0 [ 36.951040] ? _copy_to_user+0x82/0xd0 [ 36.954900] ? perf_bp_event+0x170/0x170 [ 36.958964] ? put_timespec64+0xaa/0xf0 [ 36.962918] ? do_vfs_ioctl+0xff0/0xff0 [ 36.966875] ? do_syscall_64+0x4c/0x640 [ 36.970829] ? perf_bp_event+0x170/0x170 [ 36.974865] do_syscall_64+0x1d5/0x640 [ 36.978732] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 36.983901] RIP: 0033:0x45de59 [ 36.987068] RSP: 002b:00007fa5fad12c78 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 36.994765] RAX: ffffffffffffffda RBX: 0000000000024cc0 RCX: 000000000045de59 [ 37.002035] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000040 [ 37.009285] RBP: 000000000118bf70 R08: 0000000000000000 R09: 0000000000000000 [ 37.017400] R10: 0000000000000004 R11: 0000000000000246 R12: 000000000118bf2c [ 37.024646] R13: 00007fffece8105f R14: 00007fa5fad139c0 R15: 000000000118bf2c