Warning: Permanently added '10.128.0.15' (ECDSA) to the list of known hosts. 2020/08/03 11:47:20 parsed 1 programs 2020/08/03 11:47:20 executed programs: 0 syzkaller login: [ 147.416380] audit: type=1400 audit(1596455240.767:8): avc: denied { execmem } for pid=6370 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 147.682397] IPVS: ftp: loaded support on port[0] = 21 [ 148.497749] chnl_net:caif_netlink_parms(): no params data found [ 148.575039] bridge0: port 1(bridge_slave_0) entered blocking state [ 148.581560] bridge0: port 1(bridge_slave_0) entered disabled state [ 148.588962] device bridge_slave_0 entered promiscuous mode [ 148.596804] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.603264] bridge0: port 2(bridge_slave_1) entered disabled state [ 148.610362] device bridge_slave_1 entered promiscuous mode [ 148.627679] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 148.636531] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 148.655526] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 148.662782] team0: Port device team_slave_0 added [ 148.668241] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 148.676242] team0: Port device team_slave_1 added [ 148.691237] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 148.697555] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 148.723245] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 148.734611] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 148.740843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 148.766246] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 148.776979] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 148.784811] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 148.844038] device hsr_slave_0 entered promiscuous mode [ 148.881817] device hsr_slave_1 entered promiscuous mode [ 148.922294] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 148.929394] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 148.991311] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.997815] bridge0: port 2(bridge_slave_1) entered forwarding state [ 149.004835] bridge0: port 1(bridge_slave_0) entered blocking state [ 149.011184] bridge0: port 1(bridge_slave_0) entered forwarding state [ 149.043574] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 149.049666] 8021q: adding VLAN 0 to HW filter on device bond0 [ 149.058835] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 149.068564] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 149.087290] bridge0: port 1(bridge_slave_0) entered disabled state [ 149.094726] bridge0: port 2(bridge_slave_1) entered disabled state [ 149.106280] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 149.112490] 8021q: adding VLAN 0 to HW filter on device team0 [ 149.121148] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 149.129285] bridge0: port 1(bridge_slave_0) entered blocking state [ 149.135700] bridge0: port 1(bridge_slave_0) entered forwarding state [ 149.146373] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 149.154077] bridge0: port 2(bridge_slave_1) entered blocking state [ 149.160416] bridge0: port 2(bridge_slave_1) entered forwarding state [ 149.180795] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 149.190742] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 149.202843] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 149.209387] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 149.217775] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 149.225987] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 149.234037] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 149.242301] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 149.249123] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 149.261005] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 149.268978] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 149.275763] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 149.287750] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 149.338799] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 149.348533] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 149.377262] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 149.385102] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 149.391903] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 149.400769] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 149.409056] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 149.416142] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 149.424944] device veth0_vlan entered promiscuous mode [ 149.435032] device veth1_vlan entered promiscuous mode [ 149.440855] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 149.449814] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 149.460870] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 149.471639] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 149.478606] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 149.486826] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 149.495042] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 149.505518] device veth0_macvtap entered promiscuous mode [ 149.513989] device veth1_macvtap entered promiscuous mode [ 149.522930] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 149.532428] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 149.542326] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 149.549445] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 149.557054] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 149.565577] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 149.575938] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 149.583260] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 149.589820] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 149.598242] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2020/08/03 11:47:26 executed programs: 1 [ 152.772458] Bluetooth: hci0 command 0x0409 tx timeout [ 154.841464] Bluetooth: hci0 command 0x041b tx timeout [ 156.752627] [ 156.754295] ====================================================== [ 156.760603] WARNING: possible circular locking dependency detected [ 156.767001] 4.14.191-syzkaller #0 Not tainted [ 156.771472] ------------------------------------------------------ [ 156.777793] syz-executor.0/6653 is trying to acquire lock: [ 156.783394] (event_mutex){+.+.}, at: [] perf_trace_destroy+0x23/0xf0 [ 156.791550] [ 156.791550] but task is already holding lock: [ 156.797504] (&event->child_mutex){+.+.}, at: [] perf_event_release_kernel+0x208/0x8a0 [ 156.808441] [ 156.808441] which lock already depends on the new lock. [ 156.808441] [ 156.816746] [ 156.816746] the existing dependency chain (in reverse order) is: [ 156.824351] [ 156.824351] -> #5 (&event->child_mutex){+.+.}: [ 156.830411] __mutex_lock+0xc4/0x1310 [ 156.834733] perf_event_for_each_child+0x82/0x140 [ 156.840363] _perf_ioctl+0x47f/0x1a80 [ 156.844673] perf_ioctl+0x55/0x80 [ 156.848650] do_vfs_ioctl+0x75a/0xff0 [ 156.852951] SyS_ioctl+0x7f/0xb0 [ 156.856819] do_syscall_64+0x1d5/0x640 [ 156.861211] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 156.866899] [ 156.866899] -> #4 (&cpuctx_mutex){+.+.}: [ 156.872432] __mutex_lock+0xc4/0x1310 [ 156.876733] perf_event_init_cpu+0xb7/0x170 [ 156.881590] perf_event_init+0x2cc/0x308 [ 156.886155] start_kernel+0x46a/0x770 [ 156.890462] secondary_startup_64+0xa5/0xb0 [ 156.895370] [ 156.895370] -> #3 (pmus_lock){+.+.}: [ 156.900558] __mutex_lock+0xc4/0x1310 [ 156.904864] perf_event_init_cpu+0x2c/0x170 [ 156.909683] cpuhp_invoke_callback+0x1e6/0x1a80 [ 156.914855] _cpu_up+0x219/0x500 [ 156.918749] do_cpu_up+0x9a/0x160 [ 156.922707] smp_init+0x197/0x1ac [ 156.926660] kernel_init_freeable+0x3f4/0x619 [ 156.931657] kernel_init+0xd/0x15b [ 156.935705] ret_from_fork+0x24/0x30 [ 156.940018] [ 156.940018] -> #2 (cpu_hotplug_lock.rw_sem){++++}: [ 156.946606] cpus_read_lock+0x39/0xc0 [ 156.950921] static_key_slow_inc+0xe/0x20 [ 156.955576] tracepoint_add_func+0x517/0x750 [ 156.960485] tracepoint_probe_register+0x8c/0xc0 [ 156.965756] trace_event_reg+0x272/0x330 [ 156.970327] perf_trace_init+0x424/0xa30 [ 156.974895] perf_tp_event_init+0x79/0xf0 [ 156.979545] perf_try_init_event+0x15b/0x1f0 [ 156.984458] perf_event_alloc.part.0+0xe2d/0x2640 [ 156.989997] SyS_perf_event_open+0x67f/0x24b0 [ 156.994997] do_syscall_64+0x1d5/0x640 [ 156.999407] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 157.005110] [ 157.005110] -> #1 (tracepoints_mutex){+.+.}: [ 157.012033] __mutex_lock+0xc4/0x1310 [ 157.016336] tracepoint_probe_register+0x68/0xc0 [ 157.021695] trace_event_reg+0x272/0x330 [ 157.026263] perf_trace_init+0x424/0xa30 [ 157.030829] perf_tp_event_init+0x79/0xf0 [ 157.035504] perf_try_init_event+0x15b/0x1f0 [ 157.040438] perf_event_alloc.part.0+0xe2d/0x2640 [ 157.045807] SyS_perf_event_open+0x67f/0x24b0 [ 157.050903] do_syscall_64+0x1d5/0x640 [ 157.055319] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 157.061020] [ 157.061020] -> #0 (event_mutex){+.+.}: [ 157.066382] lock_acquire+0x170/0x3f0 [ 157.070692] __mutex_lock+0xc4/0x1310 [ 157.075026] perf_trace_destroy+0x23/0xf0 [ 157.079702] _free_event+0x321/0xe20 [ 157.083933] free_event+0x32/0x40 [ 157.087888] perf_event_release_kernel+0x368/0x8a0 [ 157.093323] perf_release+0x33/0x40 [ 157.097451] __fput+0x25f/0x7a0 [ 157.101322] task_work_run+0x11f/0x190 [ 157.105719] exit_to_usermode_loop+0x1ad/0x200 [ 157.110833] do_syscall_64+0x4a3/0x640 [ 157.115228] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 157.120917] [ 157.120917] other info that might help us debug this: [ 157.120917] [ 157.129043] Chain exists of: [ 157.129043] event_mutex --> &cpuctx_mutex --> &event->child_mutex [ 157.129043] [ 157.139794] Possible unsafe locking scenario: [ 157.139794] [ 157.145842] CPU0 CPU1 [ 157.150580] ---- ---- [ 157.155237] lock(&event->child_mutex); [ 157.159297] lock(&cpuctx_mutex); [ 157.165350] lock(&event->child_mutex); [ 157.171909] lock(event_mutex); [ 157.175253] [ 157.175253] *** DEADLOCK *** [ 157.175253] [ 157.181300] 2 locks held by syz-executor.0/6653: [ 157.186032] #0: (&ctx->mutex){+.+.}, at: [] perf_event_release_kernel+0x1fe/0x8a0 [ 157.195394] #1: (&event->child_mutex){+.+.}, at: [] perf_event_release_kernel+0x208/0x8a0 [ 157.205456] [ 157.205456] stack backtrace: [ 157.209939] CPU: 1 PID: 6653 Comm: syz-executor.0 Not tainted 4.14.191-syzkaller #0 [ 157.217731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 157.227110] Call Trace: [ 157.229702] dump_stack+0x1b2/0x283 [ 157.233321] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 157.239113] __lock_acquire+0x2e0e/0x3f20 [ 157.243272] ? __lock_acquire+0x5fc/0x3f20 [ 157.247586] ? trace_hardirqs_on+0x10/0x10 [ 157.251809] ? trace_hardirqs_on+0x10/0x10 [ 157.256030] ? should_fail+0x327/0x3f0 [ 157.259900] ? llist_add_batch+0x61/0x90 [ 157.263950] ? trace_hardirqs_on+0x10/0x10 [ 157.268303] lock_acquire+0x170/0x3f0 [ 157.272091] ? perf_trace_destroy+0x23/0xf0 [ 157.276407] ? perf_trace_destroy+0x23/0xf0 [ 157.280732] __mutex_lock+0xc4/0x1310 [ 157.284524] ? perf_trace_destroy+0x23/0xf0 [ 157.288917] ? perf_trace_destroy+0x23/0xf0 [ 157.293235] ? _raw_spin_unlock_irq+0x24/0x80 [ 157.297714] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 157.303156] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 157.308157] ? _raw_spin_unlock_irq+0x5a/0x80 [ 157.312636] ? event_function_call+0x1fa/0x3c0 [ 157.317233] ? event_sched_out+0x11b0/0x11b0 [ 157.321659] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 157.327094] ? perf_tp_event_init+0xf0/0xf0 [ 157.331427] perf_trace_destroy+0x23/0xf0 [ 157.335562] ? perf_tp_event_init+0xf0/0xf0 [ 157.340301] _free_event+0x321/0xe20 [ 157.343999] free_event+0x32/0x40 [ 157.347466] perf_event_release_kernel+0x368/0x8a0 [ 157.352382] ? perf_event_release_kernel+0x8a0/0x8a0 [ 157.357492] perf_release+0x33/0x40 [ 157.361104] __fput+0x25f/0x7a0 [ 157.364393] task_work_run+0x11f/0x190 [ 157.368268] exit_to_usermode_loop+0x1ad/0x200 [ 157.372840] do_syscall_64+0x4a3/0x640 [ 157.376716] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 157.381888] RIP: 0033:0x416791 [ 157.385080] RSP: 002b:00007ffd553c23f0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 157.392810] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000416791 [ 157.400419] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 0000000000000003 [ 157.407688] RBP: 0000000000000000 R08: 0000000000791218 R09: 0000000000000000 [ 157.414952] R10: 00007ffd553c24d0 R11: 0000000000000293 R12: 0000000000791220 [ 157.422229] R13: 0000000000000002 R14: ffffffffffffffff R15: 000000000078c04c [ 157.429575] Bluetooth: hci0 command 0x040f tx timeout 2020/08/03 11:47:31 executed programs: 7 [ 158.521809] NOHZ: local_softirq_pending 08 [ 159.481450] Bluetooth: hci0 command 0x0419 tx timeout 2020/08/03 11:47:37 executed programs: 14