[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.62' (ECDSA) to the list of known hosts.
syzkaller login: [   90.815710][   T37] audit: type=1400 audit(1630402516.258:8): avc:  denied  { execmem } for  pid=8455 comm="syz-executor391" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   91.053210][ T8460] chnl_net:caif_netlink_parms(): no params data found
[   91.111364][ T8460] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.119073][ T8460] bridge0: port 1(bridge_slave_0) entered disabled state
[   91.128723][ T8460] device bridge_slave_0 entered promiscuous mode
[   91.140725][ T8460] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.148674][ T8460] bridge0: port 2(bridge_slave_1) entered disabled state
[   91.157270][ T8460] device bridge_slave_1 entered promiscuous mode
[   91.179128][ T8460] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   91.190262][ T8460] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   91.214180][ T8460] team0: Port device team_slave_0 added
[   91.222109][ T8460] team0: Port device team_slave_1 added
[   91.239788][ T8460] batman_adv: batadv0: Adding interface: batadv_slave_0
[   91.246760][ T8460] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.272695][ T8460] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   91.286632][ T8460] batman_adv: batadv0: Adding interface: batadv_slave_1
[   91.293614][ T8460] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.319713][ T8460] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   91.349199][ T8460] device hsr_slave_0 entered promiscuous mode
[   91.356175][ T8460] device hsr_slave_1 entered promiscuous mode
[   91.469729][ T8460] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   91.480521][ T8460] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   91.492285][ T8460] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   91.503143][ T8460] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   91.528612][ T8460] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.535783][ T8460] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.543730][ T8460] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.551026][ T8460] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.598910][ T8460] 8021q: adding VLAN 0 to HW filter on device bond0
[   91.613011][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   91.624885][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[   91.633739][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[   91.642781][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   91.656362][ T8460] 8021q: adding VLAN 0 to HW filter on device team0
[   91.668512][ T2948] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   91.677792][ T2948] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.684828][ T2948] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.707274][ T2948] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   91.715634][ T2948] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.723196][ T2948] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.731845][ T2948] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   91.743343][ T2948] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   91.754507][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   91.772155][ T8460] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   91.783251][ T8460] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   91.797104][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   91.806434][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   91.815366][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   91.835505][ T2948] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   91.843007][ T2948] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   91.858692][ T8460] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.878587][ T2948] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   91.897490][ T2948] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   91.905678][ T2948] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   91.914922][ T2948] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   91.927920][ T8460] device veth0_vlan entered promiscuous mode
[   91.940813][ T8460] device veth1_vlan entered promiscuous mode
[   91.963811][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   91.972482][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   91.981643][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   91.993956][ T8460] device veth0_macvtap entered promiscuous mode
[   92.002210][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   92.013646][ T8460] device veth1_macvtap entered promiscuous mode
[   92.032063][ T8460] batman_adv: batadv0: Interface activated: batadv_slave_0
[   92.039715][ T2948] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   92.049394][ T2948] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   92.062305][ T8460] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.069944][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   92.078686][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   92.090759][ T8460] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.100432][ T8460] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
executing program
[   92.109299][ T8460] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.118666][ T8460] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.350896][ T8677] 
[   92.353223][ T8677] ======================================================
[   92.360219][ T8677] WARNING: possible circular locking dependency detected
[   92.367216][ T8677] 5.14.0-syzkaller #0 Not tainted
[   92.372222][ T8677] ------------------------------------------------------
[   92.379222][ T8677] syz-executor391/8677 is trying to acquire lock:
[   92.385617][ T8677] ffffffff8b9ed108 (event_mutex){+.+.}-{3:3}, at: perf_trace_destroy+0x23/0xf0
[   92.394593][ T8677] 
[   92.394593][ T8677] but task is already holding lock:
[   92.401943][ T8677] ffff8880172642e8 (&mm->mmap_lock#2){++++}-{3:3}, at: vm_mmap_pgoff+0x15c/0x290
[   92.411073][ T8677] 
[   92.411073][ T8677] which lock already depends on the new lock.
[   92.411073][ T8677] 
[   92.421453][ T8677] 
[   92.421453][ T8677] the existing dependency chain (in reverse order) is:
[   92.430455][ T8677] 
[   92.430455][ T8677] -> #3 (&mm->mmap_lock#2){++++}-{3:3}:
[   92.438174][ T8677]        down_write_killable+0x95/0x170
[   92.443732][ T8677]        dup_mm+0x12e/0x1380
[   92.448321][ T8677]        copy_process+0x71ec/0x74d0
[   92.453510][ T8677]        kernel_clone+0xe7/0xac0
[   92.458438][ T8677]        __do_sys_clone+0xc8/0x110
[   92.463551][ T8677]        do_syscall_64+0x35/0xb0
[   92.468476][ T8677]        entry_SYSCALL_64_after_hwframe+0x44/0xae
[   92.474967][ T8677] 
[   92.474967][ T8677] -> #2 (dup_mmap_sem){++++}-{0:0}:
[   92.482332][ T8677]        percpu_down_write+0x4f/0x3e0
[   92.487705][ T8677]        register_for_each_vma+0x2c/0xc10
[   92.493417][ T8677]        __uprobe_register+0x5c2/0x850
[   92.498864][ T8677]        probe_event_enable+0x357/0x9f0
[   92.504409][ T8677]        trace_uprobe_register+0x443/0x880
[   92.510202][ T8677]        perf_trace_event_init+0x549/0xa20
[   92.516004][ T8677]        perf_uprobe_init+0x16f/0x210
[   92.521361][ T8677]        perf_uprobe_event_init+0xff/0x1c0
[   92.527162][ T8677]        perf_try_init_event+0x12a/0x560
[   92.532812][ T8677]        perf_event_alloc.part.0+0xf16/0x3b10
[   92.538879][ T8677]        __do_sys_perf_event_open+0x4ae/0x3130
[   92.545035][ T8677]        do_syscall_64+0x35/0xb0
[   92.549968][ T8677]        entry_SYSCALL_64_after_hwframe+0x44/0xae
[   92.556378][ T8677] 
[   92.556378][ T8677] -> #1 (&uprobe->register_rwsem){+.+.}-{3:3}:
[   92.564717][ T8677]        down_write+0x92/0x150
[   92.569481][ T8677]        __uprobe_register+0x531/0x850
[   92.574940][ T8677]        probe_event_enable+0x357/0x9f0
[   92.580473][ T8677]        trace_uprobe_register+0x443/0x880
[   92.586276][ T8677]        perf_trace_event_init+0x549/0xa20
[   92.592067][ T8677]        perf_uprobe_init+0x16f/0x210
[   92.597428][ T8677]        perf_uprobe_event_init+0xff/0x1c0
[   92.603226][ T8677]        perf_try_init_event+0x12a/0x560
[   92.608851][ T8677]        perf_event_alloc.part.0+0xf16/0x3b10
[   92.614905][ T8677]        __do_sys_perf_event_open+0x4ae/0x3130
[   92.621045][ T8677]        do_syscall_64+0x35/0xb0
[   92.625984][ T8677]        entry_SYSCALL_64_after_hwframe+0x44/0xae
[   92.632398][ T8677] 
[   92.632398][ T8677] -> #0 (event_mutex){+.+.}-{3:3}:
[   92.639678][ T8677]        __lock_acquire+0x2a07/0x54a0
[   92.645038][ T8677]        lock_acquire+0x1ab/0x510
[   92.650054][ T8677]        __mutex_lock+0x12a/0x10a0
[   92.655167][ T8677]        perf_trace_destroy+0x23/0xf0
[   92.660535][ T8677]        _free_event+0x2ee/0x1390
[   92.665547][ T8677]        perf_mmap_close+0x540/0xe30
[   92.670908][ T8677]        remove_vma+0xae/0x170
[   92.675662][ T8677]        __do_munmap+0x715/0x11c0
[   92.680676][ T8677]        mmap_region+0x85a/0x1760
[   92.685688][ T8677]        do_mmap+0x86e/0x1180
[   92.690367][ T8677]        vm_mmap_pgoff+0x1b7/0x290
[   92.695467][ T8677]        ksys_mmap_pgoff+0x4a8/0x620
[   92.700754][ T8677]        do_syscall_64+0x35/0xb0
[   92.705688][ T8677]        entry_SYSCALL_64_after_hwframe+0x44/0xae
[   92.712103][ T8677] 
[   92.712103][ T8677] other info that might help us debug this:
[   92.712103][ T8677] 
[   92.722314][ T8677] Chain exists of:
[   92.722314][ T8677]   event_mutex --> dup_mmap_sem --> &mm->mmap_lock#2
[   92.722314][ T8677] 
[   92.734817][ T8677]  Possible unsafe locking scenario:
[   92.734817][ T8677] 
[   92.742244][ T8677]        CPU0                    CPU1
[   92.747588][ T8677]        ----                    ----
[   92.752934][ T8677]   lock(&mm->mmap_lock#2);
[   92.757438][ T8677]                                lock(dup_mmap_sem);
[   92.764193][ T8677]                                lock(&mm->mmap_lock#2);
[   92.771200][ T8677]   lock(event_mutex);
[   92.775254][ T8677] 
[   92.775254][ T8677]  *** DEADLOCK ***
[   92.775254][ T8677] 
[   92.783376][ T8677] 1 lock held by syz-executor391/8677:
[   92.788815][ T8677]  #0: ffff8880172642e8 (&mm->mmap_lock#2){++++}-{3:3}, at: vm_mmap_pgoff+0x15c/0x290
[   92.798387][ T8677] 
[   92.798387][ T8677] stack backtrace:
[   92.804252][ T8677] CPU: 0 PID: 8677 Comm: syz-executor391 Not tainted 5.14.0-syzkaller #0
[   92.812651][ T8677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   92.822689][ T8677] Call Trace:
[   92.825955][ T8677]  dump_stack_lvl+0xcd/0x134
[   92.830541][ T8677]  check_noncircular+0x25f/0x2e0
[   92.835473][ T8677]  ? _find_first_zero_bit+0x94/0xb0
[   92.840664][ T8677]  ? print_circular_bug+0x1e0/0x1e0
[   92.845859][ T8677]  ? add_lock_to_list.constprop.0+0x185/0x370
[   92.851920][ T8677]  ? lockdep_lock+0xc6/0x200
[   92.856514][ T8677]  ? call_rcu_zapped+0xb0/0xb0
[   92.861268][ T8677]  __lock_acquire+0x2a07/0x54a0
[   92.866106][ T8677]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   92.872072][ T8677]  lock_acquire+0x1ab/0x510
[   92.876561][ T8677]  ? perf_trace_destroy+0x23/0xf0
[   92.881574][ T8677]  ? lock_release+0x720/0x720
[   92.886236][ T8677]  ? perf_event_detach_bpf_prog+0x243/0x3a0
[   92.892124][ T8677]  ? lock_downgrade+0x6e0/0x6e0
[   92.896961][ T8677]  __mutex_lock+0x12a/0x10a0
[   92.901543][ T8677]  ? perf_trace_destroy+0x23/0xf0
[   92.906556][ T8677]  ? perf_trace_destroy+0x23/0xf0
[   92.911656][ T8677]  ? wait_for_completion_io+0x280/0x280
[   92.917280][ T8677]  ? mutex_lock_io_nested+0xf00/0xf00
[   92.922646][ T8677]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   92.928877][ T8677]  ? perf_addr_filters_splice+0x114/0x470
[   92.934603][ T8677]  ? perf_tp_event_init+0x120/0x120
[   92.939792][ T8677]  perf_trace_destroy+0x23/0xf0
[   92.944628][ T8677]  ? perf_tp_event_init+0x120/0x120
[   92.949818][ T8677]  _free_event+0x2ee/0x1390
[   92.954307][ T8677]  perf_mmap_close+0x540/0xe30
[   92.959058][ T8677]  ? perf_compat_ioctl+0x130/0x130
[   92.964155][ T8677]  ? perf_compat_ioctl+0x130/0x130
[   92.969252][ T8677]  remove_vma+0xae/0x170
[   92.973483][ T8677]  __do_munmap+0x715/0x11c0
[   92.977983][ T8677]  mmap_region+0x85a/0x1760
[   92.982476][ T8677]  ? get_unmapped_area+0x2ae/0x3d0
[   92.987576][ T8677]  do_mmap+0x86e/0x1180
[   92.991731][ T8677]  vm_mmap_pgoff+0x1b7/0x290
[   92.996313][ T8677]  ? randomize_stack_top+0x100/0x100
[   93.001590][ T8677]  ? __fget_files+0x23d/0x3e0
[   93.006255][ T8677]  ksys_mmap_pgoff+0x4a8/0x620
[   93.011024][ T8677]  ? mlock_future_check+0x120/0x120
[   93.016224][ T8677]  ? syscall_enter_from_user_mode+0x21/0x70
[   93.022106][ T8677]  do_syscall_64+0x35/0xb0
[   93.026512][ T8677]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   93.032397][ T8677] RIP: 0033:0x453bf9
[   93.036276][ T8677] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[   93.055875][ T8677] RSP: 002b:00007f10392621f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[   93.064316][ T8677] RAX: ffffffffffffffda RBX: 00000000004d24e8 RCX: 0000000000453bf9
[   93.072285][ T8677] RDX: 0000000000000000 RSI: 0000000000003000 RDI: 0000000020ffc000
[   93.080244][ T8677] RBP: 00000000004d24e0 R08: 0000000000000005 R09: 0000000000000000
[   93.088200][ T8677] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000004d24ec
[   93.096178][ T8677] R13: 00007ffe172fb3ef R14: 00007f1039262300 R15: 0000000000022000
write to /proc/sys/net/core/bpf_jit_kallsyms failed: No such file or directory
write to /proc/sys/net/core/bpf_jit_harden failed: No such file or directory
[   93.126217][ T8460] syz-executor391 (8460) used greatest stack depth: 22624 bytes left
[   93.215181][   T10] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
write to /proc/sys/net/core/bpf_jit_kallsyms failed: No such file or directory
write to /proc/sys/net/core/bpf_jit_harden failed: No such file or directory