[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 36.099985] random: sshd: uninitialized urandom read (32 bytes read) [ 36.369788] kauditd_printk_skb: 10 callbacks suppressed [ 36.369796] audit: type=1400 audit(1565492949.311:35): avc: denied { map } for pid=6969 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 36.412118] random: sshd: uninitialized urandom read (32 bytes read) [ 36.938200] random: sshd: uninitialized urandom read (32 bytes read) [ 37.128734] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.202' (ECDSA) to the list of known hosts. [ 42.661327] random: sshd: uninitialized urandom read (32 bytes read) [ 42.784935] audit: type=1400 audit(1565492955.731:36): avc: denied { map } for pid=6981 comm="syz-executor667" path="/root/syz-executor667127366" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 43.051029] IPVS: ftp: loaded support on port[0] = 21 executing program *** stack smashing detected ***: ./syz-executor667127366 terminated [ 44.011234] [ 44.012954] ====================================================== [ 44.019733] WARNING: possible circular locking dependency detected [ 44.026284] 4.14.138 #34 Not tainted [ 44.030134] ------------------------------------------------------ [ 44.036703] syz-executor667/6983 is trying to acquire lock: [ 44.042534] (event_mutex){+.+.}, at: [] perf_trace_destroy+0x28/0x100 [ 44.051060] [ 44.051060] but task is already holding lock: [ 44.057121] (&event->child_mutex){+.+.}, at: [] perf_event_release_kernel+0x207/0x880 [ 44.066869] [ 44.066869] which lock already depends on the new lock. [ 44.066869] [ 44.075514] [ 44.075514] the existing dependency chain (in reverse order) is: [ 44.083119] [ 44.083119] -> #5 (&event->child_mutex){+.+.}: [ 44.089211] lock_acquire+0x16f/0x430 [ 44.093523] __mutex_lock+0xe8/0x1470 [ 44.097955] mutex_lock_nested+0x16/0x20 [ 44.102521] perf_event_read_value+0x7a/0x410 [ 44.107659] perf_read+0x40c/0x820 [ 44.111707] __vfs_read+0x105/0x6a0 [ 44.116075] vfs_read+0x137/0x350 [ 44.120044] SyS_read+0xfd/0x230 [ 44.123924] do_syscall_64+0x1e8/0x640 [ 44.128503] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 44.134315] [ 44.134315] -> #4 (&cpuctx_mutex){+.+.}: [ 44.139843] lock_acquire+0x16f/0x430 [ 44.144184] __mutex_lock+0xe8/0x1470 [ 44.148814] mutex_lock_nested+0x16/0x20 [ 44.153625] perf_event_init_cpu+0xc2/0x170 [ 44.158596] perf_event_init+0x2d8/0x31a [ 44.163202] start_kernel+0x3b6/0x6fd [ 44.167509] x86_64_start_reservations+0x29/0x2b [ 44.172857] x86_64_start_kernel+0x77/0x7b [ 44.177599] secondary_startup_64+0xa5/0xb0 [ 44.182422] [ 44.182422] -> #3 (pmus_lock){+.+.}: [ 44.187606] lock_acquire+0x16f/0x430 [ 44.191925] __mutex_lock+0xe8/0x1470 [ 44.196324] mutex_lock_nested+0x16/0x20 [ 44.200967] perf_event_init_cpu+0x2f/0x170 [ 44.205903] cpuhp_invoke_callback+0x1ea/0x1ab0 [ 44.211163] _cpu_up+0x228/0x530 [ 44.215147] do_cpu_up+0x121/0x150 [ 44.219246] cpu_up+0x1b/0x20 [ 44.222913] smp_init+0x157/0x170 [ 44.226906] kernel_init_freeable+0x30b/0x532 [ 44.231907] kernel_init+0x12/0x162 [ 44.236121] ret_from_fork+0x24/0x30 [ 44.240336] [ 44.240336] -> #2 (cpu_hotplug_lock.rw_sem){++++}: [ 44.246771] lock_acquire+0x16f/0x430 [ 44.251170] cpus_read_lock+0x3d/0xc0 [ 44.255472] static_key_slow_inc+0x13/0x30 [ 44.260462] tracepoint_probe_register_prio+0x4d6/0x6d0 [ 44.266345] tracepoint_probe_register+0x2b/0x40 [ 44.271602] trace_event_reg+0x277/0x330 [ 44.276165] perf_trace_init+0x449/0xaa0 [ 44.280745] perf_tp_event_init+0x7d/0xf0 [ 44.285419] perf_try_init_event+0x164/0x200 [ 44.290500] perf_event_alloc.part.0+0xd90/0x25b0 [ 44.296024] SYSC_perf_event_open+0xad1/0x2610 [ 44.301108] SyS_perf_event_open+0x34/0x40 [ 44.306051] do_syscall_64+0x1e8/0x640 [ 44.310445] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 44.316134] [ 44.316134] -> #1 (tracepoints_mutex){+.+.}: [ 44.322023] lock_acquire+0x16f/0x430 [ 44.326330] __mutex_lock+0xe8/0x1470 [ 44.330636] mutex_lock_nested+0x16/0x20 [ 44.335238] tracepoint_probe_register_prio+0x36/0x6d0 [ 44.341017] tracepoint_probe_register+0x2b/0x40 [ 44.346272] trace_event_reg+0x277/0x330 [ 44.350919] perf_trace_init+0x449/0xaa0 [ 44.355486] perf_tp_event_init+0x7d/0xf0 [ 44.360135] perf_try_init_event+0x164/0x200 [ 44.365044] perf_event_alloc.part.0+0xd90/0x25b0 [ 44.370428] SYSC_perf_event_open+0xad1/0x2610 [ 44.375513] SyS_perf_event_open+0x34/0x40 [ 44.380251] do_syscall_64+0x1e8/0x640 [ 44.384640] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 44.390364] [ 44.390364] -> #0 (event_mutex){+.+.}: [ 44.395750] __lock_acquire+0x2cb3/0x4620 [ 44.400437] lock_acquire+0x16f/0x430 [ 44.404747] __mutex_lock+0xe8/0x1470 [ 44.409055] mutex_lock_nested+0x16/0x20 [ 44.413620] perf_trace_destroy+0x28/0x100 [ 44.418387] tp_perf_event_destroy+0x16/0x20 [ 44.423298] _free_event+0x330/0xe70 [ 44.427509] free_event+0x38/0x50 [ 44.431472] perf_event_release_kernel+0x364/0x880 [ 44.436899] perf_release+0x37/0x50 [ 44.441028] __fput+0x275/0x7a0 [ 44.444846] ____fput+0x16/0x20 [ 44.448629] task_work_run+0x114/0x190 [ 44.453025] do_exit+0x7df/0x2c10 [ 44.456976] do_group_exit+0x111/0x330 [ 44.461359] get_signal+0x381/0x1cd0 [ 44.465570] do_signal+0x86/0x19a0 [ 44.469625] exit_to_usermode_loop+0x15c/0x220 [ 44.474729] do_syscall_64+0x4bc/0x640 [ 44.479111] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 44.484795] [ 44.484795] other info that might help us debug this: [ 44.484795] [ 44.492930] Chain exists of: [ 44.492930] event_mutex --> &cpuctx_mutex --> &event->child_mutex [ 44.492930] [ 44.503654] Possible unsafe locking scenario: [ 44.503654] [ 44.509697] CPU0 CPU1 [ 44.514333] ---- ---- [ 44.518993] lock(&event->child_mutex); [ 44.523024] lock(&cpuctx_mutex); [ 44.529063] lock(&event->child_mutex); [ 44.535624] lock(event_mutex); [ 44.538961] [ 44.538961] *** DEADLOCK *** [ 44.538961] [ 44.544990] 2 locks held by syz-executor667/6983: [ 44.549811] #0: (&ctx->mutex){+.+.}, at: [] perf_event_release_kernel+0x1fd/0x880 [ 44.559163] #1: (&event->child_mutex){+.+.}, at: [] perf_event_release_kernel+0x207/0x880 [ 44.569192] [ 44.569192] stack backtrace: [ 44.573679] CPU: 1 PID: 6983 Comm: syz-executor667 Not tainted 4.14.138 #34 [ 44.580761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.590090] Call Trace: [ 44.592663] dump_stack+0x138/0x19c [ 44.596353] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 44.601691] __lock_acquire+0x2cb3/0x4620 [ 44.605813] ? event_function+0x28b/0x380 [ 44.609942] ? trace_hardirqs_on+0x10/0x10 [ 44.614154] lock_acquire+0x16f/0x430 [ 44.617929] ? perf_trace_destroy+0x28/0x100 [ 44.622309] ? perf_trace_destroy+0x28/0x100 [ 44.626688] __mutex_lock+0xe8/0x1470 [ 44.630482] ? perf_trace_destroy+0x28/0x100 [ 44.634861] ? perf_trace_destroy+0x28/0x100 [ 44.639242] ? alloc_perf_context+0xf0/0xf0 [ 44.643547] ? mutex_trylock+0x1c0/0x1c0 [ 44.647591] ? save_trace+0x290/0x290 [ 44.651366] ? __mutex_lock+0x36a/0x1470 [ 44.655398] ? perf_event_release_kernel+0x1f3/0x880 [ 44.660474] ? __lock_is_held+0xb6/0x140 [ 44.664511] ? check_preemption_disabled+0x3c/0x250 [ 44.669498] mutex_lock_nested+0x16/0x20 [ 44.673559] ? mutex_lock_nested+0x16/0x20 [ 44.677857] perf_trace_destroy+0x28/0x100 [ 44.682079] tp_perf_event_destroy+0x16/0x20 [ 44.686459] ? perf_tp_event_init+0xf0/0xf0 [ 44.690816] _free_event+0x330/0xe70 [ 44.694503] free_event+0x38/0x50 [ 44.697930] perf_event_release_kernel+0x364/0x880 [ 44.702843] ? perf_event_release_kernel+0x880/0x880 [ 44.707918] perf_release+0x37/0x50 [ 44.711519] __fput+0x275/0x7a0 [ 44.714771] ____fput+0x16/0x20 [ 44.718026] task_work_run+0x114/0x190 [ 44.721886] do_exit+0x7df/0x2c10 [ 44.725315] ? fsnotify+0x92f/0x11e0 [ 44.729004] ? mm_update_next_owner+0x5d0/0x5d0 [ 44.733648] do_group_exit+0x111/0x330 [ 44.737512] get_signal+0x381/0x1cd0 [ 44.741200] ? vfs_writev+0x1d7/0x2a0 [ 44.744976] ? kfree+0x20a/0x270 [ 44.748318] do_signal+0x86/0x19a0 [ 44.751833] ? setup_sigcontext+0x7d0/0x7d0 [ 44.756144] ? __fget_light+0x172/0x1f0 [ 44.760093] ? fput+0xd4/0x150 [ 44.763259] ? do_writev+0x1af/0x2d0 [ 44.766948] ? exit_to_usermode_loop+0x3d/0x220 [ 44.771589] exit_to_usermode_loop+0x15c/0x220 [ 44.776145] do_syscall_64+0x4bc/0x640 [ 44.780005] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 44.784827] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 44.789987] RIP: 0033:0x41248e [ 44.793173] RSP: 002b:00007ffd26b1aba0 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 44.800867] RAX: 0000000000000044 RBX: 0000000000000044 RCX: 000000000041248e [ 44.808114] RDX: 0000000000000005 RSI: 00007ffd26b1aba0 RDI: 000000000000