[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.187' (ECDSA) to the list of known hosts. syzkaller login: [ 27.749525] IPVS: ftp: loaded support on port[0] = 21 executing program [ 27.811151] syz-executor208[7997]: segfault at 2a452cb9d000 ip 00007f2c43fecbf1 sp 00002a452cb9d000 error 4 in syz-executor2080227243[7f2c43fae000+83000] [ 27.826860] [ 27.828499] ====================================================== [ 27.834793] WARNING: possible circular locking dependency detected [ 27.841091] 4.14.298-syzkaller #0 Not tainted [ 27.845565] ------------------------------------------------------ [ 27.851862] syz-executor208/7997 is trying to acquire lock: [ 27.857637] (event_mutex){+.+.}, at: [] perf_trace_destroy+0x23/0xf0 [ 27.865781] [ 27.865781] but task is already holding lock: [ 27.871817] (&event->child_mutex){+.+.}, at: [] perf_event_release_kernel+0x208/0x8a0 [ 27.881502] [ 27.881502] which lock already depends on the new lock. [ 27.881502] [ 27.889787] [ 27.889787] the existing dependency chain (in reverse order) is: [ 27.897464] [ 27.897464] -> #5 (&event->child_mutex){+.+.}: [ 27.903505] __mutex_lock+0xc4/0x1310 [ 27.907857] perf_event_for_each_child+0x82/0x140 [ 27.913202] _perf_ioctl+0x471/0x1a60 [ 27.917498] perf_ioctl+0x55/0x80 [ 27.921444] do_vfs_ioctl+0x75a/0xff0 [ 27.925738] SyS_ioctl+0x7f/0xb0 [ 27.929596] do_syscall_64+0x1d5/0x640 [ 27.934067] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 27.939749] [ 27.939749] -> #4 (&cpuctx_mutex){+.+.}: [ 27.945396] __mutex_lock+0xc4/0x1310 [ 27.949691] perf_event_init_cpu+0xb7/0x170 [ 27.954507] perf_event_init+0x2cc/0x308 [ 27.959063] start_kernel+0x45d/0x763 [ 27.963355] secondary_startup_64+0xa5/0xb0 [ 27.968167] [ 27.968167] -> #3 (pmus_lock){+.+.}: [ 27.973337] __mutex_lock+0xc4/0x1310 [ 27.977629] perf_event_init_cpu+0x2c/0x170 [ 27.982463] cpuhp_invoke_callback+0x1e6/0x1a80 [ 27.987624] _cpu_up+0x21e/0x520 [ 27.991484] do_cpu_up+0x9a/0x160 [ 27.995432] smp_init+0x197/0x1ac [ 27.999380] kernel_init_freeable+0x406/0x626 [ 28.004371] kernel_init+0xd/0x164 [ 28.008406] ret_from_fork+0x24/0x30 [ 28.012611] [ 28.012611] -> #2 (cpu_hotplug_lock.rw_sem){++++}: [ 28.018997] cpus_read_lock+0x39/0xc0 [ 28.023361] static_key_slow_inc+0xe/0x20 [ 28.028058] tracepoint_add_func+0x747/0xa40 [ 28.032960] tracepoint_probe_register+0x8c/0xc0 [ 28.038211] trace_event_reg+0x272/0x330 [ 28.042768] perf_trace_init+0x424/0xa30 [ 28.047424] perf_tp_event_init+0x79/0xf0 [ 28.052062] perf_try_init_event+0x15b/0x1f0 [ 28.056962] perf_event_alloc.part.0+0xe2d/0x2640 [ 28.062301] SyS_perf_event_open+0x683/0x2530 [ 28.067291] do_syscall_64+0x1d5/0x640 [ 28.071670] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 28.077350] [ 28.077350] -> #1 (tracepoints_mutex){+.+.}: [ 28.083211] __mutex_lock+0xc4/0x1310 [ 28.087503] tracepoint_probe_register+0x68/0xc0 [ 28.092775] trace_event_reg+0x272/0x330 [ 28.097328] perf_trace_init+0x424/0xa30 [ 28.101897] perf_tp_event_init+0x79/0xf0 [ 28.106535] perf_try_init_event+0x15b/0x1f0 [ 28.111441] perf_event_alloc.part.0+0xe2d/0x2640 [ 28.116777] SyS_perf_event_open+0x683/0x2530 [ 28.121765] do_syscall_64+0x1d5/0x640 [ 28.126148] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 28.131847] [ 28.131847] -> #0 (event_mutex){+.+.}: [ 28.137190] lock_acquire+0x170/0x3f0 [ 28.141486] __mutex_lock+0xc4/0x1310 [ 28.145797] perf_trace_destroy+0x23/0xf0 [ 28.150469] _free_event+0x321/0xe20 [ 28.154673] free_event+0x32/0x40 [ 28.158641] perf_event_release_kernel+0x368/0x8a0 [ 28.164063] perf_release+0x33/0x40 [ 28.168185] __fput+0x25f/0x7a0 [ 28.171967] task_work_run+0x11f/0x190 [ 28.176347] do_exit+0xa44/0x2850 [ 28.180295] do_group_exit+0x100/0x2e0 [ 28.184693] get_signal+0x38d/0x1ca0 [ 28.188902] do_signal+0x7c/0x1550 [ 28.192948] exit_to_usermode_loop+0x160/0x200 [ 28.198033] prepare_exit_to_usermode+0x1af/0x210 [ 28.203376] retint_user+0x8/0x18 [ 28.207320] [ 28.207320] other info that might help us debug this: [ 28.207320] [ 28.215432] Chain exists of: [ 28.215432] event_mutex --> &cpuctx_mutex --> &event->child_mutex [ 28.215432] [ 28.226251] Possible unsafe locking scenario: [ 28.226251] [ 28.232366] CPU0 CPU1 [ 28.237001] ---- ---- [ 28.241638] lock(&event->child_mutex); [ 28.245669] lock(&cpuctx_mutex); [ 28.251782] lock(&event->child_mutex); [ 28.258338] lock(event_mutex); [ 28.261675] [ 28.261675] *** DEADLOCK *** [ 28.261675] [ 28.267703] 2 locks held by syz-executor208/7997: [ 28.272512] #0: (&ctx->mutex){+.+.}, at: [] perf_event_release_kernel+0x1fe/0x8a0 [ 28.281934] #1: (&event->child_mutex){+.+.}, at: [] perf_event_release_kernel+0x208/0x8a0 [ 28.291968] [ 28.291968] stack backtrace: [ 28.296438] CPU: 1 PID: 7997 Comm: syz-executor208 Not tainted 4.14.298-syzkaller #0 [ 28.304459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 28.313790] Call Trace: [ 28.316362] dump_stack+0x1b2/0x281 [ 28.319965] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 28.325734] __lock_acquire+0x2e0e/0x3f20 [ 28.329852] ? lock_downgrade+0x740/0x740 [ 28.334057] ? list_del_event+0x56c/0x870 [ 28.338175] ? trace_hardirqs_on+0x10/0x10 [ 28.342381] ? mark_held_locks+0xa6/0xf0 [ 28.346410] ? perf_group_detach+0x7f0/0x7f0 [ 28.350792] ? generic_exec_single+0x27e/0x420 [ 28.355346] lock_acquire+0x170/0x3f0 [ 28.359119] ? perf_trace_destroy+0x23/0xf0 [ 28.363502] ? perf_trace_destroy+0x23/0xf0 [ 28.367793] __mutex_lock+0xc4/0x1310 [ 28.371565] ? perf_trace_destroy+0x23/0xf0 [ 28.375860] ? task_function_call+0xed/0x130 [ 28.380249] ? pmu_dev_release+0x20/0x20 [ 28.384283] ? perf_trace_destroy+0x23/0xf0 [ 28.388575] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 28.393993] ? event_function_call+0x1fa/0x3c0 [ 28.398543] ? event_sched_out+0x11b0/0x11b0 [ 28.402925] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 28.408346] ? perf_tp_event_init+0xf0/0xf0 [ 28.412639] perf_trace_destroy+0x23/0xf0 [ 28.416761] ? perf_tp_event_init+0xf0/0xf0 [ 28.421053] _free_event+0x321/0xe20 [ 28.424738] free_event+0x32/0x40 [ 28.428161] perf_event_release_kernel+0x368/0x8a0 [ 28.433063] ? perf_event_release_kernel+0x8a0/0x8a0 [ 28.438145] perf_release+0x33/0x40 [ 28.441743] __fput+0x25f/0x7a0 [ 28.444995] task_work_run+0x11f/0x190 [ 28.448854] do_exit+0xa44/0x2850 [ 28.452279] ? mm_update_next_owner+0x5b0/0x5b0 [ 28.456918] ? get_signal+0x323/0x1ca0 [ 28.460865] ? lock_acquire+0x170/0x3f0 [ 28.464810] ? lock_downgrade+0x740/0x740 [ 28.468929] do_group_exit+0x100/0x2e0 [ 28.473049] get_signal+0x38d/0x1ca0 [ 28.476844] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 28.481930] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 28.487016] do_signal+0x7c/0x1550 [ 28.490534] ? is_prefetch.part.0+0x2f0/0x2f0 [ 28.494999] ? vprintk_func+0x60/0x160 [ 28.498859] ? setup_sigcontext+0x820/0x820 [ 28.503149] ? log_store.cold+0x16/0x16 [ 28.507092] ? up_read+0x17/0x30 [ 28.510442] ? __bad_area_nosemaphore+0x1