[[0;32m  OK  [0m] Started getty on tty2-tty6 if dbus and logind are not available.
[[0;32m  OK  [0m] Started OpenBSD Secure Shell server.
[[0;32m  OK  [0m] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch.
[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.216' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   27.418623] 
[   27.420271] ======================================================
[   27.426562] WARNING: possible circular locking dependency detected
[   27.432864] 4.14.294-syzkaller #0 Not tainted
[   27.437332] ------------------------------------------------------
[   27.443639] syz-executor424/7961 is trying to acquire lock:
[   27.449755]  (event_mutex){+.+.}, at: [<ffffffff815b1463>] perf_trace_destroy+0x23/0xf0
[   27.457883] 
[   27.457883] but task is already holding lock:
[   27.463831]  (&event->child_mutex){+.+.}, at: [<ffffffff81659408>] perf_event_release_kernel+0x208/0x8a0
[   27.473436] 
[   27.473436] which lock already depends on the new lock.
[   27.473436] 
[   27.481730] 
[   27.481730] the existing dependency chain (in reverse order) is:
[   27.489327] 
[   27.489327] -> #5 (&event->child_mutex){+.+.}:
[   27.495464]        __mutex_lock+0xc4/0x1310
[   27.499763]        perf_event_for_each_child+0x82/0x140
[   27.505198]        _perf_ioctl+0x3db/0x1a60
[   27.509531]        perf_ioctl+0x55/0x80
[   27.513480]        do_vfs_ioctl+0x75a/0xff0
[   27.517773]        SyS_ioctl+0x7f/0xb0
[   27.521636]        do_syscall_64+0x1d5/0x640
[   27.526022]        entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   27.531706] 
[   27.531706] -> #4 (&cpuctx_mutex){+.+.}:
[   27.537226]        __mutex_lock+0xc4/0x1310
[   27.541528]        perf_event_init_cpu+0xb7/0x170
[   27.546348]        perf_event_init+0x2cc/0x308
[   27.550903]        start_kernel+0x45d/0x763
[   27.555199]        secondary_startup_64+0xa5/0xb0
[   27.560013] 
[   27.560013] -> #3 (pmus_lock){+.+.}:
[   27.565189]        __mutex_lock+0xc4/0x1310
[   27.569542]        perf_event_init_cpu+0x2c/0x170
[   27.574360]        cpuhp_invoke_callback+0x1e6/0x1a80
[   27.579535]        _cpu_up+0x21e/0x520
[   27.583396]        do_cpu_up+0x9a/0x160
[   27.587345]        smp_init+0x197/0x1ac
[   27.591357]        kernel_init_freeable+0x406/0x626
[   27.596368]        kernel_init+0xd/0x16a
[   27.600401]        ret_from_fork+0x24/0x30
[   27.604605] 
[   27.604605] -> #2 (cpu_hotplug_lock.rw_sem){++++}:
[   27.611064]        cpus_read_lock+0x39/0xc0
[   27.615557]        static_key_slow_inc+0xe/0x20
[   27.620206]        tracepoint_add_func+0x747/0xa40
[   27.625127]        tracepoint_probe_register+0x8c/0xc0
[   27.630392]        trace_event_reg+0x272/0x330
[   27.634956]        perf_trace_init+0x424/0xa30
[   27.639523]        perf_tp_event_init+0x79/0xf0
[   27.644177]        perf_try_init_event+0x15b/0x1f0
[   27.649088]        perf_event_alloc.part.0+0xe2d/0x2640
[   27.654441]        SyS_perf_event_open+0x683/0x2530
[   27.659446]        do_syscall_64+0x1d5/0x640
[   27.663833]        entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   27.669513] 
[   27.669513] -> #1 (tracepoints_mutex){+.+.}:
[   27.675384]        __mutex_lock+0xc4/0x1310
[   27.679682]        tracepoint_probe_register+0x68/0xc0
[   27.684933]        trace_event_reg+0x272/0x330
[   27.689592]        perf_trace_init+0x424/0xa30
[   27.694152]        perf_tp_event_init+0x79/0xf0
[   27.698808]        perf_try_init_event+0x15b/0x1f0
[   27.703748]        perf_event_alloc.part.0+0xe2d/0x2640
[   27.709091]        SyS_perf_event_open+0x683/0x2530
[   27.714088]        do_syscall_64+0x1d5/0x640
[   27.718565]        entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   27.724249] 
[   27.724249] -> #0 (event_mutex){+.+.}:
[   27.729601]        lock_acquire+0x170/0x3f0
[   27.733909]        __mutex_lock+0xc4/0x1310
[   27.738227]        perf_trace_destroy+0x23/0xf0
[   27.742874]        _free_event+0x321/0xe20
[   27.747080]        free_event+0x32/0x40
[   27.751027]        perf_event_release_kernel+0x368/0x8a0
[   27.756451]        perf_release+0x33/0x40
[   27.760572]        __fput+0x25f/0x7a0
[   27.764352]        task_work_run+0x11f/0x190
[   27.768735]        do_exit+0xa44/0x2850
[   27.772686]        SyS_exit+0x1e/0x20
[   27.776459]        do_syscall_64+0x1d5/0x640
[   27.780841]        entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   27.786522] 
[   27.786522] other info that might help us debug this:
[   27.786522] 
[   27.794637] Chain exists of:
[   27.794637]   event_mutex --> &cpuctx_mutex --> &event->child_mutex
[   27.794637] 
[   27.805367]  Possible unsafe locking scenario:
[   27.805367] 
[   27.811397]        CPU0                    CPU1
[   27.816044]        ----                    ----
[   27.820681]   lock(&event->child_mutex);
[   27.824722]                                lock(&cpuctx_mutex);
[   27.830764]                                lock(&event->child_mutex);
[   27.837315]   lock(event_mutex);
[   27.840653] 
[   27.840653]  *** DEADLOCK ***
[   27.840653] 
[   27.846686] 2 locks held by syz-executor424/7961:
[   27.851498]  #0:  (&ctx->mutex){+.+.}, at: [<ffffffff816593fe>] perf_event_release_kernel+0x1fe/0x8a0
[   27.860847]  #1:  (&event->child_mutex){+.+.}, at: [<ffffffff81659408>] perf_event_release_kernel+0x208/0x8a0
[   27.870880] 
[   27.870880] stack backtrace:
[   27.875351] CPU: 0 PID: 7961 Comm: syz-executor424 Not tainted 4.14.294-syzkaller #0
[   27.883203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/16/2022
[   27.892551] Call Trace:
[   27.895223]  dump_stack+0x1b2/0x281
[   27.898830]  print_circular_bug.constprop.0.cold+0x2d7/0x41e
[   27.904608]  __lock_acquire+0x2e0e/0x3f20
[   27.908733]  ? trace_hardirqs_on+0x10/0x10
[   27.912944]  ? perf_group_detach+0x7f0/0x7f0
[   27.917415]  ? generic_exec_single+0x27e/0x420
[   27.921972]  ? smp_call_function_single+0x1b1/0x370
[   27.926964]  lock_acquire+0x170/0x3f0
[   27.930741]  ? perf_trace_destroy+0x23/0xf0
[   27.935060]  ? perf_trace_destroy+0x23/0xf0
[   27.939444]  __mutex_lock+0xc4/0x1310
[   27.943219]  ? perf_trace_destroy+0x23/0xf0
[   27.947515]  ? task_function_call+0xed/0x130
[   27.951897]  ? pmu_dev_release+0x20/0x20
[   27.955934]  ? perf_trace_destroy+0x23/0xf0
[   27.960233]  ? __ww_mutex_wakeup_for_backoff+0x210/0x210
[   27.965743]  ? event_function_call+0x1fa/0x3c0
[   27.970305]  ? event_sched_out+0x11b0/0x11b0
[   27.974691]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[   27.980123]  ? perf_tp_event_init+0xf0/0xf0
[   27.984424]  perf_trace_destroy+0x23/0xf0
[   27.988545]  ? perf_tp_event_init+0xf0/0xf0
[   27.992930]  _free_event+0x321/0xe20
[   27.996643]  free_event+0x32/0x40
[   28.000070]  perf_event_release_kernel+0x368/0x8a0
[   28.004987]  ? perf_event_release_kernel+0x8a0/0x8a0
[   28.010085]  perf_release+0x33/0x40
[   28.013691]  __fput+0x25f/0x7a0
[   28.017037]  task_work_run+0x11f/0x190
[   28.020918]  do_exit+0xa44/0x2850
[   28.024349]  ? get_timespec64+0xb1/0xf0
[   28.028315]  ? timespec_trunc+0x120/0x120
[   28.032439]  ? mm_update_next_owner+0x5b0/0x5b0
[   28.037087]  ? SyS_clock_nanosleep+0x210/0x2d0
[   28.041641]  ? compat_SyS_clock_getres+0x180/0x180
[   28.046700]  ? __do_page_fault+0x159/0xad0
[   28.050926]  SyS_exit+0x1e/0x20
[   28.054182]  ? complete_and_exit+0x40/0x40
[   28.058393]  do_syscall_64+0x1d5/0x640
[   28.062256]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   28.067420] RIP: 0033:0x7f2b75a992a9
[