2017/11/12 11:12:40 parsed 1 programs
2017/11/12 11:12:40 executed programs: 0
syzkaller login: [   29.962282] 
[   29.962472] ======================================================
[   29.963127] WARNING: possible circular locking dependency detected
[   29.963787] 4.14.0-rc8-next-20171110+ #12 Not tainted
[   29.964355] ------------------------------------------------------
[   29.964989] syz-executor0/3091 is trying to acquire lock:
[   29.965571]  (event_mutex){+.+.}, at: [<ffffffff81775648>] perf_trace_destroy+0x28/0x100
[   29.966429] 
[   29.966429] but task is already holding lock:
[   29.967040]  (&mm->mmap_sem){++++}, at: [<ffffffff81944ec8>] vm_mmap_pgoff+0x198/0x280
[   29.967881] 
[   29.967881] which lock already depends on the new lock.
[   29.967881] 
[   29.968742] 
[   29.968742] the existing dependency chain (in reverse order) is:
[   29.969511] 
[   29.969511] -> #7 (&mm->mmap_sem){++++}:
[   29.970103]        lock_acquire+0x1d5/0x580
[   29.970548]        __might_fault+0x13a/0x1d0
[   29.971003]        _copy_to_user+0x2c/0xc0
[   29.971451]        filldir+0x1a7/0x320
[   29.971871]        dcache_readdir+0x12d/0x5e0
[   29.972341]        iterate_dir+0x1ca/0x540
[   29.972784]        SyS_getdents+0x225/0x450
[   29.973244]        entry_SYSCALL_64_fastpath+0x1f/0x96
[   29.973784] 
[   29.973784] -> #6 (&sb->s_type->i_mutex_key#5){++++}:
[   29.974483]        lockref_put_or_lock+0x19/0x80
[   29.974963] 
[   29.974963] -> #5 ((completion)&req.done){+.+.}:
[   29.975616]        lock_acquire+0x1d5/0x580
[   29.976062]        wait_for_completion+0xcb/0x7b0
[   29.976595]        devtmpfs_create_node+0x32b/0x4a0
[   29.977103]        device_add+0x120f/0x1640
[   29.977603]        device_create_groups_vargs+0x1f3/0x250
[   29.978184]        device_create+0xda/0x110
[   29.978640]        msr_device_create+0x26/0x40
[   29.979116]        cpuhp_invoke_callback+0x2ea/0x1d20
[   29.979658]        cpuhp_thread_fun+0x48b/0x7e0
[   29.980133]        smpboot_thread_fn+0x450/0x7c0
[   29.980636]        kthread+0x37a/0x440
[   29.981037]        ret_from_fork+0x24/0x30
[   29.981465] 
[   29.981465] -> #4 (cpuhp_state-up){+.+.}:
[   29.982088]        lock_acquire+0x1d5/0x580
[   29.982847]        cpuhp_issue_call+0x1e5/0x520
[   29.983343]        __cpuhp_setup_state_cpuslocked+0x2c7/0x5f0
[   29.983992]        __cpuhp_setup_state+0xb0/0x140
[   29.984504]        page_writeback_init+0x4d/0x71
[   29.985013]        pagecache_init+0x48/0x4f
[   29.985463]        start_kernel+0x6bc/0x74f
[   29.985923]        x86_64_start_reservations+0x2a/0x2c
[   29.986469]        x86_64_start_kernel+0x77/0x7a
[   29.986968]        secondary_startup_64+0xa5/0xb0
[   29.987467] 
[   29.987467] -> #3 (cpuhp_state_mutex){+.+.}:
[   29.988099]        lock_acquire+0x1d5/0x580
[   29.988551]        __mutex_lock+0x16f/0x19d0
[   29.989010]        mutex_lock_nested+0x16/0x20
[   29.989496]        __cpuhp_setup_state_cpuslocked+0x5b/0x5f0
[   29.990105]        __cpuhp_setup_state+0xb0/0x140
[   29.990613]        kvm_guest_init+0x1f3/0x20f
[   29.991078]        setup_arch+0x17c4/0x19de
[   29.991528]        start_kernel+0xa5/0x74f
[   29.991970]        x86_64_start_reservations+0x2a/0x2c
[   29.992530]        x86_64_start_kernel+0x77/0x7a
[   29.993040]        secondary_startup_64+0xa5/0xb0
[   29.993567] 
[   29.993567] -> #2 (cpu_hotplug_lock.rw_sem){++++}:
[   29.994232]        lock_acquire+0x1d5/0x580
[   29.994687]        cpus_read_lock+0x42/0x90
[   29.995146]        static_key_slow_inc+0x9d/0x3c0
[   29.995663]        tracepoint_probe_register_prio+0x80d/0x9a0
[   29.996283]        tracepoint_probe_register+0x2a/0x40
[   29.996776]        trace_event_reg+0x167/0x320
[   29.997215]        perf_trace_init+0x4ef/0xab0
[   29.997625]        perf_tp_event_init+0x7d/0xf0
[   29.998042]        perf_try_init_event+0xc9/0x1f0
[   29.998467]        perf_event_alloc+0x1cc6/0x2b00
[   29.998901]        SYSC_perf_event_open+0x842/0x2f10
[   29.999366]        SyS_perf_event_open+0x39/0x50
[   29.999791]        entry_SYSCALL_64_fastpath+0x1f/0x96
[   30.000277] 
[   30.000277] -> #1 (tracepoints_mutex){+.+.}:
[   30.000881]        lock_acquire+0x1d5/0x580
[   30.001342]        __mutex_lock+0x16f/0x19d0
[   30.001788]        mutex_lock_nested+0x16/0x20
[   30.002275]        tracepoint_probe_register_prio+0xa0/0x9a0
[   30.002843]        tracepoint_probe_register+0x2a/0x40
[   30.004134]        trace_event_reg+0x167/0x320
[   30.004680]        perf_trace_init+0x4ef/0xab0
[   30.005241]        perf_tp_event_init+0x7d/0xf0
[   30.005807]        perf_try_init_event+0xc9/0x1f0
[   30.006398]        perf_event_alloc+0x1cc6/0x2b00
[   30.006956]        SYSC_perf_event_open+0x842/0x2f10
[   30.007577]        SyS_perf_event_open+0x39/0x50
[   30.008129]        entry_SYSCALL_64_fastpath+0x1f/0x96
[   30.008770] 
[   30.008770] -> #0 (event_mutex){+.+.}:
[   30.009443]        __lock_acquire+0x3374/0x4770
[   30.009989]        lock_acquire+0x1d5/0x580
[   30.010503]        __mutex_lock+0x16f/0x19d0
[   30.011020]        mutex_lock_nested+0x16/0x20
[   30.011595]        perf_trace_destroy+0x28/0x100
[   30.012189]        tp_perf_event_destroy+0x15/0x20
[   30.012798]        _free_event+0x3bd/0x10f0
[   30.013318]        put_event+0x24/0x30
[   30.013796]        perf_mmap_close+0x60d/0x1010
[   30.014349]        remove_vma+0xb4/0x1b0
[   30.014854]        do_munmap+0x82a/0xdf0
[   30.015351]        mmap_region+0x59e/0x15a0
[   30.015890]        do_mmap+0x6c6/0xe10
[   30.016363]        vm_mmap_pgoff+0x1de/0x280
[   30.016911]        SyS_mmap_pgoff+0x23b/0x5f0
[   30.017479]        SyS_mmap+0x16/0x20
[   30.017939]        entry_SYSCALL_64_fastpath+0x1f/0x96
[   30.018585] 
[   30.018585] other info that might help us debug this:
[   30.018585] 
[   30.019558] Chain exists of:
[   30.019558]   event_mutex --> &sb->s_type->i_mutex_key#5 --> &mm->mmap_sem
[   30.019558] 
[   30.020907]  Possible unsafe locking scenario:
[   30.020907] 
[   30.021637]        CPU0                    CPU1
[   30.022229]        ----                    ----
[   30.022783]   lock(&mm->mmap_sem);
[   30.023221]                                lock(&sb->s_type->i_mutex_key#5);
[   30.024072]                                lock(&mm->mmap_sem);
[   30.024813]   lock(event_mutex);
[   30.025485] 
[   30.025485]  *** DEADLOCK ***
[   30.025485] 
[   30.026099] 1 lock held by syz-executor0/3091:
[   30.026597]  #0:  (&mm->mmap_sem){++++}, at: [<ffffffff81944ec8>] vm_mmap_pgoff+0x198/0x280
[   30.027426] 
[   30.027426] stack backtrace:
[   30.027867] CPU: 3 PID: 3091 Comm: syz-executor0 Not tainted 4.14.0-rc8-next-20171110+ #12
[   30.028857] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
[   30.029907] Call Trace:
[   30.030237]  dump_stack+0x194/0x257
[   30.030690]  ? arch_local_irq_restore+0x53/0x53
[   30.031307]  print_circular_bug+0x503/0x710
[   30.032010]  ? print_circular_bug_entry+0xb0/0xb0
[   30.032677]  ? check_usage+0xb70/0xb70
[   30.033187]  check_prev_add+0x8b1/0x1580
[   30.033752]  ? copy_trace+0x1d0/0x1d0
[   30.034251]  ? check_usage+0xb70/0xb70
[   30.034752]  ? __lock_acquire+0x3374/0x4770
[   30.035328]  ? __lock_acquire+0x3374/0x4770
[   30.035891]  __lock_acquire+0x3374/0x4770
[   30.036460]  ? __lock_acquire+0x3374/0x4770
[   30.037072]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   30.037708]  ? task_change_group_fair+0x860/0x860
[   30.038385]  ? update_curr+0x31c/0xa60
[   30.038904]  ? print_usage_bug+0x480/0x480
[   30.039449]  ? lock_release+0xd70/0xd70
[   30.039950]  ? __lock_acquire+0x739/0x4770
[   30.040541]  ? check_noncircular+0x20/0x20
[   30.041173]  ? update_curr+0x47b/0xa60
[   30.041650]  ? print_usage_bug+0x480/0x480
[   30.042301]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   30.043045]  ? print_usage_bug+0x480/0x480
[   30.043641]  ? check_noncircular+0x20/0x20
[   30.044240]  ? check_noncircular+0x20/0x20
[   30.044763]  ? __lock_acquire+0x739/0x4770
[   30.045282]  ? check_noncircular+0x20/0x20
[   30.045814]  ? perf_event_detach_bpf_prog+0x92/0x3d0
[   30.046408]  lock_acquire+0x1d5/0x580
[   30.047178]  ? perf_trace_destroy+0x28/0x100
[   30.047657]  ? lock_release+0xd70/0xd70
[   30.048110]  ? trace_event_raw_event_sched_switch+0x8a0/0x8a0
[   30.048797]  ? perf_event_detach_bpf_prog+0x92/0x3d0
[   30.049356]  ? preempt_notifier_dec+0x20/0x20
[   30.049926]  ? rcu_note_context_switch+0x710/0x710
[   30.050511]  ? __might_sleep+0x95/0x190
[   30.050983]  ? perf_trace_destroy+0x28/0x100
[   30.051513]  __mutex_lock+0x16f/0x19d0
[   30.051972]  ? perf_trace_destroy+0x28/0x100
[   30.052494]  ? perf_trace_destroy+0x28/0x100
[   30.053013]  ? lock_downgrade+0x990/0x990
[   30.053513]  ? mutex_lock_io_nested+0x1880/0x1880
[   30.054093]  ? print_usage_bug+0x480/0x480
[   30.054594]  ? find_held_lock+0x39/0x1d0
[   30.055077]  ? check_noncircular+0x20/0x20
[   30.055586]  ? __mutex_unlock_slowpath+0xe9/0xac0
[   30.056165]  ? wait_for_completion+0x7b0/0x7b0
[   30.056717]  ? __wake_up_common_lock+0x190/0x310
[   30.057285]  ? find_held_lock+0x39/0x1d0
[   30.057770]  ? check_noncircular+0x20/0x20
[   30.058278]  ? perf_addr_filters_splice+0x18f/0x810
[   30.058882]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[   30.059495]  ? free_filters_list+0x2f0/0x2f0
[   30.060025]  ? mutex_unlock+0xd/0x10
[   30.060474]  ? __lock_is_held+0xbc/0x140
[   30.060960]  mutex_lock_nested+0x16/0x20
[   30.061442]  ? mutex_lock_nested+0x16/0x20
[   30.061943]  perf_trace_destroy+0x28/0x100
[   30.062440]  ? perf_tp_event_init+0xf0/0xf0
[   30.062949]  tp_perf_event_destroy+0x15/0x20
[   30.063473]  _free_event+0x3bd/0x10f0
[   30.063925]  ? ring_buffer_attach+0x830/0x830
[   30.064458]  ? wait_for_completion+0x7b0/0x7b0
[   30.064999]  ? ring_buffer_put+0x140/0x140
[   30.065498]  ? lock_release+0xd70/0xd70
[   30.065964]  ? atomic_dec_and_mutex_lock+0x112/0x150
[   30.066565]  ? atomic_dec_and_mutex_lock+0x112/0x150
[   30.067170]  put_event+0x24/0x30
[   30.067917]  perf_mmap_close+0x60d/0x1010
[   30.068267]  ? perf_compat_ioctl+0x70/0x70
[   30.068776]  ? save_stack+0x43/0xd0
[   30.069206]  ? check_noncircular+0x20/0x20
[   30.069709]  ? do_munmap+0x82a/0xdf0
[   30.070158]  ? mmap_region+0x59e/0x15a0
[   30.070634]  ? do_mmap+0x6c6/0xe10
[   30.071061]  ? SyS_mmap_pgoff+0x23b/0x5f0
[   30.071562]  ? SyS_mmap+0x16/0x20
[   30.071980]  ? entry_SYSCALL_64_fastpath+0x1f/0x96
[   30.072575]  ? unmap_region+0x35c/0x4f0
[   30.073048]  ? up_read+0x40/0x40
[   30.073450]  ? check_noncircular+0x20/0x20
[   30.073953]  ? reusable_anon_vma+0x560/0x560
[   30.074476]  ? __lock_is_held+0xbc/0x140
[   30.074970]  ? trace_event_raw_event_sched_switch+0x8a0/0x8a0
[   30.075671]  ? rcu_note_context_switch+0x710/0x710
[   30.076257]  ? __might_sleep+0x95/0x190
[   30.076740]  ? perf_compat_ioctl+0x70/0x70
[   30.077244]  remove_vma+0xb4/0x1b0
[   30.077665]  do_munmap+0x82a/0xdf0
[   30.078094]  mmap_region+0x59e/0x15a0
[   30.078552]  ? SyS_brk+0x6f0/0x6f0
[   30.078979]  ? arch_get_unmapped_area_topdown+0xba/0x8a0
[   30.079627]  ? arch_get_unmapped_area+0x750/0x750
[   30.080208]  ? lock_acquire+0x1d5/0x580
[   30.080691]  ? vm_mmap_pgoff+0x198/0x280
[   30.081174]  ? filp_close+0x1a1/0x240
[   30.081512]  ? selinux_mmap_addr+0x1f/0xf0
[   30.081862]  ? security_mmap_addr+0x79/0xa0
[   30.082218]  ? get_unmapped_area+0x265/0x300
[   30.082581]  do_mmap+0x6c6/0xe10
[   30.082860]  ? mmap_region+0x15a0/0x15a0
[   30.083196]  ? vm_mmap_pgoff+0x198/0x280
[   30.083531]  ? down_read_killable+0x180/0x180
[   30.083903]  ? security_mmap_file+0x143/0x180
[   30.084274]  vm_mmap_pgoff+0x1de/0x280
[   30.084633]  ? vma_is_stack_for_current+0xa0/0xa0
[   30.085036]  ? _raw_spin_unlock_irq+0x27/0x70
[   30.085408]  ? SyS_futex+0x269/0x390
[   30.085715]  SyS_mmap_pgoff+0x23b/0x5f0
[   30.086044]  ? find_mergeable_anon_vma+0xd0/0xd0
[   30.086437]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   30.086851]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   30.087245]  SyS_mmap+0x16/0x20
[   30.087516]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   30.087908] RIP: 0033:0x447c99
[   30.088171] RSP: 002b:00007fef473f4bd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[   30.089624] RAX: ffffffffffffffda RBX: 00007fef473f56cc RCX: 0000000000447c99
[   30.090531] RDX: 0000000000000003 RSI: 0000000000292000 RDI: 0000000020000000
[   30.091445] RBP: 0000000000000086 R08: ffffffffffffffff R09: 0000000000000000
[   30.092365] R10: 0000000000000032 R11: 0000000000000246 R12: 0000000000000000
[   30.093281] R13: 0000000000000000 R14: 00007fef473f59c0 R15: 00007fef473f5700