INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-upstream-kasan-gce-386-2,10.128.0.19' (ECDSA) to the list of known hosts. 2017/10/02 12:36:03 parsed 1 programs 2017/10/02 12:36:03 executed programs: 0 syzkaller login: [ 34.981809] [ 34.982130] ====================================================== [ 34.983108] WARNING: possible circular locking dependency detected [ 34.983946] 4.14.0-rc3+ #22 Not tainted [ 34.984473] ------------------------------------------------------ [ 34.985302] syz-executor0/4613 is trying to acquire lock: [ 34.986029] (event_mutex){+.+.}, at: [] perf_trace_destroy+0x28/0x100 [ 34.987113] [ 34.987113] but task is already holding lock: [ 34.987901] (&mm->mmap_sem){++++}, at: [] vm_mmap_pgoff+0x198/0x280 [ 34.988970] [ 34.988970] which lock already depends on the new lock. [ 34.988970] [ 34.990065] [ 34.990065] the existing dependency chain (in reverse order) is: [ 34.991068] [ 34.991068] -> #7 (&mm->mmap_sem){++++}: [ 34.991822] __lock_acquire+0x328f/0x4620 [ 34.992440] lock_acquire+0x1d5/0x580 [ 34.993016] __might_fault+0x13a/0x1d0 [ 34.993616] _copy_to_user+0x2c/0xc0 [ 34.994178] filldir+0x1a7/0x320 [ 34.994752] dcache_readdir+0x12d/0x5e0 [ 34.995352] iterate_dir+0x4b2/0x5d0 [ 34.995922] SyS_getdents+0x225/0x450 [ 34.996499] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 34.997200] [ 34.997200] -> #6 (&sb->s_type->i_mutex_key#5){++++}: [ 34.998093] down_write+0x87/0x120 [ 34.998638] handle_create+0x30c/0x760 [ 34.999224] devtmpfsd+0x3b4/0x4b0 [ 34.999769] kthread+0x39c/0x470 [ 35.000307] ret_from_fork+0x2a/0x40 [ 35.000868] [ 35.000868] -> #5 ((complete)&req.done){+.+.}: [ 35.001672] __lock_acquire+0x328f/0x4620 [ 35.002300] lock_acquire+0x1d5/0x580 [ 35.006601] wait_for_completion+0xcb/0x7b0 [ 35.011441] devtmpfs_create_node+0x32b/0x4a0 [ 35.016468] device_add+0x120f/0x1640 [ 35.020786] device_create_groups_vargs+0x1f3/0x250 [ 35.026309] device_create+0xda/0x110 [ 35.030620] msr_device_create+0x26/0x40 [ 35.035204] cpuhp_invoke_callback+0x2ea/0x1d20 [ 35.040386] cpuhp_thread_fun+0x48b/0x7e0 [ 35.045036] smpboot_thread_fn+0x450/0x7c0 [ 35.049779] kthread+0x39c/0x470 [ 35.053643] ret_from_fork+0x2a/0x40 [ 35.057857] [ 35.057857] -> #4 (cpuhp_state-up){+.+.}: [ 35.063482] __lock_acquire+0x328f/0x4620 [ 35.068130] lock_acquire+0x1d5/0x580 [ 35.072446] cpuhp_issue_call+0x1e6/0x4b0 [ 35.077121] __cpuhp_setup_state_cpuslocked+0x2c7/0x5f0 [ 35.082997] __cpuhp_setup_state+0xb0/0x140 [ 35.087827] page_writeback_init+0x4d/0x71 [ 35.092577] pagecache_init+0x48/0x4f [ 35.096887] start_kernel+0x6c1/0x754 [ 35.101195] x86_64_start_reservations+0x2a/0x2c [ 35.106452] x86_64_start_kernel+0x77/0x7a [ 35.111193] verify_cpu+0x0/0xfb [ 35.115050] [ 35.115050] -> #3 (cpuhp_state_mutex){+.+.}: [ 35.120914] __lock_acquire+0x328f/0x4620 [ 35.125562] lock_acquire+0x1d5/0x580 [ 35.129859] __mutex_lock+0x16f/0x19d0 [ 35.134234] mutex_lock_nested+0x16/0x20 [ 35.138784] __cpuhp_setup_state_cpuslocked+0x5b/0x5f0 [ 35.144544] __cpuhp_setup_state+0xb0/0x140 [ 35.149349] kvm_guest_init+0x1f3/0x20f [ 35.153810] setup_arch+0x1879/0x1a93 [ 35.158095] start_kernel+0xa5/0x754 [ 35.162292] x86_64_start_reservations+0x2a/0x2c [ 35.167530] x86_64_start_kernel+0x77/0x7a [ 35.172249] verify_cpu+0x0/0xfb [ 35.176096] [ 35.176096] -> #2 (cpu_hotplug_lock.rw_sem){++++}: [ 35.182472] __lock_acquire+0x328f/0x4620 [ 35.187105] lock_acquire+0x1d5/0x580 [ 35.191388] cpus_read_lock+0x42/0x90 [ 35.195676] static_key_slow_inc+0x9d/0x3c0 [ 35.200488] tracepoint_probe_register_prio+0x80d/0x9a0 [ 35.206342] tracepoint_probe_register+0x2a/0x40 [ 35.211582] trace_event_reg+0x167/0x320 [ 35.216128] perf_trace_init+0x4ef/0xab0 [ 35.220672] perf_tp_event_init+0x7d/0xf0 [ 35.225305] perf_try_init_event+0xc9/0x1f0 [ 35.230109] perf_event_alloc+0x1c5b/0x2a00 [ 35.234916] SYSC_perf_event_open+0x84e/0x2e00 [ 35.239987] SyS_perf_event_open+0x39/0x50 [ 35.244709] do_fast_syscall_32+0x3f2/0xf05 [ 35.249522] entry_SYSENTER_compat+0x51/0x60 [ 35.254415] [ 35.254415] -> #1 (tracepoints_mutex){+.+.}: [ 35.260275] __lock_acquire+0x328f/0x4620 [ 35.264906] lock_acquire+0x1d5/0x580 [ 35.269189] __mutex_lock+0x16f/0x19d0 [ 35.273562] mutex_lock_nested+0x16/0x20 [ 35.278109] tracepoint_probe_register_prio+0xa0/0x9a0 [ 35.283871] tracepoint_probe_register+0x2a/0x40 [ 35.289110] trace_event_reg+0x167/0x320 [ 35.293654] perf_trace_init+0x4ef/0xab0 [ 35.298200] perf_tp_event_init+0x7d/0xf0 [ 35.302831] perf_try_init_event+0xc9/0x1f0 [ 35.307635] perf_event_alloc+0x1c5b/0x2a00 [ 35.312439] SYSC_perf_event_open+0x84e/0x2e00 [ 35.317511] SyS_perf_event_open+0x39/0x50 [ 35.322229] do_fast_syscall_32+0x3f2/0xf05 [ 35.327033] entry_SYSENTER_compat+0x51/0x60 [ 35.331923] [ 35.331923] -> #0 (event_mutex){+.+.}: [ 35.337270] check_prev_add+0x865/0x1520 [ 35.341821] __lock_acquire+0x328f/0x4620 [ 35.346459] lock_acquire+0x1d5/0x580 [ 35.350741] __mutex_lock+0x16f/0x19d0 [ 35.355111] mutex_lock_nested+0x16/0x20 [ 35.359654] perf_trace_destroy+0x28/0x100 [ 35.364371] tp_perf_event_destroy+0x15/0x20 [ 35.369266] _free_event+0x41d/0x1170 [ 35.373552] put_event+0x24/0x30 [ 35.377401] perf_mmap_close+0x60d/0xf90 [ 35.381946] remove_vma+0xb4/0x1b0 [ 35.385969] do_munmap+0x82a/0xdf0 [ 35.389995] mmap_region+0x59e/0x15a0 [ 35.394282] do_mmap+0x6a1/0xd50 [ 35.398134] vm_mmap_pgoff+0x1de/0x280 [ 35.402506] SyS_mmap_pgoff+0x462/0x5f0 [ 35.406966] do_fast_syscall_32+0x3f2/0xf05 [ 35.411770] entry_SYSENTER_compat+0x51/0x60 [ 35.416660] [ 35.416660] other info that might help us debug this: [ 35.416660] [ 35.424764] Chain exists of: [ 35.424764] event_mutex --> &sb->s_type->i_mutex_key#5 --> &mm->mmap_sem [ 35.424764] [ 35.436095] Possible unsafe locking scenario: [ 35.436095] [ 35.442122] CPU0 CPU1 [ 35.446751] ---- ---- [ 35.451382] lock(&mm->mmap_sem); [ 35.454885] lock(&sb->s_type->i_mutex_key#5); [ 35.462041] lock(&mm->mmap_sem); [ 35.468061] lock(event_mutex); [ 35.471392] [ 35.471392] *** DEADLOCK *** [ 35.471392] [ 35.477423] 1 lock held by syz-executor0/4613: [ 35.481970] #0: (&mm->mmap_sem){++++}, at: [] vm_mmap_pgoff+0x198/0x280 [ 35.490431] [ 35.490431] stack backtrace: [ 35.494892] CPU: 1 PID: 4613 Comm: syz-executor0 Not tainted 4.14.0-rc3+ #22 [ 35.502040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.511366] Call Trace: [ 35.513918] dump_stack+0x194/0x257 [ 35.517511] ? arch_local_irq_restore+0x53/0x53 [ 35.522147] print_circular_bug+0x503/0x710 [ 35.526434] ? print_circular_bug_entry+0xb0/0xb0 [ 35.531238] ? __unwind_start+0x169/0x330 [ 35.535353] ? __kernel_text_address+0xd/0x40 [ 35.539813] ? unwind_get_return_address+0x61/0xa0 [ 35.544706] check_prev_add+0x865/0x1520 [ 35.548733] ? copy_trace+0x1d0/0x1d0 [ 35.552498] ? check_usage+0xb70/0xb70 [ 35.556350] ? __read_once_size_nocheck.constprop.8+0x10/0x10 [ 35.562199] ? hlock_class+0x140/0x140 [ 35.566049] ? copy_trace+0x1d0/0x1d0 [ 35.569813] __lock_acquire+0x328f/0x4620 [ 35.573926] ? __lock_acquire+0x328f/0x4620 [ 35.578212] ? unwind_next_frame.part.6+0x1ae/0xc70 [ 35.583190] ? copy_trace+0x1d0/0x1d0 [ 35.586956] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 35.592109] ? __unwind_start+0x169/0x330 [ 35.596221] ? __kernel_text_address+0xd/0x40 [ 35.600681] ? unwind_next_frame.part.6+0x1ae/0xc70 [ 35.605663] ? unwind_next_frame.part.6+0x1ae/0xc70 [ 35.610642] ? unwind_dump+0x4c0/0x4c0 [ 35.614492] ? unwind_dump+0x4c0/0x4c0 [ 35.618343] ? mmap_region+0x59e/0x15a0 [ 35.622279] ? update_curr+0x2cf/0x800 [ 35.626131] ? __unwind_start+0x169/0x330 [ 35.630242] ? __kernel_text_address+0xd/0x40 [ 35.634699] ? unwind_get_return_address+0x61/0xa0 [ 35.639591] ? __save_stack_trace+0x61/0xd0 [ 35.643875] ? remove_vma+0xb4/0x1b0 [ 35.647552] ? save_stack_trace+0x16/0x20 [ 35.651663] ? __lock_acquire+0x20fd/0x4620 [ 35.655949] ? __unwind_start+0x169/0x330 [ 35.660062] ? __kernel_text_address+0xd/0x40 [ 35.664520] ? unwind_get_return_address+0x61/0xa0 [ 35.669413] ? check_noncircular+0x20/0x20 [ 35.673611] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 35.678762] ? mmap_region+0x59e/0x15a0 [ 35.682701] ? __lock_acquire+0x20fd/0x4620 [ 35.686985] ? mark_held_locks+0xb2/0x100 [ 35.691098] lock_acquire+0x1d5/0x580 [ 35.694861] ? perf_trace_destroy+0x28/0x100 [ 35.699235] ? finish_task_switch+0x1d3/0x740 [ 35.703692] ? lock_release+0xd70/0xd70 [ 35.707631] ? check_same_owner+0x320/0x320 [ 35.711913] ? preempt_notifier_dec+0x20/0x20 [ 35.716374] ? __might_sleep+0x95/0x190 [ 35.720312] ? perf_trace_destroy+0x28/0x100 [ 35.724683] __mutex_lock+0x16f/0x19d0 [ 35.728533] ? perf_trace_destroy+0x28/0x100 [ 35.732991] ? __sched_text_start+0x8/0x8 [ 35.737103] ? perf_trace_destroy+0x28/0x100 [ 35.741478] ? check_noncircular+0x20/0x20 [ 35.745676] ? mutex_lock_io_nested+0x1880/0x1880 [ 35.750481] ? lock_acquire+0x1d5/0x580 [ 35.754418] ? print_usage_bug+0x480/0x480 [ 35.758619] ? find_held_lock+0x39/0x1d0 [ 35.762642] ? check_noncircular+0x20/0x20 [ 35.766841] ? lock_downgrade+0x990/0x990 [ 35.770950] ? __mutex_lock+0x16f/0x19d0 [ 35.774976] ? __wake_up_common_lock+0x190/0x310 [ 35.779696] ? find_held_lock+0x39/0x1d0 [ 35.783719] ? check_noncircular+0x20/0x20 [ 35.787921] ? perf_addr_filters_splice+0x18f/0x810 [ 35.792901] ? lock_downgrade+0x990/0x990 [ 35.797015] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 35.802086] ? free_filters_list+0x2f0/0x2f0 [ 35.806456] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 35.811441] ? trace_hardirqs_on+0xd/0x10 [ 35.815558] ? __lock_is_held+0xbc/0x140 [ 35.819584] mutex_lock_nested+0x16/0x20 [ 35.823606] ? mutex_lock_nested+0x16/0x20 [ 35.827806] perf_trace_destroy+0x28/0x100 [ 35.832006] ? perf_tp_event_init+0xf0/0xf0 [ 35.836294] tp_perf_event_destroy+0x15/0x20 [ 35.840665] _free_event+0x41d/0x1170 [ 35.844431] ? ring_buffer_attach+0x830/0x830 [ 35.848890] ? wait_for_completion+0x7b0/0x7b0 [ 35.853436] ? ring_buffer_put+0x140/0x140 [ 35.857635] ? lock_release+0xd70/0xd70 [ 35.861573] ? check_same_owner+0x320/0x320 [ 35.865858] ? atomic_dec_and_mutex_lock+0x112/0x150 [ 35.870928] put_event+0x24/0x30 [ 35.874265] perf_mmap_close+0x60d/0xf90 [ 35.878296] ? tlb_flush_mmu_free+0xeb/0x160 [ 35.882671] ? perf_compat_ioctl+0x70/0x70 [ 35.886871] ? tlb_gather_mmu+0x70/0x70 [ 35.890809] ? check_noncircular+0x20/0x20 [ 35.895008] ? free_pgtables+0x283/0x330 [ 35.899038] ? unmap_region+0x35c/0x4f0 [ 35.902976] ? futex_wait_setup+0x3d0/0x3d0 [ 35.907263] ? reusable_anon_vma+0x560/0x560 [ 35.911635] ? __lock_is_held+0xbc/0x140 [ 35.915663] ? check_same_owner+0x320/0x320 [ 35.919949] ? __might_sleep+0x95/0x190 [ 35.923885] ? perf_compat_ioctl+0x70/0x70 [ 35.928093] remove_vma+0xb4/0x1b0 [ 35.931595] do_munmap+0x82a/0xdf0 [ 35.935100] mmap_region+0x59e/0x15a0 [ 35.938866] ? SyS_brk+0x6f0/0x6f0 [ 35.942370] ? arch_get_unmapped_area_topdown+0xba/0x8a0 [ 35.947784] ? arch_get_unmapped_area+0x750/0x750 [ 35.952592] ? lock_acquire+0x1d5/0x580 [ 35.956530] ? vm_mmap_pgoff+0x198/0x280 [ 35.960561] ? selinux_mmap_addr+0x1f/0xf0 [ 35.964761] ? security_mmap_addr+0x79/0xa0 [ 35.969054] ? get_unmapped_area+0x265/0x300 [ 35.973426] do_mmap+0x6a1/0xd50 [ 35.976757] ? mmap_region+0x15a0/0x15a0 [ 35.980779] ? vm_mmap_pgoff+0x198/0x280