Warning: Permanently added '10.128.0.249' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 28.296867] [ 28.298678] ====================================================== [ 28.305022] WARNING: possible circular locking dependency detected [ 28.311357] 4.14.206-syzkaller #0 Not tainted [ 28.315825] ------------------------------------------------------ [ 28.322115] syz-executor432/8003 is trying to acquire lock: [ 28.327799] (event_mutex){+.+.}, at: [] perf_trace_destroy+0x23/0xf0 [ 28.335925] [ 28.335925] but task is already holding lock: [ 28.341904] (&event->child_mutex){+.+.}, at: [] perf_event_release_kernel+0x208/0x8a0 [ 28.351529] [ 28.351529] which lock already depends on the new lock. [ 28.351529] [ 28.359820] [ 28.359820] the existing dependency chain (in reverse order) is: [ 28.367416] [ 28.367416] -> #5 (&event->child_mutex){+.+.}: [ 28.373479] __mutex_lock+0xc4/0x1310 [ 28.377779] perf_event_for_each_child+0x82/0x140 [ 28.383130] _perf_ioctl+0x3e9/0x1a80 [ 28.387447] perf_ioctl+0x55/0x80 [ 28.391409] do_vfs_ioctl+0x75a/0xff0 [ 28.395706] SyS_ioctl+0x7f/0xb0 [ 28.399567] do_syscall_64+0x1d5/0x640 [ 28.403951] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.409658] [ 28.409658] -> #4 (&cpuctx_mutex){+.+.}: [ 28.415185] __mutex_lock+0xc4/0x1310 [ 28.419485] perf_event_init_cpu+0xb7/0x170 [ 28.424303] perf_event_init+0x2cc/0x308 [ 28.428876] start_kernel+0x46a/0x770 [ 28.433377] secondary_startup_64+0xa5/0xb0 [ 28.438198] [ 28.438198] -> #3 (pmus_lock){+.+.}: [ 28.443529] __mutex_lock+0xc4/0x1310 [ 28.447833] perf_event_init_cpu+0x2c/0x170 [ 28.452858] cpuhp_invoke_callback+0x1e6/0x1a80 [ 28.458100] _cpu_up+0x219/0x500 [ 28.461980] do_cpu_up+0x9a/0x160 [ 28.465934] smp_init+0x197/0x1ac [ 28.469911] kernel_init_freeable+0x3f4/0x614 [ 28.474921] kernel_init+0xd/0x167 [ 28.478978] ret_from_fork+0x24/0x30 [ 28.483186] [ 28.483186] -> #2 (cpu_hotplug_lock.rw_sem){++++}: [ 28.489592] cpus_read_lock+0x39/0xc0 [ 28.493888] static_key_slow_inc+0xe/0x20 [ 28.498550] tracepoint_add_func+0x517/0x750 [ 28.503475] tracepoint_probe_register+0x8c/0xc0 [ 28.508743] trace_event_reg+0x272/0x330 [ 28.513314] perf_trace_init+0x424/0xa30 [ 28.517873] perf_tp_event_init+0x79/0xf0 [ 28.522531] perf_try_init_event+0x15b/0x1f0 [ 28.527469] perf_event_alloc.part.0+0xe2d/0x2640 [ 28.532807] SyS_perf_event_open+0x67f/0x24b0 [ 28.537885] do_syscall_64+0x1d5/0x640 [ 28.542278] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.548062] [ 28.548062] -> #1 (tracepoints_mutex){+.+.}: [ 28.553941] __mutex_lock+0xc4/0x1310 [ 28.558250] tracepoint_probe_register+0x68/0xc0 [ 28.563511] trace_event_reg+0x272/0x330 [ 28.568080] perf_trace_init+0x424/0xa30 [ 28.572636] perf_tp_event_init+0x79/0xf0 [ 28.577303] perf_try_init_event+0x15b/0x1f0 [ 28.582206] perf_event_alloc.part.0+0xe2d/0x2640 [ 28.587542] SyS_perf_event_open+0x67f/0x24b0 [ 28.592530] do_syscall_64+0x1d5/0x640 [ 28.596913] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.602594] [ 28.602594] -> #0 (event_mutex){+.+.}: [ 28.607955] lock_acquire+0x170/0x3f0 [ 28.612253] __mutex_lock+0xc4/0x1310 [ 28.616562] perf_trace_destroy+0x23/0xf0 [ 28.621205] _free_event+0x321/0xe20 [ 28.625428] free_event+0x32/0x40 [ 28.629407] perf_event_release_kernel+0x368/0x8a0 [ 28.634844] perf_release+0x33/0x40 [ 28.638978] __fput+0x25f/0x7a0 [ 28.642751] task_work_run+0x11f/0x190 [ 28.647132] do_exit+0xa08/0x27f0 [ 28.651077] do_group_exit+0x100/0x2e0 [ 28.655472] get_signal+0x38d/0x1ca0 [ 28.659680] do_signal+0x7c/0x1550 [ 28.663714] exit_to_usermode_loop+0x160/0x200 [ 28.668802] do_syscall_64+0x4a3/0x640 [ 28.673185] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.678866] [ 28.678866] other info that might help us debug this: [ 28.678866] [ 28.686992] Chain exists of: [ 28.686992] event_mutex --> &cpuctx_mutex --> &event->child_mutex [ 28.686992] [ 28.697729] Possible unsafe locking scenario: [ 28.697729] [ 28.703876] CPU0 CPU1 [ 28.708578] ---- ---- [ 28.713223] lock(&event->child_mutex); [ 28.717257] lock(&cpuctx_mutex); [ 28.723286] lock(&event->child_mutex); [ 28.729884] lock(event_mutex); [ 28.733263] [ 28.733263] *** DEADLOCK *** [ 28.733263] [ 28.739297] 2 locks held by syz-executor432/8003: [ 28.744125] #0: (&ctx->mutex){+.+.}, at: [] perf_event_release_kernel+0x1fe/0x8a0 [ 28.753466] #1: (&event->child_mutex){+.+.}, at: [] perf_event_release_kernel+0x208/0x8a0 [ 28.763510] [ 28.763510] stack backtrace: [ 28.767984] CPU: 0 PID: 8003 Comm: syz-executor432 Not tainted 4.14.206-syzkaller #0 [ 28.775849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.785205] Call Trace: [ 28.787784] dump_stack+0x1b2/0x283 [ 28.791401] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 28.797175] __lock_acquire+0x2e0e/0x3f20 [ 28.801300] ? list_del_event+0x56c/0x870 [ 28.805479] ? trace_hardirqs_on+0x10/0x10 [ 28.809739] ? do_raw_spin_unlock+0x164/0x220 [ 28.814221] ? mark_held_locks+0xa6/0xf0 [ 28.818261] ? perf_group_detach+0x7f0/0x7f0 [ 28.822657] ? generic_exec_single+0x27e/0x420 [ 28.827228] ? generic_exec_single+0x127/0x420 [ 28.831786] lock_acquire+0x170/0x3f0 [ 28.835576] ? perf_trace_destroy+0x23/0xf0 [ 28.839871] ? perf_trace_destroy+0x23/0xf0 [ 28.844168] __mutex_lock+0xc4/0x1310 [ 28.847958] ? perf_trace_destroy+0x23/0xf0 [ 28.852268] ? task_function_call+0xed/0x130 [ 28.856662] ? pmu_dev_release+0x20/0x20 [ 28.860698] ? perf_trace_destroy+0x23/0xf0 [ 28.865000] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 28.870434] ? event_function_call+0x1fa/0x3c0 [ 28.875004] ? event_sched_out+0x11b0/0x11b0 [ 28.879396] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 28.884911] ? perf_tp_event_init+0xf0/0xf0 [ 28.889222] perf_trace_destroy+0x23/0xf0 [ 28.893347] ? perf_tp_event_init+0xf0/0xf0 [ 28.897649] _free_event+0x321/0xe20 [ 28.901357] free_event+0x32/0x40 [ 28.904784] perf_event_release_kernel+0x368/0x8a0 [ 28.909895] ? perf_event_release_kernel+0x8a0/0x8a0 [ 28.914976] perf_release+0x33/0x40 [ 28.918584] __fput+0x25f/0x7a0 [ 28.921840] task_work_run+0x11f/0x190 [ 28.925704] do_exit+0xa08/0x27f0 [ 28.929146] ? lock_acquire+0x170/0x3f0 [ 28.933092] ? lock_downgrade+0x740/0x740 [ 28.937217] ? mm_update_next_owner+0x5b0/0x5b0 [ 28.941861] ? get_signal+0x323/0x1ca0 [ 28.945726] ? lock_acquire+0x170/0x3f0 [ 28.949674] ? lock_downgrade+0x740/0x740 [ 28.953813] do_group_exit+0x100/0x2e0 [ 28.957677] get_signal+0x38d/0x1ca0 [ 28.961410] ? vfs_writev+0x18d/0x290 [ 28.965242] do_signal+0x7c/0x1550 [ 28.968760] ? vfs_iter_write+0xa0/0xa0 [ 28.972709] ? debug_check_no_obj_freed+0x2c0/0x674 [ 28.977736] ? setup_sigcontext+0x820/0x820 [ 28.982069] ? kmem_cache_free+0x23a/0x2b0 [ 28.986276] ? putname+0xcd/0x110 [ 28.989816] ? exit_to_usermode_loop+0x41/0x200 [ 28.994467] exit_to_usermode_loop+0x160/0x200 [ 28.999035] do_syscall_64+0x4a3/0x640 [ 29.003358] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.008521] RIP: 0033:0x41201e [ 29.011691] RSP: 002b:00007ffdffea7390 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 29.019382] RAX: ffffffffffffffe0 RBX: 0000000000000044 RCX: 000000000041201e [ 29.026642] RDX: 0000000000000005 RSI: 00007ffdffea7390 RDI: 0000000000000002 [ 29.033904] RBP: 00007ffdffea7570 R08: 0000000000000005 R09: 0000000000000014 [ 29.041149] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000004 [ 29.048395] R13: 00