INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-upstream-kasan-gce-0,10.128.0.25' (ECDSA) to the list of known hosts. 2017/09/16 00:32:08 parsed 1 programs 2017/09/16 00:32:08 executed programs: 0 syzkaller login: [ 51.411183] [ 51.412879] ====================================================== [ 51.419159] WARNING: possible circular locking dependency detected [ 51.425442] 4.13.0+ #86 Not tainted [ 51.429030] ------------------------------------------------------ [ 51.435311] syz-executor0/2996 is trying to acquire lock: [ 51.440809] (event_mutex){+.+.}, at: [] perf_trace_init+0x58/0xab0 [ 51.448752] [ 51.448752] but task is already holding lock: [ 51.454687] (&ctx->mutex){+.+.}, at: [] perf_event_init_task+0x25b/0x890 [ 51.463147] [ 51.463147] which lock already depends on the new lock. [ 51.463147] [ 51.471428] [ 51.471428] the existing dependency chain (in reverse order) is: [ 51.479010] [ 51.479010] -> #8 (&ctx->mutex){+.+.}: [ 51.484345] __lock_acquire+0x328f/0x4620 [ 51.488977] lock_acquire+0x1d5/0x580 [ 51.493268] __mutex_lock+0x16f/0x1870 [ 51.497638] mutex_lock_nested+0x16/0x20 [ 51.502183] perf_event_ctx_lock_nested+0x1dc/0x3c0 [ 51.507681] perf_read+0xb9/0x970 [ 51.511623] do_iter_read+0x3db/0x5b0 [ 51.515906] vfs_readv+0x121/0x1c0 [ 51.519934] default_file_splice_read+0x508/0xae0 [ 51.525258] do_splice_to+0x110/0x170 [ 51.529544] SyS_splice+0x11a8/0x1630 [ 51.533827] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 51.539066] [ 51.539066] -> #7 (&pipe->mutex/1){+.+.}: [ 51.544661] __lock_acquire+0x328f/0x4620 [ 51.549293] lock_acquire+0x1d5/0x580 [ 51.553579] __mutex_lock+0x16f/0x1870 [ 51.557950] mutex_lock_nested+0x16/0x20 [ 51.562495] pipe_lock+0x56/0x70 [ 51.566347] iter_file_splice_write+0x264/0xf50 [ 51.571497] SyS_splice+0x7d5/0x1630 [ 51.575697] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 51.580934] [ 51.580934] -> #6 (sb_writers){.+.+}: [ 51.586181] __sb_start_write+0x18f/0x290 [ 51.590813] mnt_want_write+0x3f/0xb0 [ 51.595096] filename_create+0x12b/0x520 [ 51.599640] kern_path_create+0x33/0x40 [ 51.604102] handle_create+0xc0/0x760 [ 51.608386] [ 51.608386] -> #5 ((complete)&req.done){+.+.}: [ 51.614417] __lock_acquire+0x328f/0x4620 [ 51.619052] lock_acquire+0x1d5/0x580 [ 51.623337] wait_for_completion+0xc8/0x770 [ 51.628142] devtmpfs_create_node+0x32b/0x4a0 [ 51.633127] device_add+0x120f/0x1640 [ 51.637411] device_create_groups_vargs+0x1f3/0x250 [ 51.642911] device_create+0xda/0x110 [ 51.647197] msr_device_create+0x26/0x40 [ 51.651744] cpuhp_invoke_callback+0x256/0x14d0 [ 51.656895] cpuhp_thread_fun+0x265/0x520 [ 51.661527] smpboot_thread_fn+0x489/0x850 [ 51.666247] kthread+0x39c/0x470 [ 51.670099] ret_from_fork+0x2a/0x40 [ 51.674295] [ 51.674295] -> #4 (cpuhp_state){+.+.}: [ 51.679627] __lock_acquire+0x328f/0x4620 [ 51.684258] lock_acquire+0x1d5/0x580 [ 51.688543] cpuhp_issue_call+0x1a2/0x3e0 [ 51.693178] __cpuhp_setup_state_cpuslocked+0x2d6/0x5f0 [ 51.699029] __cpuhp_setup_state+0xb0/0x140 [ 51.703838] page_writeback_init+0x4d/0x71 [ 51.708555] pagecache_init+0x48/0x4f [ 51.712840] start_kernel+0x6c1/0x754 [ 51.717127] x86_64_start_reservations+0x2a/0x2c [ 51.722369] x86_64_start_kernel+0x77/0x7a [ 51.727088] verify_cpu+0x0/0xfb [ 51.730940] [ 51.730940] -> #3 (cpuhp_state_mutex){+.+.}: [ 51.736793] __lock_acquire+0x328f/0x4620 [ 51.741426] lock_acquire+0x1d5/0x580 [ 51.745708] __mutex_lock+0x16f/0x1870 [ 51.750082] mutex_lock_nested+0x16/0x20 [ 51.754627] __cpuhp_setup_state_cpuslocked+0x5b/0x5f0 [ 51.760388] __cpuhp_setup_state+0xb0/0x140 [ 51.765195] kvm_guest_init+0x1f3/0x20f [ 51.769655] setup_arch+0x1879/0x1a93 [ 51.773940] start_kernel+0xa5/0x754 [ 51.778139] x86_64_start_reservations+0x2a/0x2c [ 51.783379] x86_64_start_kernel+0x77/0x7a [ 51.788097] verify_cpu+0x0/0xfb [ 51.791947] [ 51.791947] -> #2 (cpu_hotplug_lock.rw_sem){++++}: [ 51.798325] __lock_acquire+0x328f/0x4620 [ 51.802957] lock_acquire+0x1d5/0x580 [ 51.807245] cpus_read_lock+0x42/0x90 [ 51.811531] static_key_slow_inc+0x9d/0x3c0 [ 51.816336] tracepoint_probe_register_prio+0x80d/0x9a0 [ 51.822183] tracepoint_probe_register+0x2a/0x40 [ 51.827423] trace_event_reg+0x167/0x320 [ 51.831980] perf_trace_init+0x4f9/0xab0 [ 51.836524] perf_tp_event_init+0x7d/0xf0 [ 51.841157] perf_try_init_event+0xc9/0x1f0 [ 51.845967] perf_event_alloc+0x1c5b/0x2a00 [ 51.850774] SYSC_perf_event_open+0x84e/0x2e00 [ 51.855840] SyS_perf_event_open+0x39/0x50 [ 51.860560] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 51.865799] [ 51.865799] -> #1 (tracepoints_mutex){+.+.}: [ 51.871655] __lock_acquire+0x328f/0x4620 [ 51.876287] lock_acquire+0x1d5/0x580 [ 51.880571] __mutex_lock+0x16f/0x1870 [ 51.884942] mutex_lock_nested+0x16/0x20 [ 51.889491] tracepoint_probe_register_prio+0xa0/0x9a0 [ 51.895255] tracepoint_probe_register+0x2a/0x40 [ 51.900498] trace_event_reg+0x167/0x320 [ 51.905044] perf_trace_init+0x4f9/0xab0 [ 51.909588] perf_tp_event_init+0x7d/0xf0 [ 51.914220] perf_try_init_event+0xc9/0x1f0 [ 51.919023] perf_event_alloc+0x1c5b/0x2a00 [ 51.923828] SYSC_perf_event_open+0x84e/0x2e00 [ 51.928893] SyS_perf_event_open+0x39/0x50 [ 51.933613] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 51.938851] [ 51.938851] -> #0 (event_mutex){+.+.}: [ 51.944190] check_prev_add+0x865/0x1520 [ 51.948734] __lock_acquire+0x328f/0x4620 [ 51.953365] lock_acquire+0x1d5/0x580 [ 51.957649] __mutex_lock+0x16f/0x1870 [ 51.962714] mutex_lock_nested+0x16/0x20 [ 51.967257] perf_trace_init+0x58/0xab0 [ 51.971713] perf_tp_event_init+0x7d/0xf0 [ 51.976344] perf_try_init_event+0xc9/0x1f0 [ 51.981149] perf_event_alloc+0x10fa/0x2a00 [ 51.985961] inherit_event.isra.93+0x15b/0x910 [ 51.991029] inherit_task_group.isra.95.part.96+0x73/0x240 [ 51.997136] perf_event_init_task+0x348/0x890 [ 52.002114] copy_process.part.36+0x173b/0x4af0 [ 52.007277] _do_fork+0x1ef/0xfe0 [ 52.011213] SyS_clone+0x37/0x50 [ 52.015067] do_syscall_64+0x26c/0x8c0 [ 52.019440] return_from_SYSCALL_64+0x0/0x7a [ 52.024332] [ 52.024332] other info that might help us debug this: [ 52.024332] [ 52.032434] Chain exists of: [ 52.032434] event_mutex --> &pipe->mutex/1 --> &ctx->mutex [ 52.032434] [ 52.042543] Possible unsafe locking scenario: [ 52.042543] [ 52.048561] CPU0 CPU1 [ 52.053191] ---- ---- [ 52.057819] lock(&ctx->mutex); [ 52.061147] lock(&pipe->mutex/1); [ 52.067255] lock(&ctx->mutex); [ 52.073100] lock(event_mutex); [ 52.076429] [ 52.076429] *** DEADLOCK *** [ 52.076429] [ 52.082451] 2 locks held by syz-executor0/2996: [ 52.087081] #0: (&ctx->mutex){+.+.}, at: [] perf_event_init_task+0x25b/0x890 [ 52.095978] #1: (&pmus_srcu){....}, at: [] perf_event_alloc+0x104a/0x2a00 [ 52.104611] [ 52.104611] stack backtrace: [ 52.109074] CPU: 1 PID: 2996 Comm: syz-executor0 Not tainted 4.13.0+ #86 [ 52.115872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.125190] Call Trace: [ 52.127748] dump_stack+0x194/0x257 [ 52.131339] ? arch_local_irq_restore+0x53/0x53 [ 52.135975] print_circular_bug+0x503/0x710 [ 52.140261] ? print_circular_bug_entry+0xb0/0xb0 [ 52.145078] ? __read_once_size_nocheck.constprop.8+0x10/0x10 [ 52.150926] ? futex_wait_queue_me+0x3ed/0x7e0 [ 52.155475] check_prev_add+0x865/0x1520 [ 52.159499] ? copy_trace+0x1d0/0x1d0 [ 52.163264] ? check_usage+0xb70/0xb70 [ 52.167113] ? __lock_acquire+0x732/0x4620 [ 52.171314] ? hlock_class+0x140/0x140 [ 52.175165] ? unwind_next_frame.part.6+0x1ae/0xc70 [ 52.180147] ? copy_trace+0x1d0/0x1d0 [ 52.183912] __lock_acquire+0x328f/0x4620 [ 52.188028] ? __lock_acquire+0x328f/0x4620 [ 52.192314] ? copy_trace+0x1d0/0x1d0 [ 52.196080] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 52.201232] ? __save_stack_trace+0x61/0xd0 [ 52.205517] ? perf_event_alloc+0x200/0x2a00 [ 52.209889] ? save_stack_trace+0x16/0x20 [ 52.213999] ? __lock_acquire+0x20fd/0x4620 [ 52.218285] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 52.223440] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 52.228595] ? unwind_next_frame.part.6+0x1ae/0xc70 [ 52.233573] ? unwind_dump+0x4c0/0x4c0 [ 52.237427] ? print_usage_bug+0x480/0x480 [ 52.241628] ? unwind_get_return_address+0x61/0xa0 [ 52.246522] ? __save_stack_trace+0x61/0xd0 [ 52.250809] ? check_noncircular+0x20/0x20 [ 52.255009] ? check_noncircular+0x20/0x20 [ 52.259213] lock_acquire+0x1d5/0x580 [ 52.262980] ? perf_trace_init+0x58/0xab0 [ 52.267093] ? lock_release+0xd70/0xd70 [ 52.271033] ? check_same_owner+0x320/0x320 [ 52.275318] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 52.280473] ? __might_sleep+0x95/0x190 [ 52.284410] ? perf_trace_init+0x58/0xab0 [ 52.288522] __mutex_lock+0x16f/0x1870 [ 52.292372] ? perf_trace_init+0x58/0xab0 [ 52.296484] ? perf_trace_init+0x58/0xab0 [ 52.300596] ? mutex_lock_io_nested+0x1740/0x1740 [ 52.305402] ? do_raw_spin_trylock+0x190/0x190 [ 52.309947] ? print_usage_bug+0x480/0x480 [ 52.314147] ? mark_held_locks+0xb2/0x100 [ 52.318258] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 52.323325] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 52.328306] ? print_usage_bug+0x480/0x480 [ 52.332509] ? depot_save_stack+0x3b5/0x490 [ 52.336795] ? print_usage_bug+0x480/0x480 [ 52.340995] ? save_stack_trace+0x16/0x20 [ 52.345107] ? save_stack+0x43/0xd0 [ 52.348697] ? kasan_kmalloc+0xad/0xe0 [ 52.352548] ? kmem_cache_alloc_trace+0x136/0x750 [ 52.357352] ? perf_event_alloc+0x200/0x2a00 [ 52.361724] ? inherit_event.isra.93+0x15b/0x910 [ 52.366444] ? inherit_task_group.isra.95.part.96+0x73/0x240 [ 52.372205] ? perf_event_init_task+0x348/0x890 [ 52.376837] ? copy_process.part.36+0x173b/0x4af0 [ 52.381640] ? _do_fork+0x1ef/0xfe0 [ 52.385229] ? SyS_clone+0x37/0x50 [ 52.388734] ? do_syscall_64+0x26c/0x8c0 [ 52.392761] ? entry_SYSCALL64_slow_path+0x25/0x25 [ 52.397655] ? mark_held_locks+0xb2/0x100 [ 52.401766] ? debug_mutex_init+0x1c/0x60 [ 52.405878] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 52.410857] ? __lockdep_init_map+0xe4/0x650