Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.72' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 28.163126] [ 28.164758] ====================================================== [ 28.171055] WARNING: possible circular locking dependency detected [ 28.177344] 4.14.291-syzkaller #0 Not tainted [ 28.181809] ------------------------------------------------------ [ 28.188101] syz-executor348/7976 is trying to acquire lock: [ 28.193783] (event_mutex){+.+.}, at: [] perf_trace_destroy+0x23/0xf0 [ 28.201907] [ 28.201907] but task is already holding lock: [ 28.208315] (&event->child_mutex){+.+.}, at: [] perf_event_release_kernel+0x208/0x8a0 [ 28.217935] [ 28.217935] which lock already depends on the new lock. [ 28.217935] [ 28.226224] [ 28.226224] the existing dependency chain (in reverse order) is: [ 28.233818] [ 28.233818] -> #5 (&event->child_mutex){+.+.}: [ 28.239866] __mutex_lock+0xc4/0x1310 [ 28.244164] perf_event_for_each_child+0x82/0x140 [ 28.249502] _perf_ioctl+0x471/0x1a60 [ 28.253796] perf_ioctl+0x55/0x80 [ 28.257743] do_vfs_ioctl+0x75a/0xff0 [ 28.262035] SyS_ioctl+0x7f/0xb0 [ 28.265906] do_syscall_64+0x1d5/0x640 [ 28.270287] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.276056] [ 28.276056] -> #4 (&cpuctx_mutex){+.+.}: [ 28.281573] __mutex_lock+0xc4/0x1310 [ 28.285882] perf_event_init_cpu+0xb7/0x170 [ 28.290704] perf_event_init+0x2cc/0x308 [ 28.295264] start_kernel+0x45d/0x763 [ 28.299561] secondary_startup_64+0xa5/0xb0 [ 28.304384] [ 28.304384] -> #3 (pmus_lock){+.+.}: [ 28.309569] __mutex_lock+0xc4/0x1310 [ 28.313874] perf_event_init_cpu+0x2c/0x170 [ 28.318703] cpuhp_invoke_callback+0x1e6/0x1a80 [ 28.323880] _cpu_up+0x21e/0x520 [ 28.327749] do_cpu_up+0x9a/0x160 [ 28.331700] smp_init+0x197/0x1ac [ 28.335650] kernel_init_freeable+0x406/0x626 [ 28.340640] kernel_init+0xd/0x167 [ 28.344675] ret_from_fork+0x24/0x30 [ 28.348895] [ 28.348895] -> #2 (cpu_hotplug_lock.rw_sem){++++}: [ 28.355281] cpus_read_lock+0x39/0xc0 [ 28.359597] static_key_slow_inc+0xe/0x20 [ 28.364240] tracepoint_add_func+0x747/0xa40 [ 28.369143] tracepoint_probe_register+0x8c/0xc0 [ 28.374420] trace_event_reg+0x272/0x330 [ 28.378979] perf_trace_init+0x424/0xa30 [ 28.383536] perf_tp_event_init+0x79/0xf0 [ 28.388179] perf_try_init_event+0x15b/0x1f0 [ 28.393081] perf_event_alloc.part.0+0xe2d/0x2640 [ 28.398426] SyS_perf_event_open+0x683/0x2530 [ 28.403417] do_syscall_64+0x1d5/0x640 [ 28.407799] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.413487] [ 28.413487] -> #1 (tracepoints_mutex){+.+.}: [ 28.419372] __mutex_lock+0xc4/0x1310 [ 28.423677] tracepoint_probe_register+0x68/0xc0 [ 28.428946] trace_event_reg+0x272/0x330 [ 28.433522] perf_trace_init+0x424/0xa30 [ 28.438078] perf_tp_event_init+0x79/0xf0 [ 28.442807] perf_try_init_event+0x15b/0x1f0 [ 28.447708] perf_event_alloc.part.0+0xe2d/0x2640 [ 28.453046] SyS_perf_event_open+0x683/0x2530 [ 28.458397] do_syscall_64+0x1d5/0x640 [ 28.462778] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.468467] [ 28.468467] -> #0 (event_mutex){+.+.}: [ 28.473827] lock_acquire+0x170/0x3f0 [ 28.478136] __mutex_lock+0xc4/0x1310 [ 28.482440] perf_trace_destroy+0x23/0xf0 [ 28.487092] _free_event+0x321/0xe20 [ 28.491309] free_event+0x32/0x40 [ 28.495260] perf_event_release_kernel+0x368/0x8a0 [ 28.500685] perf_release+0x33/0x40 [ 28.505241] __fput+0x25f/0x7a0 [ 28.509013] task_work_run+0x11f/0x190 [ 28.513396] do_exit+0xa44/0x2850 [ 28.517357] SyS_exit+0x1e/0x20 [ 28.521132] do_syscall_64+0x1d5/0x640 [ 28.525516] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.531197] [ 28.531197] other info that might help us debug this: [ 28.531197] [ 28.539434] Chain exists of: [ 28.539434] event_mutex --> &cpuctx_mutex --> &event->child_mutex [ 28.539434] [ 28.550175] Possible unsafe locking scenario: [ 28.550175] [ 28.556261] CPU0 CPU1 [ 28.560906] ---- ---- [ 28.565549] lock(&event->child_mutex); [ 28.569589] lock(&cpuctx_mutex); [ 28.575631] lock(&event->child_mutex); [ 28.582205] lock(event_mutex); [ 28.585548] [ 28.585548] *** DEADLOCK *** [ 28.585548] [ 28.591582] 2 locks held by syz-executor348/7976: [ 28.596504] #0: (&ctx->mutex){+.+.}, at: [] perf_event_release_kernel+0x1fe/0x8a0 [ 28.605849] #1: (&event->child_mutex){+.+.}, at: [] perf_event_release_kernel+0x208/0x8a0 [ 28.615877] [ 28.615877] stack backtrace: [ 28.620359] CPU: 0 PID: 7976 Comm: syz-executor348 Not tainted 4.14.291-syzkaller #0 [ 28.628215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 28.637546] Call Trace: [ 28.640118] dump_stack+0x1b2/0x281 [ 28.643741] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 28.649619] __lock_acquire+0x2e0e/0x3f20 [ 28.653747] ? trace_hardirqs_on+0x10/0x10 [ 28.657959] ? perf_group_detach+0x7f0/0x7f0 [ 28.662355] ? generic_exec_single+0x27e/0x420 [ 28.666909] ? smp_call_function_single+0x1b1/0x370 [ 28.671897] lock_acquire+0x170/0x3f0 [ 28.675670] ? perf_trace_destroy+0x23/0xf0 [ 28.679967] ? perf_trace_destroy+0x23/0xf0 [ 28.684259] __mutex_lock+0xc4/0x1310 [ 28.688031] ? perf_trace_destroy+0x23/0xf0 [ 28.692322] ? task_function_call+0xed/0x130 [ 28.696705] ? pmu_dev_release+0x20/0x20 [ 28.700736] ? perf_trace_destroy+0x23/0xf0 [ 28.705035] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 28.710457] ? event_function_call+0x1fa/0x3c0 [ 28.715010] ? event_sched_out+0x11b0/0x11b0 [ 28.719391] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 28.724812] ? perf_tp_event_init+0xf0/0xf0 [ 28.729107] perf_trace_destroy+0x23/0xf0 [ 28.733227] ? perf_tp_event_init+0xf0/0xf0 [ 28.737522] _free_event+0x321/0xe20 [ 28.741231] free_event+0x32/0x40 [ 28.744655] perf_event_release_kernel+0x368/0x8a0 [ 28.749559] ? perf_event_release_kernel+0x8a0/0x8a0 [ 28.754632] perf_release+0x33/0x40 [ 28.758235] __fput+0x25f/0x7a0 [ 28.761488] task_work_run+0x11f/0x190 [ 28.765355] do_exit+0xa44/0x2850 [ 28.768782] ? get_timespec64+0xb1/0xf0 [ 28.772729] ? timespec_trunc+0x120/0x120 [ 28.776849] ? mm_update_next_owner+0x5b0/0x5b0 [ 28.781492] ? SyS_clock_nanosleep+0x210/0x2d0 [ 28.786048] ? compat_SyS_clock_getres+0x180/0x180 [ 28.790948] ? __do_page_fault+0x159/0xad0 [ 28.795158] SyS_exit+0x1e/0x20 [ 28.798410] ? complete_and_exit+0x40/0x40 [ 28.802616] do_syscall_64+0x1d5/0x640 [ 28.806479] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.811642] RIP: 0033:0x7f2e760532a9 [ 28.8153