[ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.210' (ECDSA) to the list of known hosts. syzkaller login: [ 28.449567] IPVS: ftp: loaded support on port[0] = 21 [ 28.502302] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready [ 28.512199] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 28.519393] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 28.528120] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready [ 28.536880] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 executing program [ 28.548819] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 28.557109] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 28.570057] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 28.592807] [ 28.594451] ====================================================== [ 28.600755] WARNING: possible circular locking dependency detected [ 28.607166] 4.14.203-syzkaller #0 Not tainted [ 28.611631] ------------------------------------------------------ [ 28.617921] syz-executor063/8028 is trying to acquire lock: [ 28.623602] (event_mutex){+.+.}, at: [] perf_trace_destroy+0x23/0xf0 [ 28.631746] [ 28.631746] but task is already holding lock: [ 28.637685] (&event->child_mutex){+.+.}, at: [] perf_event_release_kernel+0x208/0x8a0 [ 28.647281] [ 28.647281] which lock already depends on the new lock. [ 28.647281] [ 28.655565] [ 28.655565] the existing dependency chain (in reverse order) is: [ 28.663153] [ 28.663153] -> #5 (&event->child_mutex){+.+.}: [ 28.669193] __mutex_lock+0xc4/0x1310 [ 28.673492] perf_event_for_each_child+0x82/0x140 [ 28.678835] _perf_ioctl+0x3e9/0x1a80 [ 28.683146] perf_ioctl+0x55/0x80 [ 28.687112] do_vfs_ioctl+0x75a/0xff0 [ 28.691434] SyS_ioctl+0x7f/0xb0 [ 28.695378] do_syscall_64+0x1d5/0x640 [ 28.699758] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.705448] [ 28.705448] -> #4 (&cpuctx_mutex){+.+.}: [ 28.710961] __mutex_lock+0xc4/0x1310 [ 28.715266] perf_event_init_cpu+0xb7/0x170 [ 28.720087] perf_event_init+0x2cc/0x308 [ 28.724652] start_kernel+0x46a/0x770 [ 28.728955] secondary_startup_64+0xa5/0xb0 [ 28.733766] [ 28.733766] -> #3 (pmus_lock){+.+.}: [ 28.738932] __mutex_lock+0xc4/0x1310 [ 28.743225] perf_event_init_cpu+0x2c/0x170 [ 28.748047] cpuhp_invoke_callback+0x1e6/0x1a80 [ 28.753215] _cpu_up+0x219/0x500 [ 28.757073] do_cpu_up+0x9a/0x160 [ 28.761032] smp_init+0x197/0x1ac [ 28.764977] kernel_init_freeable+0x3f4/0x614 [ 28.769967] kernel_init+0xd/0x167 [ 28.774009] ret_from_fork+0x24/0x30 [ 28.778299] [ 28.778299] -> #2 (cpu_hotplug_lock.rw_sem){++++}: [ 28.784689] cpus_read_lock+0x39/0xc0 [ 28.789000] static_key_slow_inc+0xe/0x20 [ 28.793641] tracepoint_add_func+0x517/0x750 [ 28.798552] tracepoint_probe_register+0x8c/0xc0 [ 28.803889] trace_event_reg+0x272/0x330 [ 28.808453] perf_trace_init+0x424/0xa30 [ 28.813014] perf_tp_event_init+0x79/0xf0 [ 28.817663] perf_try_init_event+0x15b/0x1f0 [ 28.822586] perf_event_alloc.part.0+0xe2d/0x2640 [ 28.827935] SyS_perf_event_open+0x67f/0x24b0 [ 28.832930] do_syscall_64+0x1d5/0x640 [ 28.837314] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.843862] [ 28.843862] -> #1 (tracepoints_mutex){+.+.}: [ 28.849726] __mutex_lock+0xc4/0x1310 [ 28.854036] tracepoint_probe_register+0x68/0xc0 [ 28.859316] trace_event_reg+0x272/0x330 [ 28.863899] perf_trace_init+0x424/0xa30 [ 28.868465] perf_tp_event_init+0x79/0xf0 [ 28.873113] perf_try_init_event+0x15b/0x1f0 [ 28.878128] perf_event_alloc.part.0+0xe2d/0x2640 [ 28.883466] SyS_perf_event_open+0x67f/0x24b0 [ 28.888458] do_syscall_64+0x1d5/0x640 [ 28.892900] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.898620] [ 28.898620] -> #0 (event_mutex){+.+.}: [ 28.903962] lock_acquire+0x170/0x3f0 [ 28.908258] __mutex_lock+0xc4/0x1310 [ 28.912553] perf_trace_destroy+0x23/0xf0 [ 28.917222] _free_event+0x321/0xe20 [ 28.921436] free_event+0x32/0x40 [ 28.925379] perf_event_release_kernel+0x368/0x8a0 [ 28.930811] perf_release+0x33/0x40 [ 28.934976] __fput+0x25f/0x7a0 [ 28.938753] task_work_run+0x11f/0x190 [ 28.943138] do_exit+0xa08/0x27f0 [ 28.947111] do_group_exit+0x100/0x2e0 [ 28.951503] get_signal+0x38d/0x1ca0 [ 28.955713] do_signal+0x7c/0x1550 [ 28.959752] exit_to_usermode_loop+0x160/0x200 [ 28.964841] syscall_return_slowpath+0x295/0x320 [ 28.970100] ret_from_fork+0x15/0x30 [ 28.974303] [ 28.974303] other info that might help us debug this: [ 28.974303] [ 28.982426] Chain exists of: [ 28.982426] event_mutex --> &cpuctx_mutex --> &event->child_mutex [ 28.982426] [ 28.993156] Possible unsafe locking scenario: [ 28.993156] [ 28.999181] CPU0 CPU1 [ 29.003828] ---- ---- [ 29.008462] lock(&event->child_mutex); [ 29.012506] lock(&cpuctx_mutex); [ 29.018537] lock(&event->child_mutex); [ 29.025086] lock(event_mutex); [ 29.028439] [ 29.028439] *** DEADLOCK *** [ 29.028439] [ 29.034556] 2 locks held by syz-executor063/8028: [ 29.039366] #0: (&ctx->mutex){+.+.}, at: [] perf_event_release_kernel+0x1fe/0x8a0 [ 29.048718] #1: (&event->child_mutex){+.+.}, at: [] perf_event_release_kernel+0x208/0x8a0 [ 29.058749] [ 29.058749] stack backtrace: [ 29.063226] CPU: 0 PID: 8028 Comm: syz-executor063 Not tainted 4.14.203-syzkaller #0 [ 29.071077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.080405] Call Trace: [ 29.082973] dump_stack+0x1b2/0x283 [ 29.086587] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 29.092363] __lock_acquire+0x2e0e/0x3f20 [ 29.096503] ? trace_hardirqs_on+0x10/0x10 [ 29.100715] ? perf_group_detach+0x7f0/0x7f0 [ 29.105111] ? generic_exec_single+0x27e/0x420 [ 29.109666] ? smp_call_function_single+0x1b1/0x370 [ 29.114665] lock_acquire+0x170/0x3f0 [ 29.118452] ? perf_trace_destroy+0x23/0xf0 [ 29.123022] ? perf_trace_destroy+0x23/0xf0 [ 29.127925] __mutex_lock+0xc4/0x1310 [ 29.131699] ? perf_trace_destroy+0x23/0xf0 [ 29.136007] ? task_function_call+0xed/0x130 [ 29.140386] ? pmu_dev_release+0x20/0x20 [ 29.144416] ? perf_trace_destroy+0x23/0xf0 [ 29.148936] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 29.154360] ? event_function_call+0x1fa/0x3c0 [ 29.158998] ? event_sched_out+0x11b0/0x11b0 [ 29.163468] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 29.168893] ? perf_tp_event_init+0xf0/0xf0 [ 29.173187] perf_trace_destroy+0x23/0xf0 [ 29.177307] ? perf_tp_event_init+0xf0/0xf0 [ 29.181614] _free_event+0x321/0xe20 [ 29.185313] free_event+0x32/0x40 [ 29.188738] perf_event_release_kernel+0x368/0x8a0 [ 29.193639] ? perf_event_release_kernel+0x8a0/0x8a0 [ 29.198726] perf_release+0x33/0x40 [ 29.202340] __fput+0x25f/0x7a0 [ 29.205605] task_work_run+0x11f/0x190 [ 29.209478] do_exit+0xa08/0x27f0 [ 29.213437] ? __lock_acquire+0x541/0x3f20 [ 29.217654] ? mm_update_next_owner+0x5b0/0x5b0 [ 29.222305] ? get_signal+0x323/0x1ca0 [ 29.226181] ? lock_acquire+0x170/0x3f0 [ 29.230159] ? lock_downgrade+0x740/0x740 [ 29.234302] do_group_exit+0x100/0x2e0 [ 29.238167] get_signal+0x38d/0x1ca0 [ 29.241858] ? free_one_page+0x119/0x1210 [ 29.246002] do_signal+0x7c/0x1550 [ 29.249522] ? page_outside_zone_boundaries+0x10f/0x310 [ 29.254871] ? setup_sigcontext+0x820/0x820 [ 29.259178] ? __free_pages_ok+0x3f1/0xeb0 [ 29.263394] ? lock_downgrade+0x740/0x740 [ 29.267530] ? __free_pages_ok+0x539/0xeb0 [ 29.271739] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 29.276734] ? __phys_addr+0x73/0xe0 [ 29.280433] ? exit_to_usermode_loop+0x41/0x200 [ 29.285091] exit_to_usermode_loop+0x160/0x200 [ 29.290956] syscall_return_slowpath+0x295/0x320 [ 29.295697] ret_from_fork+0x15/0x30 [ 29.299396] RIP: 0033:0x4483b9 [ 29.302558] RSP: 002b:00007f02b01c4ce8