[ OK ] Started Getty on tty2. [ OK ] Reached target Login Prompts. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.0' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 29.313554] [ 29.315363] ====================================================== [ 29.321653] WARNING: possible circular locking dependency detected [ 29.327969] 4.14.204-syzkaller #0 Not tainted [ 29.332458] ------------------------------------------------------ [ 29.338749] syz-executor959/8017 is trying to acquire lock: [ 29.344430] (event_mutex){+.+.}, at: [] perf_trace_destroy+0x23/0xf0 [ 29.352579] [ 29.352579] but task is already holding lock: [ 29.358521] (&event->child_mutex){+.+.}, at: [] perf_event_release_kernel+0x208/0x8a0 [ 29.368118] [ 29.368118] which lock already depends on the new lock. [ 29.368118] [ 29.376408] [ 29.376408] the existing dependency chain (in reverse order) is: [ 29.384017] [ 29.384017] -> #5 (&event->child_mutex){+.+.}: [ 29.390144] __mutex_lock+0xc4/0x1310 [ 29.394440] perf_event_for_each_child+0x82/0x140 [ 29.399793] _perf_ioctl+0x47f/0x1a80 [ 29.404086] perf_ioctl+0x55/0x80 [ 29.408038] do_vfs_ioctl+0x75a/0xff0 [ 29.412332] SyS_ioctl+0x7f/0xb0 [ 29.416215] do_syscall_64+0x1d5/0x640 [ 29.420623] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.426305] [ 29.426305] -> #4 (&cpuctx_mutex){+.+.}: [ 29.431836] __mutex_lock+0xc4/0x1310 [ 29.436133] perf_event_init_cpu+0xb7/0x170 [ 29.440958] perf_event_init+0x2cc/0x308 [ 29.445524] start_kernel+0x46a/0x770 [ 29.450033] secondary_startup_64+0xa5/0xb0 [ 29.454921] [ 29.454921] -> #3 (pmus_lock){+.+.}: [ 29.461062] __mutex_lock+0xc4/0x1310 [ 29.465359] perf_event_init_cpu+0x2c/0x170 [ 29.470175] cpuhp_invoke_callback+0x1e6/0x1a80 [ 29.475338] _cpu_up+0x219/0x500 [ 29.479196] do_cpu_up+0x9a/0x160 [ 29.483141] smp_init+0x197/0x1ac [ 29.487103] kernel_init_freeable+0x3f4/0x614 [ 29.492105] kernel_init+0xd/0x167 [ 29.496151] ret_from_fork+0x24/0x30 [ 29.500368] [ 29.500368] -> #2 (cpu_hotplug_lock.rw_sem){++++}: [ 29.506767] cpus_read_lock+0x39/0xc0 [ 29.511145] static_key_slow_inc+0xe/0x20 [ 29.515789] tracepoint_add_func+0x517/0x750 [ 29.520788] tracepoint_probe_register+0x8c/0xc0 [ 29.526050] trace_event_reg+0x272/0x330 [ 29.530778] perf_trace_init+0x424/0xa30 [ 29.535347] perf_tp_event_init+0x79/0xf0 [ 29.540000] perf_try_init_event+0x15b/0x1f0 [ 29.544921] perf_event_alloc.part.0+0xe2d/0x2640 [ 29.550269] SyS_perf_event_open+0x67f/0x24b0 [ 29.555279] do_syscall_64+0x1d5/0x640 [ 29.559677] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.565362] [ 29.565362] -> #1 (tracepoints_mutex){+.+.}: [ 29.571235] __mutex_lock+0xc4/0x1310 [ 29.575529] tracepoint_probe_register+0x68/0xc0 [ 29.580778] trace_event_reg+0x272/0x330 [ 29.585334] perf_trace_init+0x424/0xa30 [ 29.589892] perf_tp_event_init+0x79/0xf0 [ 29.594531] perf_try_init_event+0x15b/0x1f0 [ 29.599479] perf_event_alloc.part.0+0xe2d/0x2640 [ 29.604946] SyS_perf_event_open+0x67f/0x24b0 [ 29.609941] do_syscall_64+0x1d5/0x640 [ 29.614338] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.620046] [ 29.620046] -> #0 (event_mutex){+.+.}: [ 29.625400] lock_acquire+0x170/0x3f0 [ 29.629695] __mutex_lock+0xc4/0x1310 [ 29.633986] perf_trace_destroy+0x23/0xf0 [ 29.638625] _free_event+0x321/0xe20 [ 29.642920] free_event+0x32/0x40 [ 29.646875] perf_event_release_kernel+0x368/0x8a0 [ 29.652305] perf_release+0x33/0x40 [ 29.656433] __fput+0x25f/0x7a0 [ 29.660206] task_work_run+0x11f/0x190 [ 29.664585] do_exit+0xa08/0x27f0 [ 29.668543] do_group_exit+0x100/0x2e0 [ 29.672956] get_signal+0x38d/0x1ca0 [ 29.677168] do_signal+0x7c/0x1550 [ 29.681227] exit_to_usermode_loop+0x160/0x200 [ 29.686314] do_syscall_64+0x4a3/0x640 [ 29.690717] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.696927] [ 29.696927] other info that might help us debug this: [ 29.696927] [ 29.705069] Chain exists of: [ 29.705069] event_mutex --> &cpuctx_mutex --> &event->child_mutex [ 29.705069] [ 29.715812] Possible unsafe locking scenario: [ 29.715812] [ 29.721866] CPU0 CPU1 [ 29.726507] ---- ---- [ 29.731144] lock(&event->child_mutex); [ 29.735179] lock(&cpuctx_mutex); [ 29.741208] lock(&event->child_mutex); [ 29.747757] lock(event_mutex); [ 29.751092] [ 29.751092] *** DEADLOCK *** [ 29.751092] [ 29.757137] 2 locks held by syz-executor959/8017: [ 29.761949] #0: (&ctx->mutex){+.+.}, at: [] perf_event_release_kernel+0x1fe/0x8a0 [ 29.771298] #1: (&event->child_mutex){+.+.}, at: [] perf_event_release_kernel+0x208/0x8a0 [ 29.781337] [ 29.781337] stack backtrace: [ 29.785809] CPU: 1 PID: 8017 Comm: syz-executor959 Not tainted 4.14.204-syzkaller #0 [ 29.793659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.803037] Call Trace: [ 29.805608] dump_stack+0x1b2/0x283 [ 29.809265] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 29.815078] __lock_acquire+0x2e0e/0x3f20 [ 29.819242] ? list_del_event+0x56c/0x870 [ 29.823363] ? trace_hardirqs_on+0x10/0x10 [ 29.827572] ? do_raw_spin_unlock+0x164/0x220 [ 29.832215] ? mark_held_locks+0xa6/0xf0 [ 29.836258] ? perf_group_detach+0x7f0/0x7f0 [ 29.840670] ? generic_exec_single+0x27e/0x420 [ 29.845229] ? generic_exec_single+0x127/0x420 [ 29.850055] lock_acquire+0x170/0x3f0 [ 29.853849] ? perf_trace_destroy+0x23/0xf0 [ 29.862137] ? perf_trace_destroy+0x23/0xf0 [ 29.866455] __mutex_lock+0xc4/0x1310 [ 29.870239] ? perf_trace_destroy+0x23/0xf0 [ 29.874547] ? task_function_call+0xed/0x130 [ 29.879030] ? pmu_dev_release+0x20/0x20 [ 29.883068] ? perf_trace_destroy+0x23/0xf0 [ 29.887364] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 29.892798] ? event_function_call+0x1fa/0x3c0 [ 29.897351] ? event_sched_out+0x11b0/0x11b0 [ 29.901737] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 29.907170] ? perf_tp_event_init+0xf0/0xf0 [ 29.911479] perf_trace_destroy+0x23/0xf0 [ 29.915661] ? perf_tp_event_init+0xf0/0xf0 [ 29.919999] _free_event+0x321/0xe20 [ 29.923687] free_event+0x32/0x40 [ 29.927148] perf_event_release_kernel+0x368/0x8a0 [ 29.932137] ? perf_event_release_kernel+0x8a0/0x8a0 [ 29.938350] perf_release+0x33/0x40 [ 29.942072] __fput+0x25f/0x7a0 [ 29.945327] task_work_run+0x11f/0x190 [ 29.949187] do_exit+0xa08/0x27f0 [ 29.952612] ? lock_acquire+0x170/0x3f0 [ 29.956558] ? lock_downgrade+0x740/0x740 [ 29.960696] ? mm_update_next_owner+0x5b0/0x5b0 [ 29.965349] ? get_signal+0x323/0x1ca0 [ 29.969208] ? lock_acquire+0x170/0x3f0 [ 29.973152] ? lock_downgrade+0x740/0x740 [ 29.978070] do_group_exit+0x100/0x2e0 [ 29.982202] get_signal+0x38d/0x1ca0 [ 29.985908] ? vfs_writev+0x18d/0x290 [ 29.989681] do_signal+0x7c/0x1550 [ 29.993194] ? vfs_iter_write+0xa0/0xa0 [ 29.997154] ? debug_check_no_obj_freed+0x2c0/0x674 [ 30.002161] ? setup_sigcontext+0x820/0x820 [ 30.006460] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 30.011897] ? putname+0xcd/0x110 [ 30.015326] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 30.020319] ? kmem_cache_free+0x23a/0x2b0 [ 30.024535] ? putname+0xcd/0x110 [ 30.027965] ? exit_to_usermode_loop+0x41/0x200 [ 30.032622] exit_to_usermode_loop+0x160/0x200 [ 30.037180] do_syscall_64+0x4a3/0x640 [ 30.041045] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 30.046232] RIP: 0033:0x411d08 [ 30.049420] RSP: 002b:00007fff96c7c320 EFLAGS: 00000202 ORIG_RAX: 0000000000000014 [ 30.057113] RAX: ffffffffffffffe0 RBX: 00007fff96c7c320 RCX: 0000000000411d08 [ 30.064357] RDX: 000000000