[ OK ] Started OpenBSD Secure Shell server. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.97' (ECDSA) to the list of known hosts. 2021/07/25 10:01:43 parsed 1 programs 2021/07/25 10:01:43 executed programs: 0 syzkaller login: [ 29.626269] IPVS: ftp: loaded support on port[0] = 21 [ 29.708940] chnl_net:caif_netlink_parms(): no params data found [ 29.813515] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.820454] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.828332] device bridge_slave_0 entered promiscuous mode [ 29.836131] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.842970] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.850533] device bridge_slave_1 entered promiscuous mode [ 29.867557] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 29.876760] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 29.894888] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 29.902584] team0: Port device team_slave_0 added [ 29.908512] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 29.917390] team0: Port device team_slave_1 added [ 29.933211] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 29.939479] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.965982] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 29.978036] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 29.985079] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.012350] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 30.024142] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 30.031986] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 30.051383] device hsr_slave_0 entered promiscuous mode [ 30.057195] device hsr_slave_1 entered promiscuous mode [ 30.063704] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 30.070921] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 30.131769] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.138277] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.145268] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.151719] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.180990] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 30.187135] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.196217] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 30.205294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 30.224978] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.232143] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.242102] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 30.248314] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.258040] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 30.265764] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.272187] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.282142] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 30.289830] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.296446] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.312285] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 30.320122] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 30.327861] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 30.335524] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 30.345318] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 30.355945] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 30.362744] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 30.369701] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 30.383412] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 30.390539] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 30.397633] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 30.407236] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.458119] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 30.467946] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 30.497862] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 30.505616] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 30.512240] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 30.521673] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 30.529248] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 30.536288] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 30.545517] device veth0_vlan entered promiscuous mode [ 30.554041] device veth1_vlan entered promiscuous mode [ 30.559873] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 30.568779] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 30.579563] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 30.588948] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 30.596474] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 30.603772] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 30.614307] device veth0_macvtap entered promiscuous mode [ 30.620925] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 30.629138] device veth1_macvtap entered promiscuous mode [ 30.637691] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 30.647592] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 30.657680] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 30.665001] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 30.673328] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 30.681323] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 30.690300] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 30.697499] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 30.709088] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 30.717699] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 30.822605] [ 30.824261] ====================================================== [ 30.830570] WARNING: possible circular locking dependency detected [ 30.836875] 4.14.240-syzkaller #0 Not tainted [ 30.841346] ------------------------------------------------------ [ 30.847730] syz-executor.0/8215 is trying to acquire lock: [ 30.853477] (&cpuctx_mutex/1){+.+.}, at: [] SyS_perf_event_open+0xd28/0x24b0 [ 30.862331] [ 30.862331] but task is already holding lock: [ 30.868278] (&cpuctx_mutex){+.+.}, at: [] SyS_perf_event_open+0xd1b/0x24b0 [ 30.877618] [ 30.877618] which lock already depends on the new lock. [ 30.877618] [ 30.886138] [ 30.886138] the existing dependency chain (in reverse order) is: [ 30.893743] [ 30.893743] -> #2 (&cpuctx_mutex){+.+.}: [ 30.899459] __mutex_lock+0xc4/0x1310 [ 30.903773] perf_event_init_cpu+0xb7/0x170 [ 30.908688] perf_event_init+0x2cc/0x308 [ 30.913348] start_kernel+0x46a/0x770 [ 30.917700] secondary_startup_64+0xa5/0xb0 [ 30.922562] [ 30.922562] -> #1 (pmus_lock){+.+.}: [ 30.927865] __mutex_lock+0xc4/0x1310 [ 30.932355] perf_swevent_init+0x11e/0x4b0 [ 30.937085] perf_try_init_event+0xdf/0x1f0 [ 30.941932] perf_event_alloc.part.0+0xe2d/0x2640 [ 30.947375] SyS_perf_event_open+0x67f/0x24b0 [ 30.952517] do_syscall_64+0x1d5/0x640 [ 30.956951] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 30.963098] [ 30.963098] -> #0 (&cpuctx_mutex/1){+.+.}: [ 30.968906] lock_acquire+0x170/0x3f0 [ 30.973220] __mutex_lock+0xc4/0x1310 [ 30.977521] SyS_perf_event_open+0xd28/0x24b0 [ 30.982686] do_syscall_64+0x1d5/0x640 [ 30.987080] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 30.992764] [ 30.992764] other info that might help us debug this: [ 30.992764] [ 31.001906] Chain exists of: [ 31.001906] &cpuctx_mutex/1 --> pmus_lock --> &cpuctx_mutex [ 31.001906] [ 31.012318] Possible unsafe locking scenario: [ 31.012318] [ 31.018616] CPU0 CPU1 [ 31.023288] ---- ---- [ 31.028025] lock(&cpuctx_mutex); [ 31.031541] lock(pmus_lock); [ 31.037252] lock(&cpuctx_mutex); [ 31.043625] lock(&cpuctx_mutex/1); [ 31.047649] [ 31.047649] *** DEADLOCK *** [ 31.047649] [ 31.053742] 1 lock held by syz-executor.0/8215: [ 31.058564] #0: (&cpuctx_mutex){+.+.}, at: [] SyS_perf_event_open+0xd1b/0x24b0 [ 31.067919] [ 31.067919] stack backtrace: [ 31.072416] CPU: 1 PID: 8215 Comm: syz-executor.0 Not tainted 4.14.240-syzkaller #0 [ 31.080212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.089847] Call Trace: [ 31.092680] dump_stack+0x1b2/0x281 [ 31.096378] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 31.102191] __lock_acquire+0x2e0e/0x3f20 [ 31.106587] ? __lock_acquire+0x5fc/0x3f20 [ 31.110834] ? trace_hardirqs_on+0x10/0x10 [ 31.115045] ? trace_hardirqs_on+0x10/0x10 [ 31.119289] ? trace_hardirqs_on+0x10/0x10 [ 31.123521] ? __lock_acquire+0x5fc/0x3f20 [ 31.127953] lock_acquire+0x170/0x3f0 [ 31.131841] ? SyS_perf_event_open+0xd28/0x24b0 [ 31.136489] ? SyS_perf_event_open+0xd28/0x24b0 [ 31.141141] __mutex_lock+0xc4/0x1310 [ 31.145030] ? SyS_perf_event_open+0xd28/0x24b0 [ 31.149679] ? debug_mutex_init+0x28/0x60 [ 31.153805] ? SyS_perf_event_open+0xd28/0x24b0 [ 31.158536] ? get_empty_filp+0x293/0x3e0 [ 31.162710] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 31.168141] ? alloc_file+0x292/0x440 [ 31.171938] ? SyS_perf_event_open+0xcc5/0x24b0 [ 31.176690] ? lock_acquire+0x170/0x3f0 [ 31.180653] ? lock_downgrade+0x740/0x740 [ 31.184776] SyS_perf_event_open+0xd28/0x24b0 [ 31.189267] ? finish_task_switch+0x178/0x610 [ 31.193765] ? perf_bp_event+0x170/0x170 [ 31.197815] ? SyS_futex+0x1da/0x290 [ 31.201611] ? _raw_spin_unlock_irq+0x5a/0x80 [ 31.206375] ? do_syscall_64+0x4c/0x640 [ 31.210359] ? perf_bp_event+0x170/0x170 [ 31.214421] do_syscall_64+0x1d5/0x640 [ 31.218548] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 31.223744] RIP: 0033:0x4665e9 [ 31.227012] RSP: 002b:00007f6420f67188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 31.234792] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 31.242174] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 00000000200000c0 [ 31.249543] RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000 [ 31.257138] R10: 0000000000000003 R11: 0000000000000246 R12: 000000000056bf80 [ 31.264472] R13: 00007ffd4dfe270f R14: 00007f6420f67300 R15: 0000000000022000