2017/11/05 08:13:15 parsed 1 programs 2017/11/05 08:13:15 executed programs: 0 syzkaller login: [ 28.206767] [ 28.207029] ====================================================== [ 28.207681] WARNING: possible circular locking dependency detected [ 28.208289] 4.14.0-rc7-next-20171103+ #10 Not tainted [ 28.208744] ------------------------------------------------------ [ 28.209401] syz-executor1/3061 is trying to acquire lock: [ 28.209969] (event_mutex){+.+.}, at: [] perf_trace_destroy+0x28/0x100 [ 28.210820] [ 28.210820] but task is already holding lock: [ 28.211389] (&mm->mmap_sem){++++}, at: [] vm_mmap_pgoff+0x198/0x280 [ 28.212201] [ 28.212201] which lock already depends on the new lock. [ 28.212201] [ 28.213108] [ 28.213108] the existing dependency chain (in reverse order) is: [ 28.213826] [ 28.213826] -> #7 (&mm->mmap_sem){++++}: [ 28.214369] lock_acquire+0x1d5/0x580 [ 28.214773] __might_fault+0x13a/0x1d0 [ 28.215193] _copy_to_user+0x2c/0xc0 [ 28.215666] filldir+0x1a7/0x320 [ 28.216032] dcache_readdir+0x12d/0x5e0 [ 28.216510] iterate_dir+0x1ca/0x540 [ 28.216995] SyS_getdents+0x225/0x450 [ 28.217513] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 28.218053] [ 28.218053] -> #6 (&sb->s_type->i_mutex_key#5){++++}: [ 28.218794] try_to_wake_up+0xa53/0x1850 [ 28.219257] [ 28.219257] -> #5 ((completion)&req.done){+.+.}: [ 28.219888] lock_acquire+0x1d5/0x580 [ 28.220481] wait_for_completion+0xcb/0x7b0 [ 28.221078] devtmpfs_create_node+0x32b/0x4a0 [ 28.221684] device_add+0x120f/0x1640 [ 28.222175] device_create_groups_vargs+0x1f3/0x250 [ 28.222715] device_create+0xda/0x110 [ 28.223192] msr_device_create+0x26/0x40 [ 28.223578] cpuhp_invoke_callback+0x2ea/0x1d20 [ 28.224099] cpuhp_thread_fun+0x48b/0x7e0 [ 28.224581] smpboot_thread_fn+0x450/0x7c0 [ 28.225087] kthread+0x3c9/0x4b0 [ 28.225555] ret_from_fork+0x2a/0x40 [ 28.226057] [ 28.226057] -> #4 (cpuhp_state-up){+.+.}: [ 28.226739] lock_acquire+0x1d5/0x580 [ 28.227252] cpuhp_issue_call+0x1e5/0x520 [ 28.227714] __cpuhp_setup_state_cpuslocked+0x2c7/0x5f0 [ 28.228594] __cpuhp_setup_state+0xb0/0x140 [ 28.229095] page_writeback_init+0x4d/0x71 [ 28.229590] pagecache_init+0x48/0x4f [ 28.230027] start_kernel+0x6bc/0x74f [ 28.230431] x86_64_start_reservations+0x2a/0x2c [ 28.230955] x86_64_start_kernel+0x77/0x7a [ 28.231418] secondary_startup_64+0xa5/0xb0 [ 28.231899] [ 28.231899] -> #3 (cpuhp_state_mutex){+.+.}: [ 28.232478] lock_acquire+0x1d5/0x580 [ 28.232960] __mutex_lock+0x16f/0x19d0 [ 28.233485] mutex_lock_nested+0x16/0x20 [ 28.234029] __cpuhp_setup_state_cpuslocked+0x5b/0x5f0 [ 28.234715] __cpuhp_setup_state+0xb0/0x140 [ 28.235293] kvm_guest_init+0x1f3/0x20f [ 28.235859] setup_arch+0x17cb/0x19e5 [ 28.236373] start_kernel+0xa5/0x74f [ 28.236880] x86_64_start_reservations+0x2a/0x2c [ 28.237510] x86_64_start_kernel+0x77/0x7a [ 28.238078] secondary_startup_64+0xa5/0xb0 [ 28.238679] [ 28.238679] -> #2 (cpu_hotplug_lock.rw_sem){++++}: [ 28.239453] lock_acquire+0x1d5/0x580 [ 28.239951] cpus_read_lock+0x42/0x90 [ 28.240498] static_key_slow_inc+0x9d/0x3c0 [ 28.241138] tracepoint_probe_register_prio+0x80d/0x9a0 [ 28.241764] tracepoint_probe_register+0x2a/0x40 [ 28.242401] trace_event_reg+0x167/0x320 [ 28.242945] perf_trace_init+0x4ef/0xab0 [ 28.243491] perf_tp_event_init+0x7d/0xf0 [ 28.244052] perf_try_init_event+0xc9/0x1f0 [ 28.244635] perf_event_alloc+0x1c5b/0x2a00 [ 28.245223] SYSC_perf_event_open+0x842/0x2f10 [ 28.245837] SyS_perf_event_open+0x39/0x50 [ 28.246407] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 28.247035] [ 28.247035] -> #1 (tracepoints_mutex){+.+.}: [ 28.247739] lock_acquire+0x1d5/0x580 [ 28.248250] __mutex_lock+0x16f/0x19d0 [ 28.248769] mutex_lock_nested+0x16/0x20 [ 28.249515] tracepoint_probe_register_prio+0xa0/0x9a0 [ 28.250211] tracepoint_probe_register+0x2a/0x40 [ 28.250854] trace_event_reg+0x167/0x320 [ 28.251407] perf_trace_init+0x4ef/0xab0 [ 28.251951] perf_tp_event_init+0x7d/0xf0 [ 28.252530] perf_try_init_event+0xc9/0x1f0 [ 28.253169] perf_event_alloc+0x1c5b/0x2a00 [ 28.253745] SYSC_perf_event_open+0x842/0x2f10 [ 28.254355] SyS_perf_event_open+0x39/0x50 [ 28.254926] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 28.255562] [ 28.255562] -> #0 (event_mutex){+.+.}: [ 28.256210] __lock_acquire+0x3374/0x4770 [ 28.256782] lock_acquire+0x1d5/0x580 [ 28.257303] __mutex_lock+0x16f/0x19d0 [ 28.257837] mutex_lock_nested+0x16/0x20 [ 28.258388] perf_trace_destroy+0x28/0x100 [ 28.258962] tp_perf_event_destroy+0x15/0x20 [ 28.259553] _free_event+0x3bd/0x10f0 [ 28.260068] put_event+0x24/0x30 [ 28.260531] perf_mmap_close+0x60d/0x1010 [ 28.261116] remove_vma+0xb4/0x1b0 [ 28.261609] do_munmap+0x82a/0xdf0 [ 28.262108] mmap_region+0x59e/0x15a0 [ 28.262642] do_mmap+0x6a1/0xd50 [ 28.263172] vm_mmap_pgoff+0x1de/0x280 [ 28.263708] SyS_mmap_pgoff+0x23b/0x5f0 [ 28.264143] SyS_mmap+0x16/0x20 [ 28.264471] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 28.264986] [ 28.264986] other info that might help us debug this: [ 28.264986] [ 28.265700] Chain exists of: [ 28.265700] event_mutex --> &sb->s_type->i_mutex_key#5 --> &mm->mmap_sem [ 28.265700] [ 28.266721] Possible unsafe locking scenario: [ 28.266721] [ 28.267282] CPU0 CPU1 [ 28.267672] ---- ---- [ 28.268089] lock(&mm->mmap_sem); [ 28.268389] lock(&sb->s_type->i_mutex_key#5); [ 28.269155] lock(&mm->mmap_sem); [ 28.269880] lock(event_mutex); [ 28.270277] [ 28.270277] *** DEADLOCK *** [ 28.270277] [ 28.271000] 1 lock held by syz-executor1/3061: [ 28.271542] #0: (&mm->mmap_sem){++++}, at: [] vm_mmap_pgoff+0x198/0x280 [ 28.272562] [ 28.272562] stack backtrace: [ 28.273120] CPU: 0 PID: 3061 Comm: syz-executor1 Not tainted 4.14.0-rc7-next-20171103+ #10 [ 28.274134] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 [ 28.275116] Call Trace: [ 28.275426] dump_stack+0x194/0x257 [ 28.275869] ? arch_local_irq_restore+0x53/0x53 [ 28.276439] print_circular_bug+0x503/0x710 [ 28.276963] ? print_circular_bug_entry+0xb0/0xb0 [ 28.277536] ? check_usage+0xb70/0xb70 [ 28.277997] check_prev_add+0x8b1/0x1580 [ 28.278478] ? copy_trace+0x1d0/0x1d0 [ 28.278926] ? check_usage+0xb70/0xb70 [ 28.279387] ? __lock_acquire+0x3374/0x4770 [ 28.279898] ? __lock_acquire+0x3374/0x4770 [ 28.280416] __lock_acquire+0x3374/0x4770 [ 28.280917] ? __lock_acquire+0x3374/0x4770 [ 28.281434] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 28.282051] ? switched_to_fair+0xb0/0xb0 [ 28.282545] ? print_usage_bug+0x480/0x480 [ 28.283074] ? __lock_is_held+0xbc/0x140 [ 28.283558] ? __lock_acquire+0x739/0x4770 [ 28.284062] ? check_noncircular+0x20/0x20 [ 28.284564] ? check_noncircular+0x20/0x20 [ 28.285486] ? update_curr+0x2e3/0xa60 [ 28.285946] ? check_noncircular+0x20/0x20 [ 28.286449] ? print_usage_bug+0x480/0x480 [ 28.286954] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 28.287621] ? print_usage_bug+0x480/0x480 [ 28.288125] ? check_noncircular+0x20/0x20 [ 28.288629] ? check_noncircular+0x20/0x20 [ 28.289145] ? __lock_acquire+0x739/0x4770 [ 28.289647] ? check_noncircular+0x20/0x20 [ 28.290154] ? perf_event_detach_bpf_prog+0x92/0x3d0 [ 28.290759] lock_acquire+0x1d5/0x580 [ 28.291209] ? perf_trace_destroy+0x28/0x100 [ 28.291709] ? lock_release+0xd70/0xd70 [ 28.292208] ? trace_event_raw_event_sched_switch+0x8a0/0x8a0 [ 28.292837] ? perf_event_detach_bpf_prog+0x92/0x3d0 [ 28.293295] ? preempt_notifier_dec+0x20/0x20 [ 28.293675] ? rcu_note_context_switch+0x710/0x710 [ 28.294093] ? __might_sleep+0x95/0x190 [ 28.294456] ? perf_trace_destroy+0x28/0x100 [ 28.294829] __mutex_lock+0x16f/0x19d0 [ 28.295159] ? perf_trace_destroy+0x28/0x100 [ 28.295567] ? perf_trace_destroy+0x28/0x100 [ 28.295941] ? lock_downgrade+0x990/0x990 [ 28.296314] ? mutex_lock_io_nested+0x1880/0x1880 [ 28.296727] ? print_usage_bug+0x480/0x480 [ 28.297263] ? find_held_lock+0x39/0x1d0 [ 28.297764] ? check_noncircular+0x20/0x20 [ 28.298282] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 28.298872] ? wait_for_completion+0x7b0/0x7b0 [ 28.299431] ? __wake_up_common_lock+0x190/0x310 [ 28.300003] ? find_held_lock+0x39/0x1d0 [ 28.300486] ? check_noncircular+0x20/0x20 [ 28.301033] ? perf_addr_filters_splice+0x18f/0x810 [ 28.301631] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 28.302250] ? free_filters_list+0x2f0/0x2f0 [ 28.302762] ? mutex_unlock+0xd/0x10 [ 28.303197] ? __lock_is_held+0xbc/0x140 [ 28.303670] mutex_lock_nested+0x16/0x20 [ 28.304144] ? mutex_lock_nested+0x16/0x20 [ 28.304636] perf_trace_destroy+0x28/0x100 [ 28.305140] ? perf_tp_event_init+0xf0/0xf0 [ 28.305650] tp_perf_event_destroy+0x15/0x20 [ 28.306168] _free_event+0x3bd/0x10f0 [ 28.306618] ? ring_buffer_attach+0x830/0x830 [ 28.307160] ? wait_for_completion+0x7b0/0x7b0 [ 28.307715] ? ring_buffer_put+0x140/0x140 [ 28.308220] ? lock_release+0xd70/0xd70 [ 28.308692] ? atomic_dec_and_mutex_lock+0x112/0x150 [ 28.309300] ? atomic_dec_and_mutex_lock+0x112/0x150 [ 28.309920] put_event+0x24/0x30 [ 28.310321] perf_mmap_close+0x60d/0x1010 [ 28.310813] ? tlb_flush_mmu_free+0xeb/0x160 [ 28.311350] ? perf_compat_ioctl+0x70/0x70 [ 28.311849] ? tlb_gather_mmu+0x70/0x70 [ 28.312335] ? check_noncircular+0x20/0x20 [ 28.312854] ? free_pgtables+0x283/0x330 [ 28.313559] ? unmap_region+0x35c/0x4f0 [ 28.314029] ? up_read+0x40/0x40 [ 28.314430] ? reusable_anon_vma+0x560/0x560 [ 28.314952] ? __lock_is_held+0xbc/0x140 [ 28.315432] ? trace_event_raw_event_sched_switch+0x8a0/0x8a0 [ 28.316124] ? rcu_note_context_switch+0x710/0x710 [ 28.316708] ? __might_sleep+0x95/0x190 [ 28.317182] ? perf_compat_ioctl+0x70/0x70 [ 28.317665] remove_vma+0xb4/0x1b0 [ 28.318080] do_munmap+0x82a/0xdf0 [ 28.318490] mmap_region+0x59e/0x15a0 [ 28.318938] ? SyS_brk+0x6f0/0x6f0 [ 28.319333] ? arch_get_unmapped_area_topdown+0xba/0x8a0 [ 28.319936] ? lock_downgrade+0x990/0x990 [ 28.320462] ? arch_get_unmapped_area+0x750/0x750 [ 28.321031] ? lock_acquire+0x1d5/0x580 [ 28.321436] ? vm_mmap_pgoff+0x198/0x280 [ 28.321858] ? selinux_mmap_addr+0x1f/0xf0 [ 28.322281] ? security_mmap_addr+0x79/0xa0 [ 28.322707] ? get_unmapped_area+0x265/0x300 [ 28.323144] do_mmap+0x6a1/0xd50 [ 28.323479] ? mmap_region+0x15a0/0x15a0 [ 28.323887] ? vm_mmap_pgoff+0x198/0x280 [ 28.324255] ? down_read_killable+0x180/0x180 [ 28.324711] ? security_mmap_file+0x143/0x180 [ 28.325188] vm_mmap_pgoff+0x1de/0x280 [ 28.325571] ? vma_is_stack_for_current+0xa0/0xa0 [ 28.326064] ? SyS_futex+0x269/0x390 [ 28.326439] SyS_mmap_pgoff+0x23b/0x5f0 [ 28.326845] ? find_mergeable_anon_vma+0xd0/0xd0 [ 28.327328] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 28.327862] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 28.328354] SyS_mmap+0x16/0x20 [ 28.328687] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 28.329164] RIP: 0033:0x447c89 [ 28.329482] RSP: 002b:00007f49b0affbd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 28.330309] RAX: ffffffffffffffda RBX: 00007f49b0b006cc RCX: 0000000000447c89 [ 28.331006] RDX: 0000000000000000 RSI: 0000000000003000 RDI: 0000000020007000 [ 28.331895] RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000 [ 28.332782] R10: 0000000000000032 R11: 0000000000000246 R12: 0000000000000000 [ 28.333689] R13: 0000000000000000 R14: 00007f49b0b009c0 R15: 00007f49b0b00700