2017/11/05 08:13:15 parsed 1 programs
2017/11/05 08:13:15 executed programs: 0
syzkaller login: [   28.206767] 
[   28.207029] ======================================================
[   28.207681] WARNING: possible circular locking dependency detected
[   28.208289] 4.14.0-rc7-next-20171103+ #10 Not tainted
[   28.208744] ------------------------------------------------------
[   28.209401] syz-executor1/3061 is trying to acquire lock:
[   28.209969]  (event_mutex){+.+.}, at: [<ffffffff81776de8>] perf_trace_destroy+0x28/0x100
[   28.210820] 
[   28.210820] but task is already holding lock:
[   28.211389]  (&mm->mmap_sem){++++}, at: [<ffffffff819448b8>] vm_mmap_pgoff+0x198/0x280
[   28.212201] 
[   28.212201] which lock already depends on the new lock.
[   28.212201] 
[   28.213108] 
[   28.213108] the existing dependency chain (in reverse order) is:
[   28.213826] 
[   28.213826] -> #7 (&mm->mmap_sem){++++}:
[   28.214369]        lock_acquire+0x1d5/0x580
[   28.214773]        __might_fault+0x13a/0x1d0
[   28.215193]        _copy_to_user+0x2c/0xc0
[   28.215666]        filldir+0x1a7/0x320
[   28.216032]        dcache_readdir+0x12d/0x5e0
[   28.216510]        iterate_dir+0x1ca/0x540
[   28.216995]        SyS_getdents+0x225/0x450
[   28.217513]        entry_SYSCALL_64_fastpath+0x1f/0xbe
[   28.218053] 
[   28.218053] -> #6 (&sb->s_type->i_mutex_key#5){++++}:
[   28.218794]        try_to_wake_up+0xa53/0x1850
[   28.219257] 
[   28.219257] -> #5 ((completion)&req.done){+.+.}:
[   28.219888]        lock_acquire+0x1d5/0x580
[   28.220481]        wait_for_completion+0xcb/0x7b0
[   28.221078]        devtmpfs_create_node+0x32b/0x4a0
[   28.221684]        device_add+0x120f/0x1640
[   28.222175]        device_create_groups_vargs+0x1f3/0x250
[   28.222715]        device_create+0xda/0x110
[   28.223192]        msr_device_create+0x26/0x40
[   28.223578]        cpuhp_invoke_callback+0x2ea/0x1d20
[   28.224099]        cpuhp_thread_fun+0x48b/0x7e0
[   28.224581]        smpboot_thread_fn+0x450/0x7c0
[   28.225087]        kthread+0x3c9/0x4b0
[   28.225555]        ret_from_fork+0x2a/0x40
[   28.226057] 
[   28.226057] -> #4 (cpuhp_state-up){+.+.}:
[   28.226739]        lock_acquire+0x1d5/0x580
[   28.227252]        cpuhp_issue_call+0x1e5/0x520
[   28.227714]        __cpuhp_setup_state_cpuslocked+0x2c7/0x5f0
[   28.228594]        __cpuhp_setup_state+0xb0/0x140
[   28.229095]        page_writeback_init+0x4d/0x71
[   28.229590]        pagecache_init+0x48/0x4f
[   28.230027]        start_kernel+0x6bc/0x74f
[   28.230431]        x86_64_start_reservations+0x2a/0x2c
[   28.230955]        x86_64_start_kernel+0x77/0x7a
[   28.231418]        secondary_startup_64+0xa5/0xb0
[   28.231899] 
[   28.231899] -> #3 (cpuhp_state_mutex){+.+.}:
[   28.232478]        lock_acquire+0x1d5/0x580
[   28.232960]        __mutex_lock+0x16f/0x19d0
[   28.233485]        mutex_lock_nested+0x16/0x20
[   28.234029]        __cpuhp_setup_state_cpuslocked+0x5b/0x5f0
[   28.234715]        __cpuhp_setup_state+0xb0/0x140
[   28.235293]        kvm_guest_init+0x1f3/0x20f
[   28.235859]        setup_arch+0x17cb/0x19e5
[   28.236373]        start_kernel+0xa5/0x74f
[   28.236880]        x86_64_start_reservations+0x2a/0x2c
[   28.237510]        x86_64_start_kernel+0x77/0x7a
[   28.238078]        secondary_startup_64+0xa5/0xb0
[   28.238679] 
[   28.238679] -> #2 (cpu_hotplug_lock.rw_sem){++++}:
[   28.239453]        lock_acquire+0x1d5/0x580
[   28.239951]        cpus_read_lock+0x42/0x90
[   28.240498]        static_key_slow_inc+0x9d/0x3c0
[   28.241138]        tracepoint_probe_register_prio+0x80d/0x9a0
[   28.241764]        tracepoint_probe_register+0x2a/0x40
[   28.242401]        trace_event_reg+0x167/0x320
[   28.242945]        perf_trace_init+0x4ef/0xab0
[   28.243491]        perf_tp_event_init+0x7d/0xf0
[   28.244052]        perf_try_init_event+0xc9/0x1f0
[   28.244635]        perf_event_alloc+0x1c5b/0x2a00
[   28.245223]        SYSC_perf_event_open+0x842/0x2f10
[   28.245837]        SyS_perf_event_open+0x39/0x50
[   28.246407]        entry_SYSCALL_64_fastpath+0x1f/0xbe
[   28.247035] 
[   28.247035] -> #1 (tracepoints_mutex){+.+.}:
[   28.247739]        lock_acquire+0x1d5/0x580
[   28.248250]        __mutex_lock+0x16f/0x19d0
[   28.248769]        mutex_lock_nested+0x16/0x20
[   28.249515]        tracepoint_probe_register_prio+0xa0/0x9a0
[   28.250211]        tracepoint_probe_register+0x2a/0x40
[   28.250854]        trace_event_reg+0x167/0x320
[   28.251407]        perf_trace_init+0x4ef/0xab0
[   28.251951]        perf_tp_event_init+0x7d/0xf0
[   28.252530]        perf_try_init_event+0xc9/0x1f0
[   28.253169]        perf_event_alloc+0x1c5b/0x2a00
[   28.253745]        SYSC_perf_event_open+0x842/0x2f10
[   28.254355]        SyS_perf_event_open+0x39/0x50
[   28.254926]        entry_SYSCALL_64_fastpath+0x1f/0xbe
[   28.255562] 
[   28.255562] -> #0 (event_mutex){+.+.}:
[   28.256210]        __lock_acquire+0x3374/0x4770
[   28.256782]        lock_acquire+0x1d5/0x580
[   28.257303]        __mutex_lock+0x16f/0x19d0
[   28.257837]        mutex_lock_nested+0x16/0x20
[   28.258388]        perf_trace_destroy+0x28/0x100
[   28.258962]        tp_perf_event_destroy+0x15/0x20
[   28.259553]        _free_event+0x3bd/0x10f0
[   28.260068]        put_event+0x24/0x30
[   28.260531]        perf_mmap_close+0x60d/0x1010
[   28.261116]        remove_vma+0xb4/0x1b0
[   28.261609]        do_munmap+0x82a/0xdf0
[   28.262108]        mmap_region+0x59e/0x15a0
[   28.262642]        do_mmap+0x6a1/0xd50
[   28.263172]        vm_mmap_pgoff+0x1de/0x280
[   28.263708]        SyS_mmap_pgoff+0x23b/0x5f0
[   28.264143]        SyS_mmap+0x16/0x20
[   28.264471]        entry_SYSCALL_64_fastpath+0x1f/0xbe
[   28.264986] 
[   28.264986] other info that might help us debug this:
[   28.264986] 
[   28.265700] Chain exists of:
[   28.265700]   event_mutex --> &sb->s_type->i_mutex_key#5 --> &mm->mmap_sem
[   28.265700] 
[   28.266721]  Possible unsafe locking scenario:
[   28.266721] 
[   28.267282]        CPU0                    CPU1
[   28.267672]        ----                    ----
[   28.268089]   lock(&mm->mmap_sem);
[   28.268389]                                lock(&sb->s_type->i_mutex_key#5);
[   28.269155]                                lock(&mm->mmap_sem);
[   28.269880]   lock(event_mutex);
[   28.270277] 
[   28.270277]  *** DEADLOCK ***
[   28.270277] 
[   28.271000] 1 lock held by syz-executor1/3061:
[   28.271542]  #0:  (&mm->mmap_sem){++++}, at: [<ffffffff819448b8>] vm_mmap_pgoff+0x198/0x280
[   28.272562] 
[   28.272562] stack backtrace:
[   28.273120] CPU: 0 PID: 3061 Comm: syz-executor1 Not tainted 4.14.0-rc7-next-20171103+ #10
[   28.274134] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
[   28.275116] Call Trace:
[   28.275426]  dump_stack+0x194/0x257
[   28.275869]  ? arch_local_irq_restore+0x53/0x53
[   28.276439]  print_circular_bug+0x503/0x710
[   28.276963]  ? print_circular_bug_entry+0xb0/0xb0
[   28.277536]  ? check_usage+0xb70/0xb70
[   28.277997]  check_prev_add+0x8b1/0x1580
[   28.278478]  ? copy_trace+0x1d0/0x1d0
[   28.278926]  ? check_usage+0xb70/0xb70
[   28.279387]  ? __lock_acquire+0x3374/0x4770
[   28.279898]  ? __lock_acquire+0x3374/0x4770
[   28.280416]  __lock_acquire+0x3374/0x4770
[   28.280917]  ? __lock_acquire+0x3374/0x4770
[   28.281434]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   28.282051]  ? switched_to_fair+0xb0/0xb0
[   28.282545]  ? print_usage_bug+0x480/0x480
[   28.283074]  ? __lock_is_held+0xbc/0x140
[   28.283558]  ? __lock_acquire+0x739/0x4770
[   28.284062]  ? check_noncircular+0x20/0x20
[   28.284564]  ? check_noncircular+0x20/0x20
[   28.285486]  ? update_curr+0x2e3/0xa60
[   28.285946]  ? check_noncircular+0x20/0x20
[   28.286449]  ? print_usage_bug+0x480/0x480
[   28.286954]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   28.287621]  ? print_usage_bug+0x480/0x480
[   28.288125]  ? check_noncircular+0x20/0x20
[   28.288629]  ? check_noncircular+0x20/0x20
[   28.289145]  ? __lock_acquire+0x739/0x4770
[   28.289647]  ? check_noncircular+0x20/0x20
[   28.290154]  ? perf_event_detach_bpf_prog+0x92/0x3d0
[   28.290759]  lock_acquire+0x1d5/0x580
[   28.291209]  ? perf_trace_destroy+0x28/0x100
[   28.291709]  ? lock_release+0xd70/0xd70
[   28.292208]  ? trace_event_raw_event_sched_switch+0x8a0/0x8a0
[   28.292837]  ? perf_event_detach_bpf_prog+0x92/0x3d0
[   28.293295]  ? preempt_notifier_dec+0x20/0x20
[   28.293675]  ? rcu_note_context_switch+0x710/0x710
[   28.294093]  ? __might_sleep+0x95/0x190
[   28.294456]  ? perf_trace_destroy+0x28/0x100
[   28.294829]  __mutex_lock+0x16f/0x19d0
[   28.295159]  ? perf_trace_destroy+0x28/0x100
[   28.295567]  ? perf_trace_destroy+0x28/0x100
[   28.295941]  ? lock_downgrade+0x990/0x990
[   28.296314]  ? mutex_lock_io_nested+0x1880/0x1880
[   28.296727]  ? print_usage_bug+0x480/0x480
[   28.297263]  ? find_held_lock+0x39/0x1d0
[   28.297764]  ? check_noncircular+0x20/0x20
[   28.298282]  ? __mutex_unlock_slowpath+0xe9/0xac0
[   28.298872]  ? wait_for_completion+0x7b0/0x7b0
[   28.299431]  ? __wake_up_common_lock+0x190/0x310
[   28.300003]  ? find_held_lock+0x39/0x1d0
[   28.300486]  ? check_noncircular+0x20/0x20
[   28.301033]  ? perf_addr_filters_splice+0x18f/0x810
[   28.301631]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[   28.302250]  ? free_filters_list+0x2f0/0x2f0
[   28.302762]  ? mutex_unlock+0xd/0x10
[   28.303197]  ? __lock_is_held+0xbc/0x140
[   28.303670]  mutex_lock_nested+0x16/0x20
[   28.304144]  ? mutex_lock_nested+0x16/0x20
[   28.304636]  perf_trace_destroy+0x28/0x100
[   28.305140]  ? perf_tp_event_init+0xf0/0xf0
[   28.305650]  tp_perf_event_destroy+0x15/0x20
[   28.306168]  _free_event+0x3bd/0x10f0
[   28.306618]  ? ring_buffer_attach+0x830/0x830
[   28.307160]  ? wait_for_completion+0x7b0/0x7b0
[   28.307715]  ? ring_buffer_put+0x140/0x140
[   28.308220]  ? lock_release+0xd70/0xd70
[   28.308692]  ? atomic_dec_and_mutex_lock+0x112/0x150
[   28.309300]  ? atomic_dec_and_mutex_lock+0x112/0x150
[   28.309920]  put_event+0x24/0x30
[   28.310321]  perf_mmap_close+0x60d/0x1010
[   28.310813]  ? tlb_flush_mmu_free+0xeb/0x160
[   28.311350]  ? perf_compat_ioctl+0x70/0x70
[   28.311849]  ? tlb_gather_mmu+0x70/0x70
[   28.312335]  ? check_noncircular+0x20/0x20
[   28.312854]  ? free_pgtables+0x283/0x330
[   28.313559]  ? unmap_region+0x35c/0x4f0
[   28.314029]  ? up_read+0x40/0x40
[   28.314430]  ? reusable_anon_vma+0x560/0x560
[   28.314952]  ? __lock_is_held+0xbc/0x140
[   28.315432]  ? trace_event_raw_event_sched_switch+0x8a0/0x8a0
[   28.316124]  ? rcu_note_context_switch+0x710/0x710
[   28.316708]  ? __might_sleep+0x95/0x190
[   28.317182]  ? perf_compat_ioctl+0x70/0x70
[   28.317665]  remove_vma+0xb4/0x1b0
[   28.318080]  do_munmap+0x82a/0xdf0
[   28.318490]  mmap_region+0x59e/0x15a0
[   28.318938]  ? SyS_brk+0x6f0/0x6f0
[   28.319333]  ? arch_get_unmapped_area_topdown+0xba/0x8a0
[   28.319936]  ? lock_downgrade+0x990/0x990
[   28.320462]  ? arch_get_unmapped_area+0x750/0x750
[   28.321031]  ? lock_acquire+0x1d5/0x580
[   28.321436]  ? vm_mmap_pgoff+0x198/0x280
[   28.321858]  ? selinux_mmap_addr+0x1f/0xf0
[   28.322281]  ? security_mmap_addr+0x79/0xa0
[   28.322707]  ? get_unmapped_area+0x265/0x300
[   28.323144]  do_mmap+0x6a1/0xd50
[   28.323479]  ? mmap_region+0x15a0/0x15a0
[   28.323887]  ? vm_mmap_pgoff+0x198/0x280
[   28.324255]  ? down_read_killable+0x180/0x180
[   28.324711]  ? security_mmap_file+0x143/0x180
[   28.325188]  vm_mmap_pgoff+0x1de/0x280
[   28.325571]  ? vma_is_stack_for_current+0xa0/0xa0
[   28.326064]  ? SyS_futex+0x269/0x390
[   28.326439]  SyS_mmap_pgoff+0x23b/0x5f0
[   28.326845]  ? find_mergeable_anon_vma+0xd0/0xd0
[   28.327328]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   28.327862]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   28.328354]  SyS_mmap+0x16/0x20
[   28.328687]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   28.329164] RIP: 0033:0x447c89
[   28.329482] RSP: 002b:00007f49b0affbd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[   28.330309] RAX: ffffffffffffffda RBX: 00007f49b0b006cc RCX: 0000000000447c89
[   28.331006] RDX: 0000000000000000 RSI: 0000000000003000 RDI: 0000000020007000
[   28.331895] RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000
[   28.332782] R10: 0000000000000032 R11: 0000000000000246 R12: 0000000000000000
[   28.333689] R13: 0000000000000000 R14: 00007f49b0b009c0 R15: 00007f49b0b00700