[....] Starting enhanced syslogd: rsyslogd[ 13.255232] audit: type=1400 audit(1516736165.751:5): avc: denied { syslog } for pid=3497 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 19.502205] audit: type=1400 audit(1516736171.997:6): avc: denied { map } for pid=3636 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.15.198' (ECDSA) to the list of known hosts. executing program [ 31.271740] audit: type=1400 audit(1516736183.767:7): avc: denied { map } for pid=3652 comm="syzkaller107260" path="/root/syzkaller107260009" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 31.329871] [ 31.331570] ====================================================== [ 31.337860] WARNING: possible circular locking dependency detected [ 31.344152] 4.15.0-rc8+ #2 Not tainted [ 31.348072] ------------------------------------------------------ [ 31.354366] syzkaller107260/3655 is trying to acquire lock: [ 31.360049] (event_mutex){+.+.}, at: [<0000000078168e26>] perf_trace_destroy+0x28/0x100 [ 31.368260] [ 31.368260] but task is already holding lock: [ 31.374215] (&event->child_mutex){+.+.}, at: [<00000000501d8b43>] perf_event_release_kernel+0x2ea/0xc10 [ 31.383813] [ 31.383813] which lock already depends on the new lock. [ 31.383813] [ 31.392098] [ 31.392098] the existing dependency chain (in reverse order) is: [ 31.399687] [ 31.399687] -> #5 (&event->child_mutex){+.+.}: [ 31.405728] __mutex_lock+0x16f/0x1a80 [ 31.410106] mutex_lock_nested+0x16/0x20 [ 31.414659] perf_event_for_each_child+0x8a/0x150 [ 31.419991] perf_ioctl+0x46b/0x1430 [ 31.424198] do_vfs_ioctl+0x1b1/0x1520 [ 31.428600] SyS_ioctl+0x8f/0xc0 [ 31.432478] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 31.437756] [ 31.437756] -> #4 (&cpuctx_mutex){+.+.}: [ 31.443278] __mutex_lock+0x16f/0x1a80 [ 31.447664] mutex_lock_nested+0x16/0x20 [ 31.452224] perf_event_init_cpu+0xb6/0x160 [ 31.457036] perf_event_init+0x4e9/0x549 [ 31.461586] start_kernel+0x4cc/0x819 [ 31.465874] x86_64_start_reservations+0x2a/0x2c [ 31.471129] x86_64_start_kernel+0x77/0x7a [ 31.475868] secondary_startup_64+0xa5/0xb0 [ 31.480680] [ 31.480680] -> #3 (pmus_lock){+.+.}: [ 31.486721] __mutex_lock+0x16f/0x1a80 [ 31.491106] mutex_lock_nested+0x16/0x20 [ 31.495676] perf_event_init_cpu+0x2f/0x160 [ 31.500491] cpuhp_invoke_callback+0x2ea/0x1d20 [ 31.505660] _cpu_up+0x216/0x510 [ 31.509534] do_cpu_up+0x73/0xa0 [ 31.513389] cpu_up+0x18/0x20 [ 31.516985] smp_init+0x13a/0x152 [ 31.520940] kernel_init_freeable+0x2fe/0x521 [ 31.527087] kernel_init+0x13/0x180 [ 31.531201] ret_from_fork+0x3a/0x50 [ 31.535401] [ 31.535401] -> #2 (cpu_hotplug_lock.rw_sem){++++}: [ 31.541794] cpus_read_lock+0x42/0x90 [ 31.546086] static_key_slow_inc+0x9d/0x3c0 [ 31.550895] tracepoint_probe_register_prio+0x80d/0x9a0 [ 31.556749] tracepoint_probe_register+0x2a/0x40 [ 31.561995] trace_event_reg+0x167/0x320 [ 31.566544] perf_trace_init+0x4ef/0xab0 [ 31.571105] perf_tp_event_init+0x7d/0xf0 [ 31.575749] perf_try_init_event+0xc9/0x1f0 [ 31.580560] perf_event_alloc+0x1cc6/0x2b00 [ 31.585379] SYSC_perf_event_open+0x84e/0x2e00 [ 31.590544] SyS_perf_event_open+0x39/0x50 [ 31.595280] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 31.600526] [ 31.600526] -> #1 (tracepoints_mutex){+.+.}: [ 31.606386] __mutex_lock+0x16f/0x1a80 [ 31.610759] mutex_lock_nested+0x16/0x20 [ 31.615405] tracepoint_probe_register_prio+0xa0/0x9a0 [ 31.621210] tracepoint_probe_register+0x2a/0x40 [ 31.626455] trace_event_reg+0x167/0x320 [ 31.631002] perf_trace_init+0x4ef/0xab0 [ 31.635552] perf_tp_event_init+0x7d/0xf0 [ 31.640186] perf_try_init_event+0xc9/0x1f0 [ 31.645002] perf_event_alloc+0x1cc6/0x2b00 [ 31.649811] SYSC_perf_event_open+0x84e/0x2e00 [ 31.655759] SyS_perf_event_open+0x39/0x50 [ 31.660486] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 31.665729] [ 31.665729] -> #0 (event_mutex){+.+.}: [ 31.671069] lock_acquire+0x1d5/0x580 [ 31.675380] __mutex_lock+0x16f/0x1a80 [ 31.679777] mutex_lock_nested+0x16/0x20 [ 31.684346] perf_trace_destroy+0x28/0x100 [ 31.689091] tp_perf_event_destroy+0x15/0x20 [ 31.694034] _free_event+0x3bd/0x10f0 [ 31.698345] free_event+0x84/0x150 [ 31.702387] perf_event_release_kernel+0x54e/0xc10 [ 31.707895] perf_release+0x37/0x50 [ 31.712026] __fput+0x327/0x7e0 [ 31.715797] ____fput+0x15/0x20 [ 31.719569] task_work_run+0x199/0x270 [ 31.723946] do_exit+0x9bb/0x1ad0 [ 31.727889] do_group_exit+0x149/0x400 [ 31.732267] get_signal+0x73f/0x16c0 [ 31.736480] do_signal+0x90/0x1eb0 [ 31.740510] exit_to_usermode_loop+0x214/0x310 [ 31.745583] syscall_return_slowpath+0x490/0x550 [ 31.750970] entry_SYSCALL_64_fastpath+0x9e/0xa0 [ 31.756216] [ 31.756216] other info that might help us debug this: [ 31.756216] [ 31.764332] Chain exists of: [ 31.764332] event_mutex --> &cpuctx_mutex --> &event->child_mutex [ 31.764332] [ 31.775771] Possible unsafe locking scenario: [ 31.775771] [ 31.781799] CPU0 CPU1 [ 31.786442] ---- ---- [ 31.791087] lock(&event->child_mutex); [ 31.795117] lock(&cpuctx_mutex); [ 31.801142] lock(&event->child_mutex); [ 31.807686] lock(event_mutex); [ 31.811019] [ 31.811019] *** DEADLOCK *** [ 31.811019] [ 31.817063] 2 locks held by syzkaller107260/3655: [ 31.821870] #0: (&ctx->mutex){+.+.}, at: [<00000000662b4e5e>] perf_event_release_kernel+0x2dc/0xc10 [ 31.831212] #1: (&event->child_mutex){+.+.}, at: [<00000000501d8b43>] perf_event_release_kernel+0x2ea/0xc10 [ 31.842151] [ 31.842151] stack backtrace: [ 31.846620] CPU: 0 PID: 3655 Comm: syzkaller107260 Not tainted 4.15.0-rc8+ #2 [ 31.853860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.863182] Call Trace: [ 31.865744] dump_stack+0x194/0x257 [ 31.869339] ? arch_local_irq_restore+0x53/0x53 [ 31.873979] print_circular_bug.isra.37+0x2cd/0x2dc [ 31.878969] ? save_trace+0xe0/0x2b0 [ 31.882652] __lock_acquire+0x30a8/0x3e00 [ 31.886773] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 31.891941] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 31.897193] ? perf_trace_lock_acquire+0xe3/0x980 [ 31.902009] ? __lock_acquire+0x2d15/0x3e00 [ 31.906297] ? perf_trace_lock+0x900/0x900 [ 31.910501] ? perf_trace_lock_acquire+0xe3/0x980 [ 31.915310] ? check_noncircular+0x20/0x20 [ 31.919514] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 31.924683] ? perf_trace_lock+0x900/0x900 [ 31.929036] ? __lock_acquire+0x664/0x3e00 [ 31.933328] ? check_noncircular+0x20/0x20 [ 31.937533] ? lock_acquire+0x1d5/0x580 [ 31.941476] ? lock_acquire+0x1d5/0x580 [ 31.945419] lock_acquire+0x1d5/0x580 [ 31.949186] ? lock_acquire+0x1d5/0x580 [ 31.953131] ? perf_trace_destroy+0x28/0x100 [ 31.957506] ? lock_release+0xa40/0xa40 [ 31.961454] ? check_noncircular+0x20/0x20 [ 31.965674] ? rcu_note_context_switch+0x710/0x710 [ 31.970573] ? __might_sleep+0x95/0x190 [ 31.974516] ? perf_trace_destroy+0x28/0x100 [ 31.978911] __mutex_lock+0x16f/0x1a80 [ 31.982767] ? perf_trace_destroy+0x28/0x100 [ 31.987159] ? perf_trace_destroy+0x28/0x100 [ 31.991607] ? find_held_lock+0x35/0x1d0 [ 31.995642] ? mutex_lock_io_nested+0x1900/0x1900 [ 32.000455] ? perf_event_detach_bpf_prog+0x275/0x3d0 [ 32.005706] ? lock_downgrade+0x980/0x980 [ 32.009825] ? __perf_remove_from_context+0x19d/0x3e0 [ 32.015011] ? mark_held_locks+0xaf/0x100 [ 32.019125] ? generic_exec_single+0x362/0x5b0 [ 32.023677] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 32.028484] ? trace_hardirqs_on+0xd/0x10 [ 32.032604] ? generic_exec_single+0x18a/0x5b0 [ 32.037155] ? wait_for_completion+0x770/0x770 [ 32.041917] ? __might_sleep+0x95/0x190 [ 32.046123] ? perf_event_release_kernel+0x2ea/0xc10 [ 32.051204] ? __mutex_lock+0x16f/0x1a80 [ 32.055234] ? perf_event_release_kernel+0x2ea/0xc10 [ 32.060306] ? check_noncircular+0x20/0x20 [ 32.064508] ? perf_addr_filters_splice+0x18f/0x810 [ 32.069490] ? smp_call_function_single+0x3ae/0x560 [ 32.074476] ? free_filters_list+0x2f0/0x2f0 [ 32.078854] ? mutex_unlock+0xd/0x10 [ 32.082540] ? __lock_is_held+0xb6/0x140 [ 32.086574] mutex_lock_nested+0x16/0x20 [ 32.090604] ? mutex_lock_nested+0x16/0x20 [ 32.094807] perf_trace_destroy+0x28/0x100 [ 32.099022] ? perf_tp_event_init+0xf0/0xf0 [ 32.103325] tp_perf_event_destroy+0x15/0x20 [ 32.107715] _free_event+0x3bd/0x10f0 [ 32.111581] ? ring_buffer_attach+0x830/0x830 [ 32.116048] ? event_function_call+0x2f5/0x5a0 [ 32.120600] ? list_del_event+0xb30/0xb30 [ 32.124724] ? task_function_call+0x220/0x220 [ 32.129198] ? lock_downgrade+0x980/0x980 [ 32.133332] ? list_del_event+0xb30/0xb30 [ 32.137451] free_event+0x84/0x150 [ 32.140959] ? _free_event+0x10f0/0x10f0 [ 32.144990] perf_event_release_kernel+0x54e/0xc10 [ 32.149889] ? put_event+0x30/0x30 [ 32.153396] ? mntput_no_expire+0x130/0xa90 [ 32.157684] ? lock_downgrade+0x980/0x980 [ 32.161801] ? lock_release+0xa40/0xa40 [ 32.165751] ? __dentry_kill+0x487/0x6d0 [ 32.169782] ? locks_remove_file+0x3fa/0x5a0 [ 32.174161] ? fcntl_setlk+0x10c0/0x10c0 [ 32.178190] ? fsnotify+0x7b3/0x1140 [ 32.181879] ? fsnotify_first_mark+0x2b0/0x2b0 [ 32.186431] ? perf_event_release_kernel+0xc10/0xc10 [ 32.191499] perf_release+0x37/0x50 [ 32.195092] __fput+0x327/0x7e0 [ 32.198343] ? fput+0x140/0x140 [ 32.201593] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 32.207461] ____fput+0x15/0x20 [ 32.210710] task_work_run+0x199/0x270 [ 32.214562] ? task_work_cancel+0x210/0x210 [ 32.218849] ? free_nsproxy+0x18b/0x1f0 [ 32.222796] ? switch_task_namespaces+0xa2/0xc0 [ 32.227437] do_exit+0x9bb/0x1ad0 [ 32.230861] ? mm_update_next_owner+0x930/0x930 [ 32.235501] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 32.240659] ? perf_trace_run_bpf_submit+0x20d/0x330 [ 32.245740] ? perf_tp_event+0xae0/0xae0 [ 32.249774] ? find_held_lock+0x35/0x1d0 [ 32.253804] ? memset+0x31/0x40 [ 32.257051] ? perf_trace_lock_acquire+0x532/0x980 [ 32.262160] ? lock_release+0xa40/0xa40 [ 32.266104] ? perf_trace_lock+0x900/0x900 [ 32.270311] ? check_noncircular+0x20/0x20 [ 32.274523] ? drop_futex_key_refs.isra.12+0x63/0xb0 [ 32.279605] ? futex_wait+0x6a9/0x9a0 [ 32.283379] ? find_held_lock+0x35/0x1d0 [ 32.287421] ? get_signal+0x7ae/0x16c0 [ 32.291630] ? lock_downgrade+0x980/0x980 [ 32.295756] do_group_exit+0x149/0x400 [ 32.299621] ? do_raw_spin_trylock+0x190/0x190 [ 32.304176] ? SyS_exit+0x30/0x30 [ 32.307600] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.312063] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 32.317058] get_signal+0x73f/0x16c0 [ 32.320749] ? ptrace_notify+0x130/0x130 [ 32.324803] ? exit_robust_list+0x240/0x240 [ 32.329099] ? __fd_install+0x288/0x740 [ 32.333055] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 32.337888] ? get_unused_fd_flags+0x190/0x190 [ 32.342440] ? wait_for_completion+0x770/0x770 [ 32.346992] ? lock_downgrade+0x980/0x980 [ 32.351121] do_signal+0x90/0x1eb0 [ 32.354632] ? mark_held_locks+0xaf/0x100 [ 32.358756] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 32.363827] ? setup_sigcontext+0x7d0/0x7d0 [ 32.368123] ? fd_install+0x4d/0x60 [ 32.371721] ? SYSC_perf_event_open+0x4c3/0x2e00 [ 32.376447] ? iterate_fd+0x3f0/0x3f0 [ 32.380216] ? perf_event_set_output+0x5a0/0x5a0 [ 32.384940] ? exit_to_usermode_loop+0x8c/0x310 [ 32.389578] exit_to_usermode_loop+0x214/0x310 [ 32.394127] ? ioctl_preallocate+0x2b0/0x2b0 [ 32.398524] ? trace_event_raw_event_sys_exit+0x260/0x260 [ 32.404031] ? selinux_capable+0x40/0x40 [ 32.408062] syscall_return_slowpath+0x490/0x550 [ 32.412785] ? prepare_exit_to_usermode+0x340/0x340 [ 32.417777] ? entry_SYSCALL_64_fastpath+0x73/0xa0 [ 32.422677] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 32.427661] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 32.432385] entry_SYSCALL_64