[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.204' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 29.456814] [ 29.458503] ====================================================== [ 29.464791] WARNING: possible circular locking dependency detected [ 29.471080] 4.14.213-syzkaller #0 Not tainted [ 29.475542] ------------------------------------------------------ [ 29.481827] syz-executor120/7991 is trying to acquire lock: [ 29.487506] (event_mutex){+.+.}, at: [] perf_trace_destroy+0x23/0xf0 [ 29.495629] [ 29.495629] but task is already holding lock: [ 29.501568] (&event->child_mutex){+.+.}, at: [] perf_event_release_kernel+0x208/0x8a0 [ 29.511165] [ 29.511165] which lock already depends on the new lock. [ 29.511165] [ 29.519451] [ 29.519451] the existing dependency chain (in reverse order) is: [ 29.527092] [ 29.527092] -> #5 (&event->child_mutex){+.+.}: [ 29.533132] __mutex_lock+0xc4/0x1310 [ 29.537424] perf_event_for_each_child+0x82/0x140 [ 29.542758] _perf_ioctl+0x3db/0x1a40 [ 29.547052] perf_ioctl+0x55/0x80 [ 29.550997] do_vfs_ioctl+0x75a/0xff0 [ 29.555287] SyS_ioctl+0x7f/0xb0 [ 29.559146] do_syscall_64+0x1d5/0x640 [ 29.563527] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.569204] [ 29.569204] -> #4 (&cpuctx_mutex){+.+.}: [ 29.574716] __mutex_lock+0xc4/0x1310 [ 29.579012] perf_event_init_cpu+0xb7/0x170 [ 29.583827] perf_event_init+0x2cc/0x308 [ 29.588377] start_kernel+0x46a/0x770 [ 29.592670] secondary_startup_64+0xa5/0xb0 [ 29.597478] [ 29.597478] -> #3 (pmus_lock){+.+.}: [ 29.602678] __mutex_lock+0xc4/0x1310 [ 29.607001] perf_event_init_cpu+0x2c/0x170 [ 29.611815] cpuhp_invoke_callback+0x1e6/0x1a80 [ 29.616975] _cpu_up+0x219/0x500 [ 29.620833] do_cpu_up+0x9a/0x160 [ 29.624777] smp_init+0x197/0x1ac [ 29.628807] kernel_init_freeable+0x3f4/0x614 [ 29.633813] kernel_init+0xd/0x165 [ 29.637848] ret_from_fork+0x24/0x30 [ 29.642052] [ 29.642052] -> #2 (cpu_hotplug_lock.rw_sem){++++}: [ 29.648446] cpus_read_lock+0x39/0xc0 [ 29.652739] static_key_slow_inc+0xe/0x20 [ 29.657379] tracepoint_add_func+0x517/0x750 [ 29.662313] tracepoint_probe_register+0x8c/0xc0 [ 29.667651] trace_event_reg+0x272/0x330 [ 29.672204] perf_trace_init+0x424/0xa30 [ 29.676754] perf_tp_event_init+0x79/0xf0 [ 29.681393] perf_try_init_event+0x15b/0x1f0 [ 29.686292] perf_event_alloc.part.0+0xe2d/0x2640 [ 29.691627] SyS_perf_event_open+0x67f/0x24b0 [ 29.696614] do_syscall_64+0x1d5/0x640 [ 29.701001] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.706678] [ 29.706678] -> #1 (tracepoints_mutex){+.+.}: [ 29.712541] __mutex_lock+0xc4/0x1310 [ 29.716844] tracepoint_probe_register+0x68/0xc0 [ 29.722097] trace_event_reg+0x272/0x330 [ 29.726660] perf_trace_init+0x424/0xa30 [ 29.731213] perf_tp_event_init+0x79/0xf0 [ 29.735867] perf_try_init_event+0x15b/0x1f0 [ 29.740769] perf_event_alloc.part.0+0xe2d/0x2640 [ 29.746112] SyS_perf_event_open+0x67f/0x24b0 [ 29.751099] do_syscall_64+0x1d5/0x640 [ 29.755479] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.761156] [ 29.761156] -> #0 (event_mutex){+.+.}: [ 29.766495] lock_acquire+0x170/0x3f0 [ 29.770787] __mutex_lock+0xc4/0x1310 [ 29.775077] perf_trace_destroy+0x23/0xf0 [ 29.779726] _free_event+0x321/0xe20 [ 29.783941] free_event+0x32/0x40 [ 29.787895] perf_event_release_kernel+0x368/0x8a0 [ 29.793320] perf_release+0x33/0x40 [ 29.797476] __fput+0x25f/0x7a0 [ 29.801247] task_work_run+0x11f/0x190 [ 29.805625] do_exit+0xa44/0x2850 [ 29.809579] do_group_exit+0x100/0x2e0 [ 29.813961] get_signal+0x38d/0x1ca0 [ 29.818180] do_signal+0x7c/0x1550 [ 29.822315] exit_to_usermode_loop+0x160/0x200 [ 29.827388] do_syscall_64+0x4a3/0x640 [ 29.831770] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.837447] [ 29.837447] other info that might help us debug this: [ 29.837447] [ 29.845591] Chain exists of: [ 29.845591] event_mutex --> &cpuctx_mutex --> &event->child_mutex [ 29.845591] [ 29.856314] Possible unsafe locking scenario: [ 29.856314] [ 29.862374] CPU0 CPU1 [ 29.867008] ---- ---- [ 29.871645] lock(&event->child_mutex); [ 29.875676] lock(&cpuctx_mutex); [ 29.881701] lock(&event->child_mutex); [ 29.888334] lock(event_mutex); [ 29.891707] [ 29.891707] *** DEADLOCK *** [ 29.891707] [ 29.897736] 2 locks held by syz-executor120/7991: [ 29.902545] #0: (&ctx->mutex){+.+.}, at: [] perf_event_release_kernel+0x1fe/0x8a0 [ 29.911880] #1: (&event->child_mutex){+.+.}, at: [] perf_event_release_kernel+0x208/0x8a0 [ 29.921907] [ 29.921907] stack backtrace: [ 29.926378] CPU: 0 PID: 7991 Comm: syz-executor120 Not tainted 4.14.213-syzkaller #0 [ 29.934225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.943561] Call Trace: [ 29.946124] dump_stack+0x1b2/0x283 [ 29.949725] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 29.955491] __lock_acquire+0x2e0e/0x3f20 [ 29.959611] ? list_del_event+0x56c/0x870 [ 29.963729] ? trace_hardirqs_on+0x10/0x10 [ 29.967934] ? do_raw_spin_unlock+0x164/0x220 [ 29.972399] ? mark_held_locks+0xa6/0xf0 [ 29.976430] ? perf_group_detach+0x7f0/0x7f0 [ 29.980810] ? generic_exec_single+0x27e/0x420 [ 29.985360] ? generic_exec_single+0x127/0x420 [ 29.989920] lock_acquire+0x170/0x3f0 [ 29.993694] ? perf_trace_destroy+0x23/0xf0 [ 29.997985] ? perf_trace_destroy+0x23/0xf0 [ 30.002278] __mutex_lock+0xc4/0x1310 [ 30.006047] ? perf_trace_destroy+0x23/0xf0 [ 30.010340] ? task_function_call+0xed/0x130 [ 30.014720] ? pmu_dev_release+0x20/0x20 [ 30.018812] ? perf_trace_destroy+0x23/0xf0 [ 30.023106] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 30.028526] ? event_function_call+0x1fa/0x3c0 [ 30.033081] ? event_sched_out+0x11b0/0x11b0 [ 30.037458] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 30.042880] ? perf_tp_event_init+0xf0/0xf0 [ 30.047174] perf_trace_destroy+0x23/0xf0 [ 30.051295] ? perf_tp_event_init+0xf0/0xf0 [ 30.055585] _free_event+0x321/0xe20 [ 30.059272] free_event+0x32/0x40 [ 30.062698] perf_event_release_kernel+0x368/0x8a0 [ 30.067600] ? perf_event_release_kernel+0x8a0/0x8a0 [ 30.072675] perf_release+0x33/0x40 [ 30.076309] __fput+0x25f/0x7a0 [ 30.079561] task_work_run+0x11f/0x190 [ 30.083461] do_exit+0xa44/0x2850 [ 30.086887] ? lock_acquire+0x170/0x3f0 [ 30.090831] ? lock_downgrade+0x740/0x740 [ 30.094948] ? mm_update_next_owner+0x5b0/0x5b0 [ 30.099587] ? get_signal+0x323/0x1ca0 [ 30.103446] ? lock_acquire+0x170/0x3f0 [ 30.107393] ? lock_downgrade+0x740/0x740 [ 30.111512] do_group_exit+0x100/0x2e0 [ 30.115375] get_signal+0x38d/0x1ca0 [ 30.119075] ? vfs_writev+0x18d/0x290 [ 30.122851] do_signal+0x7c/0x1550 [ 30.126361] ? vfs_iter_write+0xa0/0xa0 [ 30.130306] ? debug_check_no_obj_freed+0x2c0/0x674 [ 30.135294] ? setup_sigcontext+0x820/0x820 [ 30.139623] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 30.145043] ? putname+0xcd/0x110 [ 30.148503] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 30.153492] ? kmem_cache_free+0x23a/0x2b0 [ 30.157698] ? putname+0xcd/0x110 [ 30.161123] ? exit_to_usermode_loop+0x41/0x200 [ 30.165764] exit_to_usermode_loop+0x160/0x200 [ 30.170330] do_syscall_64+0x4a3/0x640 [ 30.174208] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 30.179382] RIP: 0033:0x411d08 [ 30.182542] RSP: 002b:00007ffec86c5a40 EFLAGS: 00000202 ORIG_RAX: 0000000000000014 [ 30.190219] RAX: ffffffffffffffe0 RBX: 00007ffec86c5a40 RCX: 0000000000411d08 [ 30.197459] RDX: 0000000000000001 RSI: 00007ffec86c5a40 RDI: 0000000000000002 [ 30.204703] RBP: 00007ffec86c5b10 R08: 0000000000000016 R09: