[ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.111' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 28.594338] [ 28.595965] ====================================================== [ 28.602297] WARNING: possible circular locking dependency detected [ 28.608615] 4.14.291-syzkaller #0 Not tainted [ 28.613081] ------------------------------------------------------ [ 28.619373] syz-executor389/7972 is trying to acquire lock: [ 28.625053] (&cpuctx_mutex/1){+.+.}, at: [] SyS_perf_event_open+0xd13/0x2530 [ 28.633873] [ 28.633873] but task is already holding lock: [ 28.639816] (&cpuctx_mutex){+.+.}, at: [] SyS_perf_event_open+0xd06/0x2530 [ 28.648569] [ 28.648569] which lock already depends on the new lock. [ 28.648569] [ 28.656854] [ 28.656854] the existing dependency chain (in reverse order) is: [ 28.664459] [ 28.664459] -> #5 (&cpuctx_mutex){+.+.}: [ 28.669979] __mutex_lock+0xc4/0x1310 [ 28.674273] perf_event_init_cpu+0xb7/0x170 [ 28.679090] perf_event_init+0x2cc/0x308 [ 28.683644] start_kernel+0x45d/0x763 [ 28.687938] secondary_startup_64+0xa5/0xb0 [ 28.692750] [ 28.692750] -> #4 (pmus_lock){+.+.}: [ 28.697922] __mutex_lock+0xc4/0x1310 [ 28.702216] perf_event_init_cpu+0x2c/0x170 [ 28.707032] cpuhp_invoke_callback+0x1e6/0x1a80 [ 28.712194] _cpu_up+0x21e/0x520 [ 28.716142] do_cpu_up+0x9a/0x160 [ 28.720088] smp_init+0x197/0x1ac [ 28.724034] kernel_init_freeable+0x406/0x626 [ 28.729041] kernel_init+0xd/0x167 [ 28.733074] ret_from_fork+0x24/0x30 [ 28.737278] [ 28.737278] -> #3 (cpu_hotplug_lock.rw_sem){++++}: [ 28.743755] cpus_read_lock+0x39/0xc0 [ 28.748051] static_key_slow_inc+0xe/0x20 [ 28.752693] tracepoint_add_func+0x747/0xa40 [ 28.757611] tracepoint_probe_register+0x8c/0xc0 [ 28.762863] trace_event_reg+0x272/0x330 [ 28.767417] perf_trace_init+0x424/0xa30 [ 28.771971] perf_tp_event_init+0x79/0xf0 [ 28.776612] perf_try_init_event+0x15b/0x1f0 [ 28.781531] perf_event_alloc.part.0+0xe2d/0x2640 [ 28.786868] SyS_perf_event_open+0x683/0x2530 [ 28.791861] do_syscall_64+0x1d5/0x640 [ 28.796241] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.801922] [ 28.801922] -> #2 (tracepoints_mutex){+.+.}: [ 28.807784] __mutex_lock+0xc4/0x1310 [ 28.812078] tracepoint_probe_register+0x68/0xc0 [ 28.817326] trace_event_reg+0x272/0x330 [ 28.821878] perf_trace_init+0x424/0xa30 [ 28.826432] perf_tp_event_init+0x79/0xf0 [ 28.831070] perf_try_init_event+0x15b/0x1f0 [ 28.835977] perf_event_alloc.part.0+0xe2d/0x2640 [ 28.835982] SyS_perf_event_open+0x683/0x2530 [ 28.835988] do_syscall_64+0x1d5/0x640 [ 28.835994] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.835996] [ 28.835996] -> #1 (event_mutex){+.+.}: [ 28.836009] __mutex_lock+0xc4/0x1310 [ 28.836015] perf_trace_init+0x4f/0xa30 [ 28.836019] perf_tp_event_init+0x79/0xf0 [ 28.836024] perf_try_init_event+0xdf/0x1f0 [ 28.836029] perf_event_alloc.part.0+0xe2d/0x2640 [ 28.836035] SyS_perf_event_open+0x683/0x2530 [ 28.836040] do_syscall_64+0x1d5/0x640 [ 28.836045] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.836046] [ 28.836046] -> #0 (&cpuctx_mutex/1){+.+.}: [ 28.836059] lock_acquire+0x170/0x3f0 [ 28.836064] __mutex_lock+0xc4/0x1310 [ 28.836070] SyS_perf_event_open+0xd13/0x2530 [ 28.836074] do_syscall_64+0x1d5/0x640 [ 28.836080] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.836081] [ 28.836081] other info that might help us debug this: [ 28.836081] [ 28.836085] Chain exists of: [ 28.836085] &cpuctx_mutex/1 --> pmus_lock --> &cpuctx_mutex [ 28.836085] [ 28.948085] Possible unsafe locking scenario: [ 28.948085] [ 28.954113] CPU0 CPU1 [ 28.958751] ---- ---- [ 28.963493] lock(&cpuctx_mutex); [ 28.967007] lock(pmus_lock); [ 28.972690] lock(&cpuctx_mutex); [ 28.978724] lock(&cpuctx_mutex/1); [ 28.982414] [ 28.982414] *** DEADLOCK *** [ 28.982414] [ 28.988448] 1 lock held by syz-executor389/7972: [ 28.993174] #0: (&cpuctx_mutex){+.+.}, at: [] SyS_perf_event_open+0xd06/0x2530 [ 29.002253] [ 29.002253] stack backtrace: [ 29.006723] CPU: 0 PID: 7972 Comm: syz-executor389 Not tainted 4.14.291-syzkaller #0 [ 29.014588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 29.024026] Call Trace: [ 29.026602] dump_stack+0x1b2/0x281 [ 29.030227] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 29.036011] __lock_acquire+0x2e0e/0x3f20 [ 29.040230] ? __lock_acquire+0x5fc/0x3f20 [ 29.044456] ? trace_hardirqs_on+0x10/0x10 [ 29.048670] ? trace_hardirqs_on+0x10/0x10 [ 29.052882] ? trace_hardirqs_on+0x10/0x10 [ 29.057153] ? __lock_acquire+0x5fc/0x3f20 [ 29.061384] lock_acquire+0x170/0x3f0 [ 29.065170] ? SyS_perf_event_open+0xd13/0x2530 [ 29.069817] ? SyS_perf_event_open+0xd13/0x2530 [ 29.074471] __mutex_lock+0xc4/0x1310 [ 29.078254] ? SyS_perf_event_open+0xd13/0x2530 [ 29.082908] ? debug_mutex_init+0x28/0x60 [ 29.087044] ? SyS_perf_event_open+0xd13/0x2530 [ 29.091693] ? get_empty_filp+0x2a2/0x3f0 [ 29.096234] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 29.101665] ? alloc_file+0x292/0x440 [ 29.105443] ? SyS_perf_event_open+0xcb0/0x2530 [ 29.110087] ? lock_acquire+0x170/0x3f0 [ 29.114034] ? lock_downgrade+0x740/0x740 [ 29.118157] SyS_perf_event_open+0xd13/0x2530 [ 29.122715] ? perf_bp_event+0x170/0x170 [ 29.126749] ? syscall_trace_enter+0x486/0xc20 [ 29.131305] ? do_syscall_64+0x4c/0x640 [ 29.135253] ? perf_bp_event+0x170/0x170 [ 29.139288] do_syscall_64+0x1d5/0x640 [ 29.143160] entry_SYSCALL_64_after_hw