[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   32.552477] random: sshd: uninitialized urandom read (32 bytes read)
[   32.916679] kauditd_printk_skb: 9 callbacks suppressed
[   32.916688] audit: type=1400 audit(1565956079.742:35): avc:  denied  { map } for  pid=6861 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   32.974332] random: sshd: uninitialized urandom read (32 bytes read)
[   33.511111] random: sshd: uninitialized urandom read (32 bytes read)
[   33.706471] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.154' (ECDSA) to the list of known hosts.
[   39.240686] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   39.360901] audit: type=1400 audit(1565956086.192:36): avc:  denied  { map } for  pid=6874 comm="syz-executor734" path="/root/syz-executor734649912" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   39.414891] 
[   39.416532] ======================================================
[   39.422822] WARNING: possible circular locking dependency detected
[   39.429289] 4.14.139 #35 Not tainted
[   39.432973] ------------------------------------------------------
[   39.439263] syz-executor734/6875 is trying to acquire lock:
[   39.444948]  (event_mutex){+.+.}, at: [<ffffffff8162bf38>] perf_trace_destroy+0x28/0x100
[   39.453159] 
[   39.453159] but task is already holding lock:
[   39.459118]  (&event->child_mutex){+.+.}, at: [<ffffffff816d3f67>] perf_event_release_kernel+0x207/0x880
[   39.468732] 
[   39.468732] which lock already depends on the new lock.
[   39.468732] 
[   39.477033] 
[   39.477033] the existing dependency chain (in reverse order) is:
[   39.484638] 
[   39.484638] -> #5 (&event->child_mutex){+.+.}:
[   39.490681]        lock_acquire+0x16f/0x430
[   39.494999]        __mutex_lock+0xe8/0x1470
[   39.499294]        mutex_lock_nested+0x16/0x20
[   39.503852]        perf_event_for_each_child+0x8a/0x150
[   39.509189]        perf_ioctl+0x1d9/0xd80
[   39.513329]        do_vfs_ioctl+0x7ae/0x1060
[   39.517713]        SyS_ioctl+0x8f/0xc0
[   39.522524]        do_syscall_64+0x1e8/0x640
[   39.526914]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   39.532597] 
[   39.532597] -> #4 (&cpuctx_mutex){+.+.}:
[   39.538132]        lock_acquire+0x16f/0x430
[   39.542436]        __mutex_lock+0xe8/0x1470
[   39.546730]        mutex_lock_nested+0x16/0x20
[   39.551292]        perf_event_init_cpu+0xc2/0x170
[   39.556120]        perf_event_init+0x2d8/0x31a
[   39.560680]        start_kernel+0x3b6/0x6fd
[   39.564990]        x86_64_start_reservations+0x29/0x2b
[   39.570251]        x86_64_start_kernel+0x77/0x7b
[   39.574984]        secondary_startup_64+0xa5/0xb0
[   39.579806] 
[   39.579806] -> #3 (pmus_lock){+.+.}:
[   39.584978]        lock_acquire+0x16f/0x430
[   39.589277]        __mutex_lock+0xe8/0x1470
[   39.593581]        mutex_lock_nested+0x16/0x20
[   39.598139]        perf_event_init_cpu+0x2f/0x170
[   39.602956]        cpuhp_invoke_callback+0x1ea/0x1ab0
[   39.608121]        _cpu_up+0x228/0x530
[   39.612007]        do_cpu_up+0x121/0x150
[   39.616040]        cpu_up+0x1b/0x20
[   39.619656]        smp_init+0x157/0x170
[   39.623625]        kernel_init_freeable+0x30b/0x532
[   39.628633]        kernel_init+0x12/0x162
[   39.632755]        ret_from_fork+0x24/0x30
[   39.636960] 
[   39.636960] -> #2 (cpu_hotplug_lock.rw_sem){++++}:
[   39.643358]        lock_acquire+0x16f/0x430
[   39.647655]        cpus_read_lock+0x3d/0xc0
[   39.651953]        static_key_slow_inc+0x13/0x30
[   39.657030]        tracepoint_probe_register_prio+0x4d6/0x6d0
[   39.662892]        tracepoint_probe_register+0x2b/0x40
[   39.668142]        trace_event_reg+0x277/0x330
[   39.672697]        perf_trace_init+0x449/0xaa0
[   39.677252]        perf_tp_event_init+0x7d/0xf0
[   39.681976]        perf_try_init_event+0x164/0x200
[   39.687744]        perf_event_alloc.part.0+0xd90/0x25b0
[   39.693102]        SYSC_perf_event_open+0xad1/0x2610
[   39.698199]        SyS_perf_event_open+0x34/0x40
[   39.702946]        do_syscall_64+0x1e8/0x640
[   39.707472]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   39.713161] 
[   39.713161] -> #1 (tracepoints_mutex){+.+.}:
[   39.719037]        lock_acquire+0x16f/0x430
[   39.723334]        __mutex_lock+0xe8/0x1470
[   39.727708]        mutex_lock_nested+0x16/0x20
[   39.732434]        tracepoint_probe_register_prio+0x36/0x6d0
[   39.738411]        tracepoint_probe_register+0x2b/0x40
[   39.743681]        trace_event_reg+0x277/0x330
[   39.748253]        perf_trace_init+0x449/0xaa0
[   39.752933]        perf_tp_event_init+0x7d/0xf0
[   39.757628]        perf_try_init_event+0x164/0x200
[   39.762554]        perf_event_alloc.part.0+0xd90/0x25b0
[   39.767909]        SYSC_perf_event_open+0xad1/0x2610
[   39.773025]        SyS_perf_event_open+0x34/0x40
[   39.777776]        do_syscall_64+0x1e8/0x640
[   39.782220]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   39.787910] 
[   39.787910] -> #0 (event_mutex){+.+.}:
[   39.793381]        __lock_acquire+0x2cb3/0x4620
[   39.798029]        lock_acquire+0x16f/0x430
[   39.802331]        __mutex_lock+0xe8/0x1470
[   39.806640]        mutex_lock_nested+0x16/0x20
[   39.811215]        perf_trace_destroy+0x28/0x100
[   39.815959]        tp_perf_event_destroy+0x16/0x20
[   39.820918]        _free_event+0x330/0xe70
[   39.825263]        free_event+0x38/0x50
[   39.829213]        perf_event_release_kernel+0x364/0x880
[   39.834652]        perf_release+0x37/0x50
[   39.838777]        __fput+0x275/0x7a0
[   39.842552]        ____fput+0x16/0x20
[   39.846325]        task_work_run+0x114/0x190
[   39.850715]        do_exit+0x7df/0x2c10
[   39.854682]        do_group_exit+0x111/0x330
[   39.859153]        get_signal+0x381/0x1cd0
[   39.863385]        do_signal+0x86/0x19a0
[   39.867438]        exit_to_usermode_loop+0x15c/0x220
[   39.872534]        do_syscall_64+0x4bc/0x640
[   39.877119]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   39.882823] 
[   39.882823] other info that might help us debug this:
[   39.882823] 
[   39.891012] Chain exists of:
[   39.891012]   event_mutex --> &cpuctx_mutex --> &event->child_mutex
[   39.891012] 
[   39.901914]  Possible unsafe locking scenario:
[   39.901914] 
[   39.908013]        CPU0                    CPU1
[   39.912674]        ----                    ----
[   39.917337]   lock(&event->child_mutex);
[   39.921377]                                lock(&cpuctx_mutex);
[   39.927412]                                lock(&event->child_mutex);
[   39.934363]   lock(event_mutex);
[   39.937719] 
[   39.937719]  *** DEADLOCK ***
[   39.937719] 
[   39.943855] 2 locks held by syz-executor734/6875:
[   39.948680]  #0:  (&ctx->mutex){+.+.}, at: [<ffffffff816d3f5d>] perf_event_release_kernel+0x1fd/0x880
[   39.958266]  #1:  (&event->child_mutex){+.+.}, at: [<ffffffff816d3f67>] perf_event_release_kernel+0x207/0x880
[   39.968328] 
[   39.968328] stack backtrace:
[   39.972815] CPU: 0 PID: 6875 Comm: syz-executor734 Not tainted 4.14.139 #35
[   39.979905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   39.989945] Call Trace:
[   39.992628]  dump_stack+0x138/0x19c
[   39.996254]  print_circular_bug.isra.0.cold+0x1cc/0x28f
[   40.001688]  __lock_acquire+0x2cb3/0x4620
[   40.005837]  ? event_function+0x28b/0x380
[   40.009968]  ? trace_hardirqs_on+0x10/0x10
[   40.014262]  lock_acquire+0x16f/0x430
[   40.018047]  ? perf_trace_destroy+0x28/0x100
[   40.022590]  ? perf_trace_destroy+0x28/0x100
[   40.026995]  __mutex_lock+0xe8/0x1470
[   40.030859]  ? perf_trace_destroy+0x28/0x100
[   40.035263]  ? perf_trace_destroy+0x28/0x100
[   40.039682]  ? alloc_perf_context+0xf0/0xf0
[   40.043988]  ? mutex_trylock+0x1c0/0x1c0
[   40.048028]  ? save_trace+0x290/0x290
[   40.051808]  ? __mutex_lock+0x36a/0x1470
[   40.055845]  ? perf_event_release_kernel+0x1f3/0x880
[   40.060931]  ? __lock_is_held+0xb6/0x140
[   40.065060]  ? check_preemption_disabled+0x3c/0x250
[   40.070097]  mutex_lock_nested+0x16/0x20
[   40.074387]  ? mutex_lock_nested+0x16/0x20
[   40.078673]  perf_trace_destroy+0x28/0x100
[   40.082906]  tp_perf_event_destroy+0x16/0x20
[   40.087307]  ? perf_tp_event_init+0xf0/0xf0
[   40.091606]  _free_event+0x330/0xe70
[   40.095488]  free_event+0x38/0x50
[   40.099088]  perf_event_release_kernel+0x364/0x880
[   40.104143]  ? perf_event_release_kernel+0x880/0x880
[   40.109376]  perf_release+0x37/0x50
[   40.113140]  __fput+0x275/0x7a0
[   40.116404]  ____fput+0x16/0x20
[   40.119670]  task_work_run+0x114/0x190
[   40.123597]  do_exit+0x7df/0x2c10
[   40.127042]  ? selinux_file_open+0x420/0x420
[   40.131436]  ? find_held_lock+0x35/0x130
[   40.135486]  ? mm_update_next_owner+0x5d0/0x5d0
[   40.140203]  do_group_exit+0x111/0x330
[   40.144153]  get_signal+0x381/0x1cd0
[   40.147928]  ? vfs_writev+0x1d7/0x2a0
[   40.151937]  ? kfree+0x20a/0x270
[   40.155303]  do_signal+0x86/0x19a0
[   40.158889]  ? find_held_lock+0x35/0x130
[   40.162942]  ? setup_sigcontext+0x7d0/0x7d0
[   40.167461]  ? __fget_light+0x172/0x1f0
[   40.171429]  ? do_writev+0x1af/0x2d0
[   40.175303]  ? exit_to_usermode_loop+0x3d/0x220
[   40.180015]  exit_to_usermode_loop+0x15c/0x220
[   40.184588]  do_syscall_64+0x4bc/0x640
[   40.188458]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   40.193324]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   40.198494] RIP: 0033:0x411fce
[   40.201660] RSP: 002b:00007fff81c8ec20 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   40.209458] RAX: ffffffffffffffe0 RBX: 0000000000000044 RCX: 0000000000411fce
[   40.216784] RDX: 0