INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-upstream-next-kasan-gce-3,10.128.0.51' (ECDSA) to the list of known hosts. 2017/11/05 08:06:10 parsed 1 programs 2017/11/05 08:06:10 executed programs: 0 syzkaller login: [ 29.114792] [ 29.115108] ====================================================== [ 29.115970] WARNING: possible circular locking dependency detected [ 29.116816] 4.14.0-rc7-next-20171103+ #38 Not tainted [ 29.117501] ------------------------------------------------------ [ 29.118348] syz-executor0/3012 is trying to acquire lock: [ 29.119075] (event_mutex){+.+.}, at: [] perf_trace_destroy+0x28/0x100 [ 29.120174] [ 29.120174] but task is already holding lock: [ 29.120957] (&mm->mmap_sem){++++}, at: [] vm_mmap_pgoff+0x198/0x280 [ 29.122013] [ 29.122013] which lock already depends on the new lock. [ 29.122013] [ 29.123120] [ 29.123120] the existing dependency chain (in reverse order) is: [ 29.124115] [ 29.124115] -> #7 (&mm->mmap_sem){++++}: [ 29.124870] lock_acquire+0x1d5/0x580 [ 29.125447] __might_fault+0x13a/0x1d0 [ 29.126032] _copy_to_user+0x2c/0xc0 [ 29.126595] filldir+0x1a7/0x320 [ 29.127115] dcache_readdir+0x12d/0x5e0 [ 29.127709] iterate_dir+0x1ca/0x540 [ 29.128271] SyS_getdents+0x225/0x450 [ 29.128846] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 29.129540] [ 29.129540] -> #6 (&sb->s_type->i_mutex_key#5){++++}: [ 29.130426] devtmpfsd+0x224/0x4b0 [ 29.130963] [ 29.130963] -> #5 ((completion)&req.done){+.+.}: [ 29.131787] lock_acquire+0x1d5/0x580 [ 29.132361] wait_for_completion+0xcb/0x7b0 [ 29.133006] devtmpfs_create_node+0x32b/0x4a0 [ 29.133670] device_add+0x120f/0x1640 [ 29.134249] device_create_groups_vargs+0x1f3/0x250 [ 29.134989] device_create+0xda/0x110 [ 29.139274] msr_device_create+0x26/0x40 [ 29.143819] cpuhp_invoke_callback+0x2ea/0x1d20 [ 29.148969] cpuhp_thread_fun+0x48b/0x7e0 [ 29.153604] smpboot_thread_fn+0x450/0x7c0 [ 29.158322] kthread+0x3c9/0x4b0 [ 29.162173] ret_from_fork+0x2a/0x40 [ 29.166368] [ 29.166368] -> #4 (cpuhp_state-up){+.+.}: [ 29.171961] lock_acquire+0x1d5/0x580 [ 29.176253] cpuhp_issue_call+0x1e5/0x520 [ 29.180887] __cpuhp_setup_state_cpuslocked+0x2c7/0x5f0 [ 29.186733] __cpuhp_setup_state+0xb0/0x140 [ 29.191549] page_writeback_init+0x4d/0x71 [ 29.196268] pagecache_init+0x48/0x4f [ 29.200554] start_kernel+0x6bc/0x74f [ 29.204838] x86_64_start_reservations+0x2a/0x2c [ 29.210078] x86_64_start_kernel+0x77/0x7a [ 29.214795] secondary_startup_64+0xa5/0xb0 [ 29.219597] [ 29.219597] -> #3 (cpuhp_state_mutex){+.+.}: [ 29.225453] lock_acquire+0x1d5/0x580 [ 29.229737] __mutex_lock+0x16f/0x19d0 [ 29.234107] mutex_lock_nested+0x16/0x20 [ 29.238652] __cpuhp_setup_state_cpuslocked+0x5b/0x5f0 [ 29.244415] __cpuhp_setup_state+0xb0/0x140 [ 29.249224] kvm_guest_init+0x1f3/0x20f [ 29.253692] setup_arch+0x17cb/0x19e5 [ 29.257979] start_kernel+0xa5/0x74f [ 29.262178] x86_64_start_reservations+0x2a/0x2c [ 29.267418] x86_64_start_kernel+0x77/0x7a [ 29.272136] secondary_startup_64+0xa5/0xb0 [ 29.276939] [ 29.276939] -> #2 (cpu_hotplug_lock.rw_sem){++++}: [ 29.283314] lock_acquire+0x1d5/0x580 [ 29.287599] cpus_read_lock+0x42/0x90 [ 29.291886] static_key_slow_inc+0x9d/0x3c0 [ 29.296693] tracepoint_probe_register_prio+0x80d/0x9a0 [ 29.302543] tracepoint_probe_register+0x2a/0x40 [ 29.307782] trace_event_reg+0x167/0x320 [ 29.312329] perf_trace_init+0x4ef/0xab0 [ 29.316877] perf_tp_event_init+0x7d/0xf0 [ 29.321509] perf_try_init_event+0xc9/0x1f0 [ 29.326315] perf_event_alloc+0x1c5b/0x2a00 [ 29.331120] SYSC_perf_event_open+0x842/0x2f10 [ 29.336186] SyS_perf_event_open+0x39/0x50 [ 29.340907] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 29.346145] [ 29.346145] -> #1 (tracepoints_mutex){+.+.}: [ 29.352001] lock_acquire+0x1d5/0x580 [ 29.356291] __mutex_lock+0x16f/0x19d0 [ 29.360661] mutex_lock_nested+0x16/0x20 [ 29.365206] tracepoint_probe_register_prio+0xa0/0x9a0 [ 29.370966] tracepoint_probe_register+0x2a/0x40 [ 29.376207] trace_event_reg+0x167/0x320 [ 29.380754] perf_trace_init+0x4ef/0xab0 [ 29.385300] perf_tp_event_init+0x7d/0xf0 [ 29.389931] perf_try_init_event+0xc9/0x1f0 [ 29.394737] perf_event_alloc+0x1c5b/0x2a00 [ 29.399544] SYSC_perf_event_open+0x842/0x2f10 [ 29.404611] SyS_perf_event_open+0x39/0x50 [ 29.409335] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 29.414575] [ 29.414575] -> #0 (event_mutex){+.+.}: [ 29.419910] __lock_acquire+0x3374/0x4770 [ 29.424556] lock_acquire+0x1d5/0x580 [ 29.428840] __mutex_lock+0x16f/0x19d0 [ 29.433213] mutex_lock_nested+0x16/0x20 [ 29.437763] perf_trace_destroy+0x28/0x100 [ 29.442481] tp_perf_event_destroy+0x15/0x20 [ 29.447372] _free_event+0x3bd/0x10f0 [ 29.451656] put_event+0x24/0x30 [ 29.455511] perf_mmap_close+0x60d/0x1010 [ 29.460145] remove_vma+0xb4/0x1b0 [ 29.464168] do_munmap+0x82a/0xdf0 [ 29.468208] mmap_region+0x59e/0x15a0 [ 29.472497] do_mmap+0x6a1/0xd50 [ 29.476349] vm_mmap_pgoff+0x1de/0x280 [ 29.480719] SyS_mmap_pgoff+0x23b/0x5f0 [ 29.485182] SyS_mmap+0x16/0x20 [ 29.488947] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 29.494184] [ 29.494184] other info that might help us debug this: [ 29.494184] [ 29.502287] Chain exists of: [ 29.502287] event_mutex --> &sb->s_type->i_mutex_key#5 --> &mm->mmap_sem [ 29.502287] [ 29.513614] Possible unsafe locking scenario: [ 29.513614] [ 29.519635] CPU0 CPU1 [ 29.524268] ---- ---- [ 29.528898] lock(&mm->mmap_sem); [ 29.532417] lock(&sb->s_type->i_mutex_key#5); [ 29.539569] lock(&mm->mmap_sem); [ 29.545589] lock(event_mutex); [ 29.548918] [ 29.548918] *** DEADLOCK *** [ 29.548918] [ 29.554944] 1 lock held by syz-executor0/3012: [ 29.559484] #0: (&mm->mmap_sem){++++}, at: [] vm_mmap_pgoff+0x198/0x280 [ 29.567945] [ 29.567945] stack backtrace: [ 29.572407] CPU: 0 PID: 3012 Comm: syz-executor0 Not tainted 4.14.0-rc7-next-20171103+ #38 [ 29.580769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.590088] Call Trace: [ 29.592641] dump_stack+0x194/0x257 [ 29.596237] ? arch_local_irq_restore+0x53/0x53 [ 29.600873] print_circular_bug+0x503/0x710 [ 29.605157] ? print_circular_bug_entry+0xb0/0xb0 [ 29.609965] ? check_usage+0xb70/0xb70 [ 29.613818] check_prev_add+0x8b1/0x1580 [ 29.617844] ? copy_trace+0x1d0/0x1d0 [ 29.621612] ? check_usage+0xb70/0xb70 [ 29.625464] ? __lock_acquire+0x3374/0x4770 [ 29.629747] ? __lock_acquire+0x3374/0x4770 [ 29.634038] __lock_acquire+0x3374/0x4770 [ 29.638151] ? __lock_acquire+0x3374/0x4770 [ 29.642443] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 29.647599] ? switched_to_fair+0xb0/0xb0 [ 29.651711] ? print_usage_bug+0x480/0x480 [ 29.655909] ? __lock_is_held+0xbc/0x140 [ 29.659938] ? __lock_acquire+0x739/0x4770 [ 29.664136] ? check_noncircular+0x20/0x20 [ 29.668341] ? check_noncircular+0x20/0x20 [ 29.672541] ? update_curr+0x2e3/0xa60 [ 29.676396] ? check_noncircular+0x20/0x20 [ 29.680595] ? print_usage_bug+0x480/0x480 [ 29.684793] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 29.689944] ? print_usage_bug+0x480/0x480 [ 29.694141] ? check_noncircular+0x20/0x20 [ 29.698342] ? check_noncircular+0x20/0x20 [ 29.702541] ? __lock_acquire+0x739/0x4770 [ 29.706744] ? check_noncircular+0x20/0x20 [ 29.710947] ? perf_event_detach_bpf_prog+0x92/0x3d0 [ 29.716014] lock_acquire+0x1d5/0x580 [ 29.719777] ? perf_trace_destroy+0x28/0x100 [ 29.724147] ? lock_release+0xd70/0xd70 [ 29.728086] ? trace_event_raw_event_sched_switch+0x8a0/0x8a0 [ 29.733933] ? perf_event_detach_bpf_prog+0x92/0x3d0 [ 29.738997] ? preempt_notifier_dec+0x20/0x20 [ 29.743455] ? rcu_note_context_switch+0x710/0x710 [ 29.748347] ? __might_sleep+0x95/0x190 [ 29.752286] ? perf_trace_destroy+0x28/0x100 [ 29.756661] __mutex_lock+0x16f/0x19d0 [ 29.760510] ? perf_trace_destroy+0x28/0x100 [ 29.764880] ? perf_trace_destroy+0x28/0x100 [ 29.769250] ? lock_downgrade+0x990/0x990 [ 29.773363] ? mutex_lock_io_nested+0x1880/0x1880 [ 29.778167] ? print_usage_bug+0x480/0x480 [ 29.782366] ? find_held_lock+0x39/0x1d0 [ 29.786391] ? check_noncircular+0x20/0x20 [ 29.790590] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 29.795395] ? wait_for_completion+0x7b0/0x7b0 [ 29.799939] ? __wake_up_common_lock+0x190/0x310 [ 29.804658] ? find_held_lock+0x39/0x1d0 [ 29.808682] ? check_noncircular+0x20/0x20 [ 29.812882] ? perf_addr_filters_splice+0x18f/0x810 [ 29.817862] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 29.822926] ? free_filters_list+0x2f0/0x2f0 [ 29.827297] ? mutex_unlock+0xd/0x10 [ 29.830974] ? __lock_is_held+0xbc/0x140 [ 29.835000] mutex_lock_nested+0x16/0x20 [ 29.839022] ? mutex_lock_nested+0x16/0x20 [ 29.843219] perf_trace_destroy+0x28/0x100 [ 29.847415] ? perf_tp_event_init+0xf0/0xf0 [ 29.851697] tp_perf_event_destroy+0x15/0x20 [ 29.856067] _free_event+0x3bd/0x10f0 [ 29.859832] ? ring_buffer_attach+0x830/0x830 [ 29.864290] ? wait_for_completion+0x7b0/0x7b0 [ 29.868834] ? ring_buffer_put+0x140/0x140 [ 29.873034] ? lock_release+0xd70/0xd70 [ 29.876971] ? atomic_dec_and_mutex_lock+0x112/0x150 [ 29.882036] ? atomic_dec_and_mutex_lock+0x112/0x150 [ 29.887104] put_event+0x24/0x30 [ 29.890433] perf_mmap_close+0x60d/0x1010 [ 29.894543] ? tlb_flush_mmu_free+0xeb/0x160 [ 29.898914] ? perf_compat_ioctl+0x70/0x70 [ 29.903109] ? tlb_gather_mmu+0x70/0x70 [ 29.907047] ? check_noncircular+0x20/0x20 [ 29.911244] ? free_pgtables+0x283/0x330 [ 29.915268] ? unmap_region+0x35c/0x4f0 [ 29.919204] ? up_read+0x40/0x40 [ 29.922534] ? reusable_anon_vma+0x560/0x560 [ 29.926905] ? __lock_is_held+0xbc/0x140 [ 29.930934] ? trace_event_raw_event_sched_switch+0x8a0/0x8a0 [ 29.936781] ? rcu_note_context_switch+0x710/0x710 [ 29.941673] ? __might_sleep+0x95/0x190 [ 29.945608] ? perf_compat_ioctl+0x70/0x70 [ 29.949803] remove_vma+0xb4/0x1b0 [ 29.953304] do_munmap+0x82a/0xdf0 [ 29.956807] mmap_region+0x59e/0x15a0 [ 29.960573] ? SyS_brk+0x6f0/0x6f0 [ 29.964077] ? arch_get_unmapped_area_topdown+0xba/0x8a0 [ 29.969488] ? lock_downgrade+0x990/0x990 [ 29.973599] ? arch_get_unmapped_area+0x750/0x750 [ 29.978402] ? lock_acquire+0x1d5/0x580 [ 29.982337] ? vm_mmap_pgoff+0x198/0x280 [ 29.986363] ? selinux_mmap_addr+0x1f/0xf0 [ 29.990559] ? security_mmap_addr+0x79/0xa0 [ 29.994845] ? get_unmapped_area+0x265/0x300 [ 29.999218] do_mmap+0x6a1/0xd50 [ 30.002549] ? mmap_region+0x15a0/0x15a0 [ 30.006573] ? vm_mmap_pgoff+0x198/0x280 [ 30.010596] ? down_read_killable+0x180/0x180 [ 30.015055] ? security_mmap_file+0x143/0x180 [ 30.019515] vm_mmap_pgoff+0x1de/0x280 [ 30.023369] ? vma_is_stack_for_current+0xa0/0xa0 [ 30.028184] ? SyS_futex+0x269/0x390 [ 30.031862] SyS_mmap_pgoff+0x23b/0x5f0 [ 30.035804] ? find_mergeable_anon_vma+0xd0/0xd0 [ 30.040522] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 30.045504] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 30.050225] SyS_mmap+0x16/0x20 [ 30.053472] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 30.058193] RIP: 0033:0x452869 [ 30.061348] RSP: 002b:00007f3b2d172be8 EFLAGS: 00000212 ORIG_RAX: 0000000000000009 [ 30.069017] RAX: ffffffffffffffda RBX: 00000000007580d8 RCX: 0000000000452869 [ 30.076408] RDX: 0000000000000000 RSI: 0000000000003000 RDI: 0000000020007000 [ 30.083643] RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000 [ 30.090877] R10: 0000000000000032 R11: 0000000000000212 R12: 0000000000000000 [ 30.098108] R13: 00007fff3e64a28f R14: 00007f3b2d1739c0 R15: 0000000000000005