Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.146' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 30.228977] IPVS: ftp: loaded support on port[0] = 21 [ 30.262399] [ 30.264097] ====================================================== [ 30.270390] WARNING: possible circular locking dependency detected [ 30.276716] 4.14.213-syzkaller #0 Not tainted [ 30.281207] ------------------------------------------------------ [ 30.288372] syz-executor835/8020 is trying to acquire lock: [ 30.295458] (event_mutex){+.+.}, at: [] ftrace_profile_set_filter+0x64/0x1be [ 30.304283] [ 30.304283] but task is already holding lock: [ 30.310240] (&cpuctx_mutex){+.+.}, at: [] perf_event_ctx_lock_nested+0x14d/0x2c0 [ 30.319427] [ 30.319427] which lock already depends on the new lock. [ 30.319427] [ 30.327755] [ 30.327755] the existing dependency chain (in reverse order) is: [ 30.335367] [ 30.335367] -> #4 (&cpuctx_mutex){+.+.}: [ 30.340891] __mutex_lock+0xc4/0x1310 [ 30.345201] perf_event_init_cpu+0xb7/0x170 [ 30.350021] perf_event_init+0x2cc/0x308 [ 30.354597] start_kernel+0x46a/0x770 [ 30.358914] secondary_startup_64+0xa5/0xb0 [ 30.363742] [ 30.363742] -> #3 (pmus_lock){+.+.}: [ 30.368919] __mutex_lock+0xc4/0x1310 [ 30.373237] perf_event_init_cpu+0x2c/0x170 [ 30.378069] cpuhp_invoke_callback+0x1e6/0x1a80 [ 30.383257] _cpu_up+0x219/0x500 [ 30.387126] do_cpu_up+0x9a/0x160 [ 30.391079] smp_init+0x197/0x1ac [ 30.395048] kernel_init_freeable+0x3f4/0x614 [ 30.400060] kernel_init+0xd/0x165 [ 30.404110] ret_from_fork+0x24/0x30 [ 30.408315] [ 30.408315] -> #2 (cpu_hotplug_lock.rw_sem){++++}: [ 30.414708] cpus_read_lock+0x39/0xc0 [ 30.419018] static_key_slow_inc+0xe/0x20 [ 30.423672] tracepoint_add_func+0x517/0x750 [ 30.428587] tracepoint_probe_register+0x8c/0xc0 [ 30.433848] trace_event_reg+0x272/0x330 [ 30.438403] perf_trace_init+0x424/0xa30 [ 30.442958] perf_tp_event_init+0x79/0xf0 [ 30.447604] perf_try_init_event+0x15b/0x1f0 [ 30.452517] perf_event_alloc.part.0+0xe2d/0x2640 [ 30.457869] SyS_perf_event_open+0x67f/0x24b0 [ 30.462863] do_syscall_64+0x1d5/0x640 [ 30.467267] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 30.472953] [ 30.472953] -> #1 (tracepoints_mutex){+.+.}: [ 30.478843] __mutex_lock+0xc4/0x1310 [ 30.483152] tracepoint_probe_register+0x68/0xc0 [ 30.488423] trace_event_reg+0x272/0x330 [ 30.493088] perf_trace_init+0x424/0xa30 [ 30.497673] perf_tp_event_init+0x79/0xf0 [ 30.502318] perf_try_init_event+0x15b/0x1f0 [ 30.507223] perf_event_alloc.part.0+0xe2d/0x2640 [ 30.512571] SyS_perf_event_open+0x67f/0x24b0 [ 30.517579] do_syscall_64+0x1d5/0x640 [ 30.521977] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 30.527675] [ 30.527675] -> #0 (event_mutex){+.+.}: [ 30.533023] lock_acquire+0x170/0x3f0 [ 30.537322] __mutex_lock+0xc4/0x1310 [ 30.541632] ftrace_profile_set_filter+0x64/0x1be [ 30.547162] _perf_ioctl+0x13b2/0x1a40 [ 30.551634] perf_ioctl+0x55/0x80 [ 30.555592] do_vfs_ioctl+0x75a/0xff0 [ 30.559896] SyS_ioctl+0x7f/0xb0 [ 30.563758] do_syscall_64+0x1d5/0x640 [ 30.568156] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 30.573846] [ 30.573846] other info that might help us debug this: [ 30.573846] [ 30.581961] Chain exists of: [ 30.581961] event_mutex --> pmus_lock --> &cpuctx_mutex [ 30.581961] [ 30.591825] Possible unsafe locking scenario: [ 30.591825] [ 30.597949] CPU0 CPU1 [ 30.602587] ---- ---- [ 30.607224] lock(&cpuctx_mutex); [ 30.610734] lock(pmus_lock); [ 30.616427] lock(&cpuctx_mutex); [ 30.622478] lock(event_mutex); [ 30.625826] [ 30.625826] *** DEADLOCK *** [ 30.625826] [ 30.631905] 1 lock held by syz-executor835/8020: [ 30.636637] #0: (&cpuctx_mutex){+.+.}, at: [] perf_event_ctx_lock_nested+0x14d/0x2c0 [ 30.646242] [ 30.646242] stack backtrace: [ 30.650723] CPU: 1 PID: 8020 Comm: syz-executor835 Not tainted 4.14.213-syzkaller #0 [ 30.658605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.667972] Call Trace: [ 30.670544] dump_stack+0x1b2/0x283 [ 30.674151] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 30.679932] __lock_acquire+0x2e0e/0x3f20 [ 30.684087] ? trace_hardirqs_on+0x10/0x10 [ 30.688319] ? save_trace+0xd6/0x290 [ 30.692008] lock_acquire+0x170/0x3f0 [ 30.696916] ? ftrace_profile_set_filter+0x64/0x1be [ 30.701907] ? ftrace_profile_set_filter+0x64/0x1be [ 30.706900] __mutex_lock+0xc4/0x1310 [ 30.710676] ? ftrace_profile_set_filter+0x64/0x1be [ 30.715677] ? drop_futex_key_refs+0x2e/0xa0 [ 30.720060] ? futex_wait+0x3ea/0x530 [ 30.723848] ? ftrace_profile_set_filter+0x64/0x1be [ 30.728858] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 30.734297] ? __might_fault+0x104/0x1b0 [ 30.738345] ? lock_acquire+0x170/0x3f0 [ 30.742293] ? lock_downgrade+0x740/0x740 [ 30.746436] ftrace_profile_set_filter+0x64/0x1be [ 30.751254] ? ftrace_profile_free_filter+0x60/0x60 [ 30.756259] ? memdup_user+0x54/0xa0 [ 30.759973] _perf_ioctl+0x13b2/0x1a40 [ 30.763837] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 30.769272] ? perf_event_set_output+0x450/0x450 [ 30.774005] ? lock_acquire+0x170/0x3f0 [ 30.777963] ? lock_downgrade+0x740/0x740 [ 30.782099] ? perf_event_ctx_lock_nested+0x247/0x2c0 [ 30.787275] ? _perf_ioctl+0x1a40/0x1a40 [ 30.791310] perf_ioctl+0x55/0x80 [ 30.794803] do_vfs_ioctl+0x75a/0xff0 [ 30.798745] ? ioctl_preallocate+0x1a0/0x1a0 [ 30.803140] ? lock_downgrade+0x740/0x740 [ 30.807263] ? __fget+0x225/0x360 [ 30.810698] ? do_vfs_ioctl+0xff0/0xff0 [ 30.814663] ? security_file_ioctl+0x83/0xb0 [ 30.819061] SyS_ioctl+0x7f/0xb0 [ 30.822412] ? do_vfs_ioctl+0xff0/0xff0 [ 30.826361] do_syscall_64+0x1d5/0x640 [ 30.830225] ent