[�[0;32m OK �[0m] Reached target Graphical Interface.
Starting Update UTMP about System Runlevel Changes...
Starting Load/Save RF Kill Switch Status...
[�[0;32m OK �[0m] Started Update UTMP about System Runlevel Changes.
[�[0;32m OK �[0m] Started Load/Save RF Kill Switch Status.
Debian GNU/Linux 9 syzkaller ttyS0
Warning: Permanently added '10.128.1.103' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 27.999004]
[ 28.000776] ======================================================
[ 28.007083] WARNING: possible circular locking dependency detected
[ 28.013392] 4.14.292-syzkaller #0 Not tainted
[ 28.017860] ------------------------------------------------------
[ 28.024154] syz-executor372/7981 is trying to acquire lock:
[ 28.029847] (event_mutex){+.+.}, at: [<ffffffff815b1463>] perf_trace_destroy+0x23/0xf0
[ 28.037971]
[ 28.037971] but task is already holding lock:
[ 28.043918] (&event->child_mutex){+.+.}, at: [<ffffffff81659078>] perf_event_release_kernel+0x208/0x8a0
[ 28.053516]
[ 28.053516] which lock already depends on the new lock.
[ 28.053516]
[ 28.061809]
[ 28.061809] the existing dependency chain (in reverse order) is:
[ 28.069401]
[ 28.069401] -> #5 (&event->child_mutex){+.+.}:
[ 28.075443] __mutex_lock+0xc4/0x1310
[ 28.079739] perf_event_for_each_child+0x82/0x140
[ 28.085095] _perf_ioctl+0x471/0x1a60
[ 28.089407] perf_ioctl+0x55/0x80
[ 28.093355] do_vfs_ioctl+0x75a/0xff0
[ 28.097693] SyS_ioctl+0x7f/0xb0
[ 28.101559] do_syscall_64+0x1d5/0x640
[ 28.105951] entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 28.111635]
[ 28.111635] -> #4 (&cpuctx_mutex){+.+.}:
[ 28.117314] __mutex_lock+0xc4/0x1310
[ 28.121621] perf_event_init_cpu+0xb7/0x170
[ 28.126531] perf_event_init+0x2cc/0x308
[ 28.131086] start_kernel+0x45d/0x763
[ 28.135496] secondary_startup_64+0xa5/0xb0
[ 28.140325]
[ 28.140325] -> #3 (pmus_lock){+.+.}:
[ 28.145515] __mutex_lock+0xc4/0x1310
[ 28.149817] perf_event_init_cpu+0x2c/0x170
[ 28.154652] cpuhp_invoke_callback+0x1e6/0x1a80
[ 28.159818] _cpu_up+0x21e/0x520
[ 28.163681] do_cpu_up+0x9a/0x160
[ 28.167630] smp_init+0x197/0x1ac
[ 28.171592] kernel_init_freeable+0x406/0x626
[ 28.176593] kernel_init+0xd/0x161
[ 28.180644] ret_from_fork+0x24/0x30
[ 28.184852]
[ 28.184852] -> #2 (cpu_hotplug_lock.rw_sem){++++}:
[ 28.191245] cpus_read_lock+0x39/0xc0
[ 28.195540] static_key_slow_inc+0xe/0x20
[ 28.200297] tracepoint_add_func+0x747/0xa40
[ 28.205199] tracepoint_probe_register+0x8c/0xc0
[ 28.210458] trace_event_reg+0x272/0x330
[ 28.215014] perf_trace_init+0x424/0xa30
[ 28.219570] perf_tp_event_init+0x79/0xf0
[ 28.224229] perf_try_init_event+0x15b/0x1f0
[ 28.229149] perf_event_alloc.part.0+0xe2d/0x2640
[ 28.234488] SyS_perf_event_open+0x683/0x2530
[ 28.239497] do_syscall_64+0x1d5/0x640
[ 28.243883] entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 28.249576]
[ 28.249576] -> #1 (tracepoints_mutex){+.+.}:
[ 28.255459] __mutex_lock+0xc4/0x1310
[ 28.259765] tracepoint_probe_register+0x68/0xc0
[ 28.265092] trace_event_reg+0x272/0x330
[ 28.269653] perf_trace_init+0x424/0xa30
[ 28.274229] perf_tp_event_init+0x79/0xf0
[ 28.278887] perf_try_init_event+0x15b/0x1f0
[ 28.283796] perf_event_alloc.part.0+0xe2d/0x2640
[ 28.289146] SyS_perf_event_open+0x683/0x2530
[ 28.294151] do_syscall_64+0x1d5/0x640
[ 28.298544] entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 28.304239]
[ 28.304239] -> #0 (event_mutex){+.+.}:
[ 28.309792] lock_acquire+0x170/0x3f0
[ 28.314107] __mutex_lock+0xc4/0x1310
[ 28.318402] perf_trace_destroy+0x23/0xf0
[ 28.323043] _free_event+0x321/0xe20
[ 28.327256] free_event+0x32/0x40
[ 28.331205] perf_event_release_kernel+0x368/0x8a0
[ 28.336630] perf_release+0x33/0x40
[ 28.340803] __fput+0x25f/0x7a0
[ 28.344599] task_work_run+0x11f/0x190
[ 28.349011] do_exit+0xa44/0x2850
[ 28.353054] SyS_exit+0x1e/0x20
[ 28.356840] do_syscall_64+0x1d5/0x640
[ 28.361252] entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 28.366938]
[ 28.366938] other info that might help us debug this:
[ 28.366938]
[ 28.375071] Chain exists of:
[ 28.375071] event_mutex --> &cpuctx_mutex --> &event->child_mutex
[ 28.375071]
[ 28.385804] Possible unsafe locking scenario:
[ 28.385804]
[ 28.391839] CPU0 CPU1
[ 28.396485] ---- ----
[ 28.401124] lock(&event->child_mutex);
[ 28.405159] lock(&cpuctx_mutex);
[ 28.411200] lock(&event->child_mutex);
[ 28.417751] lock(event_mutex);
[ 28.421093]
[ 28.421093] *** DEADLOCK ***
[ 28.421093]
[ 28.427143] 2 locks held by syz-executor372/7981:
[ 28.431956] #0: (&ctx->mutex){+.+.}, at: [<ffffffff8165906e>] perf_event_release_kernel+0x1fe/0x8a0
[ 28.441309] #1: (&event->child_mutex){+.+.}, at: [<ffffffff81659078>] perf_event_release_kernel+0x208/0x8a0
[ 28.451370]
[ 28.451370] stack backtrace:
[ 28.455853] CPU: 1 PID: 7981 Comm: syz-executor372 Not tainted 4.14.292-syzkaller #0
[ 28.463765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
[ 28.473105] Call Trace:
[ 28.475677] dump_stack+0x1b2/0x281
[ 28.479282] print_circular_bug.constprop.0.cold+0x2d7/0x41e
[ 28.485060] __lock_acquire+0x2e0e/0x3f20
[ 28.489187] ? trace_hardirqs_on+0x10/0x10
[ 28.493398] ? perf_group_detach+0x7f0/0x7f0
[ 28.497779] ? generic_exec_single+0x27e/0x420
[ 28.502347] ? smp_call_function_single+0x1b1/0x370
[ 28.507357] lock_acquire+0x170/0x3f0
[ 28.511152] ? perf_trace_destroy+0x23/0xf0
[ 28.515463] ? perf_trace_destroy+0x23/0xf0
[ 28.519777] __mutex_lock+0xc4/0x1310
[ 28.523572] ? perf_trace_destroy+0x23/0xf0
[ 28.528008] ? task_function_call+0xed/0x130
[ 28.532397] ? pmu_dev_release+0x20/0x20
[ 28.536435] ? perf_trace_destroy+0x23/0xf0
[ 28.540759] ? __ww_mutex_wakeup_for_backoff+0x210/0x210
[ 28.546198] ? event_function_call+0x1fa/0x3c0
[ 28.550797] ? event_sched_out+0x11b0/0x11b0
[ 28.555199] ? rcu_lockdep_current_cpu_online+0xed/0x140
[ 28.560643] ? perf_tp_event_init+0xf0/0xf0
[ 28.564941] perf_trace_destroy+0x23/0xf0
[ 28.569093] ? perf_tp_event_init+0xf0/0xf0
[ 28.573575] _free_event+0x321/0xe20
[ 28.577292] free_event+0x32/0x40
[ 28.580723] perf_event_release_kernel+0x368/0x8a0
[ 28.585629] ? perf_event_release_kernel+0x8a0/0x8a0
[ 28.590705] perf_release+0x33/0x40
[ 28.594308] __fput+0x25f/0x7a0
[ 28.597581] task_work_run+0x11f/0x190
[ 28.601442] do_exit+0xa44/0x2850
[ 28.604894] ? get_timespec64+0xb1/0xf0
[ 28.608852] ? timespec_trunc+0x120/0x120
[ 28.612997] ? mm_update_next_owner+0x5b0/0x5b0
[ 28.617644] ? SyS_clock_nanosleep+0x210/0x2d0
[ 28.622201] ? compat_SyS_clock_getres+0x180/0x180
[ 28.627121] ? __do_page_fault+0x159/0xad0
[ 28.631355] SyS_exit+0x1e/0x20
[ 28.634617] ? complete_and_exit+0x40/0x40
[ 28.638827] do_syscall_64+0x1d5/0x640
[ 28.642694] entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 28.647865] RIP: 0033:0x7f73970792a9
[ 2