[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   36.099985] random: sshd: uninitialized urandom read (32 bytes read)
[   36.369788] kauditd_printk_skb: 10 callbacks suppressed
[   36.369796] audit: type=1400 audit(1565492949.311:35): avc:  denied  { map } for  pid=6969 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   36.412118] random: sshd: uninitialized urandom read (32 bytes read)
[   36.938200] random: sshd: uninitialized urandom read (32 bytes read)
[   37.128734] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.202' (ECDSA) to the list of known hosts.
[   42.661327] random: sshd: uninitialized urandom read (32 bytes read)
[   42.784935] audit: type=1400 audit(1565492955.731:36): avc:  denied  { map } for  pid=6981 comm="syz-executor667" path="/root/syz-executor667127366" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   43.051029] IPVS: ftp: loaded support on port[0] = 21
executing program
*** stack smashing detected ***: ./syz-executor667127366 terminated
[   44.011234] 
[   44.012954] ======================================================
[   44.019733] WARNING: possible circular locking dependency detected
[   44.026284] 4.14.138 #34 Not tainted
[   44.030134] ------------------------------------------------------
[   44.036703] syz-executor667/6983 is trying to acquire lock:
[   44.042534]  (event_mutex){+.+.}, at: [<ffffffff8162bf38>] perf_trace_destroy+0x28/0x100
[   44.051060] 
[   44.051060] but task is already holding lock:
[   44.057121]  (&event->child_mutex){+.+.}, at: [<ffffffff816d3f27>] perf_event_release_kernel+0x207/0x880
[   44.066869] 
[   44.066869] which lock already depends on the new lock.
[   44.066869] 
[   44.075514] 
[   44.075514] the existing dependency chain (in reverse order) is:
[   44.083119] 
[   44.083119] -> #5 (&event->child_mutex){+.+.}:
[   44.089211]        lock_acquire+0x16f/0x430
[   44.093523]        __mutex_lock+0xe8/0x1470
[   44.097955]        mutex_lock_nested+0x16/0x20
[   44.102521]        perf_event_read_value+0x7a/0x410
[   44.107659]        perf_read+0x40c/0x820
[   44.111707]        __vfs_read+0x105/0x6a0
[   44.116075]        vfs_read+0x137/0x350
[   44.120044]        SyS_read+0xfd/0x230
[   44.123924]        do_syscall_64+0x1e8/0x640
[   44.128503]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   44.134315] 
[   44.134315] -> #4 (&cpuctx_mutex){+.+.}:
[   44.139843]        lock_acquire+0x16f/0x430
[   44.144184]        __mutex_lock+0xe8/0x1470
[   44.148814]        mutex_lock_nested+0x16/0x20
[   44.153625]        perf_event_init_cpu+0xc2/0x170
[   44.158596]        perf_event_init+0x2d8/0x31a
[   44.163202]        start_kernel+0x3b6/0x6fd
[   44.167509]        x86_64_start_reservations+0x29/0x2b
[   44.172857]        x86_64_start_kernel+0x77/0x7b
[   44.177599]        secondary_startup_64+0xa5/0xb0
[   44.182422] 
[   44.182422] -> #3 (pmus_lock){+.+.}:
[   44.187606]        lock_acquire+0x16f/0x430
[   44.191925]        __mutex_lock+0xe8/0x1470
[   44.196324]        mutex_lock_nested+0x16/0x20
[   44.200967]        perf_event_init_cpu+0x2f/0x170
[   44.205903]        cpuhp_invoke_callback+0x1ea/0x1ab0
[   44.211163]        _cpu_up+0x228/0x530
[   44.215147]        do_cpu_up+0x121/0x150
[   44.219246]        cpu_up+0x1b/0x20
[   44.222913]        smp_init+0x157/0x170
[   44.226906]        kernel_init_freeable+0x30b/0x532
[   44.231907]        kernel_init+0x12/0x162
[   44.236121]        ret_from_fork+0x24/0x30
[   44.240336] 
[   44.240336] -> #2 (cpu_hotplug_lock.rw_sem){++++}:
[   44.246771]        lock_acquire+0x16f/0x430
[   44.251170]        cpus_read_lock+0x3d/0xc0
[   44.255472]        static_key_slow_inc+0x13/0x30
[   44.260462]        tracepoint_probe_register_prio+0x4d6/0x6d0
[   44.266345]        tracepoint_probe_register+0x2b/0x40
[   44.271602]        trace_event_reg+0x277/0x330
[   44.276165]        perf_trace_init+0x449/0xaa0
[   44.280745]        perf_tp_event_init+0x7d/0xf0
[   44.285419]        perf_try_init_event+0x164/0x200
[   44.290500]        perf_event_alloc.part.0+0xd90/0x25b0
[   44.296024]        SYSC_perf_event_open+0xad1/0x2610
[   44.301108]        SyS_perf_event_open+0x34/0x40
[   44.306051]        do_syscall_64+0x1e8/0x640
[   44.310445]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   44.316134] 
[   44.316134] -> #1 (tracepoints_mutex){+.+.}:
[   44.322023]        lock_acquire+0x16f/0x430
[   44.326330]        __mutex_lock+0xe8/0x1470
[   44.330636]        mutex_lock_nested+0x16/0x20
[   44.335238]        tracepoint_probe_register_prio+0x36/0x6d0
[   44.341017]        tracepoint_probe_register+0x2b/0x40
[   44.346272]        trace_event_reg+0x277/0x330
[   44.350919]        perf_trace_init+0x449/0xaa0
[   44.355486]        perf_tp_event_init+0x7d/0xf0
[   44.360135]        perf_try_init_event+0x164/0x200
[   44.365044]        perf_event_alloc.part.0+0xd90/0x25b0
[   44.370428]        SYSC_perf_event_open+0xad1/0x2610
[   44.375513]        SyS_perf_event_open+0x34/0x40
[   44.380251]        do_syscall_64+0x1e8/0x640
[   44.384640]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   44.390364] 
[   44.390364] -> #0 (event_mutex){+.+.}:
[   44.395750]        __lock_acquire+0x2cb3/0x4620
[   44.400437]        lock_acquire+0x16f/0x430
[   44.404747]        __mutex_lock+0xe8/0x1470
[   44.409055]        mutex_lock_nested+0x16/0x20
[   44.413620]        perf_trace_destroy+0x28/0x100
[   44.418387]        tp_perf_event_destroy+0x16/0x20
[   44.423298]        _free_event+0x330/0xe70
[   44.427509]        free_event+0x38/0x50
[   44.431472]        perf_event_release_kernel+0x364/0x880
[   44.436899]        perf_release+0x37/0x50
[   44.441028]        __fput+0x275/0x7a0
[   44.444846]        ____fput+0x16/0x20
[   44.448629]        task_work_run+0x114/0x190
[   44.453025]        do_exit+0x7df/0x2c10
[   44.456976]        do_group_exit+0x111/0x330
[   44.461359]        get_signal+0x381/0x1cd0
[   44.465570]        do_signal+0x86/0x19a0
[   44.469625]        exit_to_usermode_loop+0x15c/0x220
[   44.474729]        do_syscall_64+0x4bc/0x640
[   44.479111]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   44.484795] 
[   44.484795] other info that might help us debug this:
[   44.484795] 
[   44.492930] Chain exists of:
[   44.492930]   event_mutex --> &cpuctx_mutex --> &event->child_mutex
[   44.492930] 
[   44.503654]  Possible unsafe locking scenario:
[   44.503654] 
[   44.509697]        CPU0                    CPU1
[   44.514333]        ----                    ----
[   44.518993]   lock(&event->child_mutex);
[   44.523024]                                lock(&cpuctx_mutex);
[   44.529063]                                lock(&event->child_mutex);
[   44.535624]   lock(event_mutex);
[   44.538961] 
[   44.538961]  *** DEADLOCK ***
[   44.538961] 
[   44.544990] 2 locks held by syz-executor667/6983:
[   44.549811]  #0:  (&ctx->mutex){+.+.}, at: [<ffffffff816d3f1d>] perf_event_release_kernel+0x1fd/0x880
[   44.559163]  #1:  (&event->child_mutex){+.+.}, at: [<ffffffff816d3f27>] perf_event_release_kernel+0x207/0x880
[   44.569192] 
[   44.569192] stack backtrace:
[   44.573679] CPU: 1 PID: 6983 Comm: syz-executor667 Not tainted 4.14.138 #34
[   44.580761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   44.590090] Call Trace:
[   44.592663]  dump_stack+0x138/0x19c
[   44.596353]  print_circular_bug.isra.0.cold+0x1cc/0x28f
[   44.601691]  __lock_acquire+0x2cb3/0x4620
[   44.605813]  ? event_function+0x28b/0x380
[   44.609942]  ? trace_hardirqs_on+0x10/0x10
[   44.614154]  lock_acquire+0x16f/0x430
[   44.617929]  ? perf_trace_destroy+0x28/0x100
[   44.622309]  ? perf_trace_destroy+0x28/0x100
[   44.626688]  __mutex_lock+0xe8/0x1470
[   44.630482]  ? perf_trace_destroy+0x28/0x100
[   44.634861]  ? perf_trace_destroy+0x28/0x100
[   44.639242]  ? alloc_perf_context+0xf0/0xf0
[   44.643547]  ? mutex_trylock+0x1c0/0x1c0
[   44.647591]  ? save_trace+0x290/0x290
[   44.651366]  ? __mutex_lock+0x36a/0x1470
[   44.655398]  ? perf_event_release_kernel+0x1f3/0x880
[   44.660474]  ? __lock_is_held+0xb6/0x140
[   44.664511]  ? check_preemption_disabled+0x3c/0x250
[   44.669498]  mutex_lock_nested+0x16/0x20
[   44.673559]  ? mutex_lock_nested+0x16/0x20
[   44.677857]  perf_trace_destroy+0x28/0x100
[   44.682079]  tp_perf_event_destroy+0x16/0x20
[   44.686459]  ? perf_tp_event_init+0xf0/0xf0
[   44.690816]  _free_event+0x330/0xe70
[   44.694503]  free_event+0x38/0x50
[   44.697930]  perf_event_release_kernel+0x364/0x880
[   44.702843]  ? perf_event_release_kernel+0x880/0x880
[   44.707918]  perf_release+0x37/0x50
[   44.711519]  __fput+0x275/0x7a0
[   44.714771]  ____fput+0x16/0x20
[   44.718026]  task_work_run+0x114/0x190
[   44.721886]  do_exit+0x7df/0x2c10
[   44.725315]  ? fsnotify+0x92f/0x11e0
[   44.729004]  ? mm_update_next_owner+0x5d0/0x5d0
[   44.733648]  do_group_exit+0x111/0x330
[   44.737512]  get_signal+0x381/0x1cd0
[   44.741200]  ? vfs_writev+0x1d7/0x2a0
[   44.744976]  ? kfree+0x20a/0x270
[   44.748318]  do_signal+0x86/0x19a0
[   44.751833]  ? setup_sigcontext+0x7d0/0x7d0
[   44.756144]  ? __fget_light+0x172/0x1f0
[   44.760093]  ? fput+0xd4/0x150
[   44.763259]  ? do_writev+0x1af/0x2d0
[   44.766948]  ? exit_to_usermode_loop+0x3d/0x220
[   44.771589]  exit_to_usermode_loop+0x15c/0x220
[   44.776145]  do_syscall_64+0x4bc/0x640
[   44.780005]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   44.784827]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   44.789987] RIP: 0033:0x41248e
[   44.793173] RSP: 002b:00007ffd26b1aba0 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   44.800867] RAX: 0000000000000044 RBX: 0000000000000044 RCX: 000000000041248e
[   44.808114] RDX: 0000000000000005 RSI: 00007ffd26b1aba0 RDI: 000000000000