[   33.145265] audit: type=1800 audit(1561015255.998:33): pid=6870 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0
[   33.172157] audit: type=1800 audit(1561015255.998:34): pid=6870 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   57.614342] random: sshd: uninitialized urandom read (32 bytes read)
[   58.070320] audit: type=1400 audit(1561015280.928:35): avc:  denied  { map } for  pid=7041 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   58.142656] random: sshd: uninitialized urandom read (32 bytes read)
[   58.741306] random: sshd: uninitialized urandom read (32 bytes read)
[   58.948043] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.94' (ECDSA) to the list of known hosts.
[   64.591662] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   64.712578] audit: type=1400 audit(1561015287.568:36): avc:  denied  { map } for  pid=7054 comm="syz-executor517" path="/root/syz-executor517384248" dev="sda1" ino=16461 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   64.780904] 
[   64.782540] ======================================================
[   64.788940] WARNING: possible circular locking dependency detected
[   64.795234] 4.14.128 #22 Not tainted
[   64.798918] ------------------------------------------------------
[   64.805215] syz-executor517/7054 is trying to acquire lock:
[   64.810905]  (pmus_lock){+.+.}, at: [<ffffffff816b6e6e>] perf_swevent_init+0x12e/0x490
[   64.818960] 
[   64.818960] but task is already holding lock:
[   64.824910]  (&cpuctx_mutex/1){+.+.}, at: [<ffffffff816bb930>] perf_event_ctx_lock_nested+0x150/0x2c0
[   64.834350] 
[   64.834350] which lock already depends on the new lock.
[   64.834350] 
[   64.842645] 
[   64.842645] the existing dependency chain (in reverse order) is:
[   64.850499] 
[   64.850499] -> #2 (&cpuctx_mutex/1){+.+.}:
[   64.856199]        lock_acquire+0x16f/0x430
[   64.860573]        __mutex_lock+0xe8/0x1470
[   64.864890]        mutex_lock_nested+0x16/0x20
[   64.869517]        SYSC_perf_event_open+0x121f/0x24b0
[   64.874689]        SyS_perf_event_open+0x34/0x40
[   64.879427]        do_syscall_64+0x1e8/0x640
[   64.883817]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   64.889614] 
[   64.889614] -> #1 (&cpuctx_mutex){+.+.}:
[   64.895136]        lock_acquire+0x16f/0x430
[   64.899500]        __mutex_lock+0xe8/0x1470
[   64.903808]        mutex_lock_nested+0x16/0x20
[   64.908372]        perf_event_init_cpu+0xc2/0x170
[   64.913204]        perf_event_init+0x2d8/0x31a
[   64.917769]        start_kernel+0x3b6/0x6fd
[   64.922072]        x86_64_start_reservations+0x29/0x2b
[   64.927332]        x86_64_start_kernel+0x77/0x7b
[   64.932074]        secondary_startup_64+0xa5/0xb0
[   64.936894] 
[   64.936894] -> #0 (pmus_lock){+.+.}:
[   64.942077]        __lock_acquire+0x2c89/0x45e0
[   64.946725]        lock_acquire+0x16f/0x430
[   64.951328]        __mutex_lock+0xe8/0x1470
[   64.955633]        mutex_lock_nested+0x16/0x20
[   64.960199]        perf_swevent_init+0x12e/0x490
[   64.965045]        perf_try_init_event+0xe6/0x200
[   64.969863]        perf_event_alloc.part.0+0xd48/0x2530
[   64.975206]        SYSC_perf_event_open+0xa2d/0x24b0
[   64.980287]        SyS_perf_event_open+0x34/0x40
[   64.985025]        do_syscall_64+0x1e8/0x640
[   64.989410]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   64.995096] 
[   64.995096] other info that might help us debug this:
[   64.995096] 
[   65.003218] Chain exists of:
[   65.003218]   pmus_lock --> &cpuctx_mutex --> &cpuctx_mutex/1
[   65.003218] 
[   65.013435]  Possible unsafe locking scenario:
[   65.013435] 
[   65.019472]        CPU0                    CPU1
[   65.024114]        ----                    ----
[   65.028756]   lock(&cpuctx_mutex/1);
[   65.032549]                                lock(&cpuctx_mutex);
[   65.038653]                                lock(&cpuctx_mutex/1);
[   65.044871]   lock(pmus_lock);
[   65.048139] 
[   65.048139]  *** DEADLOCK ***
[   65.048139] 
[   65.054240] 2 locks held by syz-executor517/7054:
[   65.059099]  #0:  (&pmus_srcu){....}, at: [<ffffffff816c0708>] perf_event_alloc.part.0+0xba8/0x2530
[   65.068281]  #1:  (&cpuctx_mutex/1){+.+.}, at: [<ffffffff816bb930>] perf_event_ctx_lock_nested+0x150/0x2c0
[   65.078068] 
[   65.078068] stack backtrace:
[   65.082548] CPU: 1 PID: 7054 Comm: syz-executor517 Not tainted 4.14.128 #22
[   65.089726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   65.099058] Call Trace:
[   65.101638]  dump_stack+0x138/0x19c
[   65.105247]  print_circular_bug.isra.0.cold+0x1cc/0x28f
[   65.110596]  __lock_acquire+0x2c89/0x45e0
[   65.114722]  ? __lock_acquire+0x5f9/0x45e0
[   65.118934]  ? trace_hardirqs_on+0x10/0x10
[   65.123151]  ? depot_save_stack+0x11c/0x410
[   65.127559]  lock_acquire+0x16f/0x430
[   65.131390]  ? perf_swevent_init+0x12e/0x490
[   65.135780]  ? perf_swevent_init+0x12e/0x490
[   65.140170]  __mutex_lock+0xe8/0x1470
[   65.143966]  ? perf_swevent_init+0x12e/0x490
[   65.148389]  ? __mutex_lock+0x36a/0x1470
[   65.152437]  ? trace_hardirqs_on+0x10/0x10
[   65.156647]  ? perf_try_init_event+0xf2/0x200
[   65.161123]  ? perf_swevent_init+0x12e/0x490
[   65.165510]  ? perf_event_ctx_lock_nested+0x150/0x2c0
[   65.170679]  ? perf_try_init_event+0xf2/0x200
[   65.175158]  ? mutex_trylock+0x1c0/0x1c0
[   65.179283]  ? mutex_trylock+0x1c0/0x1c0
[   65.183332]  ? find_held_lock+0x35/0x130
[   65.187375]  ? perf_event_ctx_lock_nested+0x119/0x2c0
[   65.192551]  mutex_lock_nested+0x16/0x20
[   65.196595]  ? mutex_lock_nested+0x16/0x20
[   65.200816]  perf_swevent_init+0x12e/0x490
[   65.205076]  ? perf_event_ctx_lock_nested+0x248/0x2c0
[   65.210247]  perf_try_init_event+0xe6/0x200
[   65.214546]  perf_event_alloc.part.0+0xd48/0x2530
[   65.219364]  SYSC_perf_event_open+0xa2d/0x24b0
[   65.223925]  ? perf_event_set_output+0x460/0x460
[   65.228666]  ? lock_downgrade+0x6e0/0x6e0
[   65.232797]  SyS_perf_event_open+0x34/0x40
[   65.237010]  ? perf_bp_event+0x170/0x170
[   65.241055]  do_syscall_64+0x1e8/0x640
[   65.244919]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   65.249746]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   65.254924] RIP: 0033:0x440569
[   65.258091] RSP: 002b:00007ffdd5d14498 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[   65.265777] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440569
[   65.273030] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000020000040
[   65.280287] RBP: 00000000006ca018