possible deadlock in perf_event_open

[syzbot]

Hello,

syzbot found the following issue on:

HEAD commit: 96afcb20 Linux 4.14.233
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=10b1decfd00000
kernel config: https://syzkaller.appspot.com/x/.config?x=3c01be598d99fad6
dashboard link: https://syzkaller.appspot.com/bug?extid=37763c1eb5316112abc7

Unfortunately, I don't have any reproducer for this issue yet.

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+37763c...@syzkaller.appspotmail.com

======================================================
WARNING: possible circular locking dependency detected
4.14.233-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.5/9706 is trying to acquire lock:
(&cpuctx_mutex/1){+.+.}, at: [<ffffffff81661b08>] mutex_lock_double kernel/events/core.c:9931 [inline]
(&cpuctx_mutex/1){+.+.}, at: [<ffffffff81661b08>] __perf_event_ctx_lock_double kernel/events/core.c:9990 [inline]
(&cpuctx_mutex/1){+.+.}, at: [<ffffffff81661b08>] SYSC_perf_event_open kernel/events/core.c:10252 [inline]
(&cpuctx_mutex/1){+.+.}, at: [<ffffffff81661b08>] SyS_perf_event_open+0xd28/0x24b0 kernel/events/core.c:10010

but task is already holding lock:
(&cpuctx_mutex){+.+.}, at: [<ffffffff81661afb>] mutex_lock_double kernel/events/core.c:9930 [inline]
(&cpuctx_mutex){+.+.}, at: [<ffffffff81661afb>] __perf_event_ctx_lock_double kernel/events/core.c:9990 [inline]
(&cpuctx_mutex){+.+.}, at: [<ffffffff81661afb>] SYSC_perf_event_open kernel/events/core.c:10252 [inline]
(&cpuctx_mutex){+.+.}, at: [<ffffffff81661afb>] SyS_perf_event_open+0xd1b/0x24b0 kernel/events/core.c:10010

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 (&cpuctx_mutex){+.+.}:
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893
perf_event_init_cpu+0xb7/0x170 kernel/events/core.c:11250
perf_event_init+0x2cc/0x308 kernel/events/core.c:11297
start_kernel+0x46a/0x770 init/main.c:620
secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:240

-> #1 (pmus_lock){+.+.}:
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893
swevent_hlist_get kernel/events/core.c:7923 [inline]
perf_swevent_init+0x11e/0x4b0 kernel/events/core.c:7983
perf_try_init_event+0xdf/0x1f0 kernel/events/core.c:9369
perf_init_event kernel/events/core.c:9407 [inline]
perf_event_alloc.part.0+0xe2d/0x2640 kernel/events/core.c:9667
perf_event_alloc kernel/events/core.c:10020 [inline]
SYSC_perf_event_open kernel/events/core.c:10124 [inline]
SyS_perf_event_open+0x67f/0x24b0 kernel/events/core.c:10010
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb

-> #0 (&cpuctx_mutex/1){+.+.}:
lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893
mutex_lock_double kernel/events/core.c:9931 [inline]
__perf_event_ctx_lock_double kernel/events/core.c:9990 [inline]
SYSC_perf_event_open kernel/events/core.c:10252 [inline]
SyS_perf_event_open+0xd28/0x24b0 kernel/events/core.c:10010
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb

other info that might help us debug this:

Chain exists of:
&cpuctx_mutex/1 --> pmus_lock --> &cpuctx_mutex

Possible unsafe locking scenario:

CPU0 CPU1
---- ----
lock(&cpuctx_mutex);
lock(pmus_lock);
lock(&cpuctx_mutex);
lock(&cpuctx_mutex/1);

*** DEADLOCK ***

1 lock held by syz-executor.5/9706:
#0: (&cpuctx_mutex){+.+.}, at: [<ffffffff81661afb>] mutex_lock_double kernel/events/core.c:9930 [inline]
#0: (&cpuctx_mutex){+.+.}, at: [<ffffffff81661afb>] __perf_event_ctx_lock_double kernel/events/core.c:9990 [inline]
#0: (&cpuctx_mutex){+.+.}, at: [<ffffffff81661afb>] SYSC_perf_event_open kernel/events/core.c:10252 [inline]
#0: (&cpuctx_mutex){+.+.}, at: [<ffffffff81661afb>] SyS_perf_event_open+0xd1b/0x24b0 kernel/events/core.c:10010

stack backtrace:
CPU: 0 PID: 9706 Comm: syz-executor.5 Not tainted 4.14.233-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258
check_prev_add kernel/locking/lockdep.c:1905 [inline]
check_prevs_add kernel/locking/lockdep.c:2022 [inline]
validate_chain kernel/locking/lockdep.c:2464 [inline]
__lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491
lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893
mutex_lock_double kernel/events/core.c:9931 [inline]
__perf_event_ctx_lock_double kernel/events/core.c:9990 [inline]
SYSC_perf_event_open kernel/events/core.c:10252 [inline]
SyS_perf_event_open+0xd28/0x24b0 kernel/events/core.c:10010
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x4665d9
RSP: 002b:00007f0927c4b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 00000000200000c0
RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000003 R11: 0000000000000246 R12: 000000000056bf80
R13: 00007ffffa6a2aff R14: 00007f0927c4b300 R15: 0000000000022000
raw_sendmsg: syz-executor.4 forgot to set AF_INET. Fix it!
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
tmpfs: Bad value 'prefer=�elat_vex�:0-5:0/' for mount option 'mpol'
WARNING: can't dereference registers at 000000000000039a for ip entry_SYSCALL_64_after_hwframe+0x46/0xbb
audit: type=1800 audit(1621902547.720:2): pid=9873 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name="file0" dev="sda1" ino=13919 res=0
audit: type=1800 audit(1621902547.810:3): pid=9885 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name="file0" dev="sda1" ino=13942 res=0
audit: type=1800 audit(1621902547.900:4): pid=9913 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="file0" dev="sda1" ino=13942 res=0
audit: type=1800 audit(1621902548.120:5): pid=9967 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="file0" dev="sda1" ino=13946 res=0
audit: type=1800 audit(1621902548.930:6): pid=9991 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="file0" dev="sda1" ino=13939 res=0
audit: type=1800 audit(1621902548.940:7): pid=9990 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name="file0" dev="sda1" ino=13944 res=0
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
audit: type=1800 audit(1621902551.040:8): pid=10176 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.5" name="file0" dev="sda1" ino=13969 res=0
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'.
audit: type=1326 audit(1621902553.380:9): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=10393 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x4665d9 code=0xffff0000
FAT-fs (loop4): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
audit: type=1800 audit(1621902554.190:10): pid=10438 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name="file0" dev="loop4" ino=3 res=0
audit: type=1804 audit(1621902554.190:11): pid=10438 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir094321903/syzkaller.0zq05V/57/file0/file0" dev="loop4" ino=3 res=1
audit: type=1804 audit(1621902554.190:12): pid=10438 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir094321903/syzkaller.0zq05V/57/file0/file0" dev="loop4" ino=3 res=1
audit: type=1804 audit(1621902554.190:13): pid=10438 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir094321903/syzkaller.0zq05V/57/file0/file0" dev="loop4" ino=3 res=1
FAT-fs (loop4): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
audit: type=1804 audit(1621902554.190:14): pid=10438 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir094321903/syzkaller.0zq05V/57/file0/file0" dev="loop4" ino=3 res=1
audit: type=1804 audit(1621902554.380:15): pid=10438 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir094321903/syzkaller.0zq05V/57/file0/file0" dev="loop4" ino=3 res=1
audit: type=1804 audit(1621902554.380:16): pid=10438 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir094321903/syzkaller.0zq05V/57/file0/file0" dev="loop4" ino=3 res=1
audit: type=1804 audit(1621902554.380:17): pid=10455 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir094321903/syzkaller.0zq05V/57/file0/file0" dev="loop4" ino=3 res=1
audit: type=1804 audit(1621902554.380:18): pid=10438 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir094321903/syzkaller.0zq05V/57/file0/file0" dev="loop4" ino=3 res=1
FAT-fs (loop4): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
FAT-fs (loop4): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
FAT-fs (loop4): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
FAT-fs (loop4): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
FAT-fs (loop4): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
FAT-fs (loop4): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

[syzbot]

syzbot has found a reproducer for the following issue on:

HEAD commit: 96afcb20 Linux 4.14.233
git tree: linux-4.14.y

console output: https://syzkaller.appspot.com/x/log.txt?x=1475d18dd00000

kernel config: https://syzkaller.appspot.com/x/.config?x=3c01be598d99fad6
dashboard link: https://syzkaller.appspot.com/bug?extid=37763c1eb5316112abc7

syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15c73a87d00000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+37763c...@syzkaller.appspotmail.com

IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
batman_adv: batadv0: Interface activated: batadv_slave_1
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready

======================================================
WARNING: possible circular locking dependency detected
4.14.233-syzkaller #0 Not tainted
------------------------------------------------------

syz-executor.0/8227 is trying to acquire lock:

1 lock held by syz-executor.0/8227:

#0: (&cpuctx_mutex){+.+.}, at: [<ffffffff81661afb>] mutex_lock_double kernel/events/core.c:9930 [inline]
#0: (&cpuctx_mutex){+.+.}, at: [<ffffffff81661afb>] __perf_event_ctx_lock_double kernel/events/core.c:9990 [inline]
#0: (&cpuctx_mutex){+.+.}, at: [<ffffffff81661afb>] SYSC_perf_event_open kernel/events/core.c:10252 [inline]
#0: (&cpuctx_mutex){+.+.}, at: [<ffffffff81661afb>] SyS_perf_event_open+0xd1b/0x24b0 kernel/events/core.c:10010

stack backtrace:

CPU: 0 PID: 8227 Comm: syz-executor.0 Not tainted 4.14.233-syzkaller #0

Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258
check_prev_add kernel/locking/lockdep.c:1905 [inline]
check_prevs_add kernel/locking/lockdep.c:2022 [inline]
validate_chain kernel/locking/lockdep.c:2464 [inline]
__lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491
lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893
mutex_lock_double kernel/events/core.c:9931 [inline]
__perf_event_ctx_lock_double kernel/events/core.c:9990 [inline]
SYSC_perf_event_open kernel/events/core.c:10252 [inline]
SyS_perf_event_open+0xd28/0x24b0 kernel/events/core.c:10010
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x4665d9

RSP: 002b:00007f9de05b3

[syzbot]

syzbot has found a reproducer for the following issue on:

HEAD commit: e548869f356f Linux 4.14.291
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=174daf57080000
kernel config: https://syzkaller.appspot.com/x/.config?x=14f65e3c6215eb84
dashboard link: https://syzkaller.appspot.com/bug?extid=37763c1eb5316112abc7
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13f1803b080000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12cb868b080000

Downloadable assets:
disk image: https://storage.googleapis.com/edb4b0800592/disk-e548869f.raw.xz
vmlinux: https://storage.googleapis.com/1e0119ec09aa/vmlinux-e548869f.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+37763c...@syzkaller.appspotmail.com

======================================================
WARNING: possible circular locking dependency detected

4.14.291-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor389/7972 is trying to acquire lock:
(&cpuctx_mutex/1){+.+.}, at: [<ffffffff81663893>] mutex_lock_double kernel/events/core.c:9868 [inline]
(&cpuctx_mutex/1){+.+.}, at: [<ffffffff81663893>] __perf_event_ctx_lock_double kernel/events/core.c:10012 [inline]
(&cpuctx_mutex/1){+.+.}, at: [<ffffffff81663893>] SYSC_perf_event_open kernel/events/core.c:10277 [inline]
(&cpuctx_mutex/1){+.+.}, at: [<ffffffff81663893>] SyS_perf_event_open+0xd13/0x2530 kernel/events/core.c:10032

but task is already holding lock:

(&cpuctx_mutex){+.+.}, at: [<ffffffff81663886>] mutex_lock_double kernel/events/core.c:9867 [inline]
(&cpuctx_mutex){+.+.}, at: [<ffffffff81663886>] __perf_event_ctx_lock_double kernel/events/core.c:10012 [inline]
(&cpuctx_mutex){+.+.}, at: [<ffffffff81663886>] SYSC_perf_event_open kernel/events/core.c:10277 [inline]
(&cpuctx_mutex){+.+.}, at: [<ffffffff81663886>] SyS_perf_event_open+0xd06/0x2530 kernel/events/core.c:10032

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #5 (&cpuctx_mutex){+.+.}:

__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893

perf_event_init_cpu+0xb7/0x170 kernel/events/core.c:11286
perf_event_init+0x2cc/0x308 kernel/events/core.c:11333
start_kernel+0x45d/0x763 init/main.c:624
secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:240

-> #4 (pmus_lock){+.+.}:

__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893

perf_event_init_cpu+0x2c/0x170 kernel/events/core.c:11280
cpuhp_invoke_callback+0x1e6/0x1a80 kernel/cpu.c:186
cpuhp_up_callbacks kernel/cpu.c:574 [inline]
_cpu_up+0x21e/0x520 kernel/cpu.c:1193
do_cpu_up+0x9a/0x160 kernel/cpu.c:1229
smp_init+0x197/0x1ac kernel/smp.c:578
kernel_init_freeable+0x406/0x626 init/main.c:1074
kernel_init+0xd/0x167 init/main.c:1006
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404

-> #3 (cpu_hotplug_lock.rw_sem){++++}:
percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline]
percpu_down_read include/linux/percpu-rwsem.h:59 [inline]
cpus_read_lock+0x39/0xc0 kernel/cpu.c:297
static_key_slow_inc+0xe/0x20 kernel/jump_label.c:123
tracepoint_add_func+0x747/0xa40 kernel/tracepoint.c:269
tracepoint_probe_register_prio kernel/tracepoint.c:331 [inline]
tracepoint_probe_register+0x8c/0xc0 kernel/tracepoint.c:352
trace_event_reg+0x272/0x330 kernel/trace/trace_events.c:305
perf_trace_event_reg kernel/trace/trace_event_perf.c:122 [inline]
perf_trace_event_init kernel/trace/trace_event_perf.c:197 [inline]
perf_trace_init+0x424/0xa30 kernel/trace/trace_event_perf.c:221
perf_tp_event_init+0x79/0xf0 kernel/events/core.c:8140
perf_try_init_event+0x15b/0x1f0 kernel/events/core.c:9374
perf_init_event kernel/events/core.c:9412 [inline]
perf_event_alloc.part.0+0xe2d/0x2640 kernel/events/core.c:9672
perf_event_alloc kernel/events/core.c:10042 [inline]
SYSC_perf_event_open kernel/events/core.c:10146 [inline]
SyS_perf_event_open+0x683/0x2530 kernel/events/core.c:10032
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb

-> #2 (tracepoints_mutex){+.+.}:

__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893

tracepoint_probe_register_prio kernel/tracepoint.c:327 [inline]
tracepoint_probe_register+0x68/0xc0 kernel/tracepoint.c:352
trace_event_reg+0x272/0x330 kernel/trace/trace_events.c:305
perf_trace_event_reg kernel/trace/trace_event_perf.c:122 [inline]
perf_trace_event_init kernel/trace/trace_event_perf.c:197 [inline]
perf_trace_init+0x424/0xa30 kernel/trace/trace_event_perf.c:221
perf_tp_event_init+0x79/0xf0 kernel/events/core.c:8140
perf_try_init_event+0x15b/0x1f0 kernel/events/core.c:9374
perf_init_event kernel/events/core.c:9412 [inline]
perf_event_alloc.part.0+0xe2d/0x2640 kernel/events/core.c:9672
perf_event_alloc kernel/events/core.c:10042 [inline]
SYSC_perf_event_open kernel/events/core.c:10146 [inline]
SyS_perf_event_open+0x683/0x2530 kernel/events/core.c:10032
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb

-> #1 (event_mutex){+.+.}:

__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893

perf_trace_init+0x4f/0xa30 kernel/trace/trace_event_perf.c:216
perf_tp_event_init+0x79/0xf0 kernel/events/core.c:8140
perf_try_init_event+0xdf/0x1f0 kernel/events/core.c:9374
perf_init_event kernel/events/core.c:9412 [inline]
perf_event_alloc.part.0+0xe2d/0x2640 kernel/events/core.c:9672
perf_event_alloc kernel/events/core.c:10042 [inline]
SYSC_perf_event_open kernel/events/core.c:10146 [inline]
SyS_perf_event_open+0x683/0x2530 kernel/events/core.c:10032

do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb

-> #0 (&cpuctx_mutex/1){+.+.}:
lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893

mutex_lock_double kernel/events/core.c:9868 [inline]
__perf_event_ctx_lock_double kernel/events/core.c:10012 [inline]
SYSC_perf_event_open kernel/events/core.c:10277 [inline]
SyS_perf_event_open+0xd13/0x2530 kernel/events/core.c:10032

do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb

other info that might help us debug this:

Chain exists of:
&cpuctx_mutex/1 --> pmus_lock --> &cpuctx_mutex

Possible unsafe locking scenario:

CPU0 CPU1
---- ----
lock(&cpuctx_mutex);
lock(pmus_lock);
lock(&cpuctx_mutex);
lock(&cpuctx_mutex/1);

*** DEADLOCK ***

1 lock held by syz-executor389/7972:
#0: (&cpuctx_mutex){+.+.}, at: [<ffffffff81663886>] mutex_lock_double kernel/events/core.c:9867 [inline]
#0: (&cpuctx_mutex){+.+.}, at: [<ffffffff81663886>] __perf_event_ctx_lock_double kernel/events/core.c:10012 [inline]
#0: (&cpuctx_mutex){+.+.}, at: [<ffffffff81663886>] SYSC_perf_event_open kernel/events/core.c:10277 [inline]
#0: (&cpuctx_mutex){+.+.}, at: [<ffffffff81663886>] SyS_perf_event_open+0xd06/0x2530 kernel/events/core.c:10032

stack backtrace:
CPU: 0 PID: 7972 Comm: syz-executor389 Not tainted 4.14.291-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022

Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258
check_prev_add kernel/locking/lockdep.c:1905 [inline]
check_prevs_add kernel/locking/lockdep.c:2022 [inline]
validate_chain kernel/locking/lockdep.c:2464 [inline]
__lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491
lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893

mutex_lock_double kernel/events/core.c:9868 [inline]
__perf_event_ctx_lock_double kernel/events/core.c:10012 [inline]
SYSC_perf_event_open kernel/events/core.c:10277 [inline]
SyS_perf_event_open+0xd13/0x2530 kernel/events/core.c:10032
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hw