[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   24.375225] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   25.367248] random: sshd: uninitialized urandom read (32 bytes read)

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   25.657227] random: sshd: uninitialized urandom read (32 bytes read)
[   26.170927] random: sshd: uninitialized urandom read (32 bytes read)
[   26.360439] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.0' (ECDSA) to the list of known hosts.
[   32.070948] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   32.174120] 
[   32.175764] ======================================================
[   32.182076] WARNING: possible circular locking dependency detected
[   32.188393] 4.19.0-rc1+ #217 Not tainted
[   32.192434] ------------------------------------------------------
[   32.198761] syz-executor275/4672 is trying to acquire lock:
[   32.204455] 0000000073b4270e (&rp->fetch_lock){+.+.}, at: mon_bin_vma_fault+0xdc/0x4a0
[   32.212540] 
[   32.212540] but task is already holding lock:
[   32.218493] 00000000985d1e8a (&mm->mmap_sem){++++}, at: __mm_populate+0x31a/0x4d0
[   32.226109] 
[   32.226109] which lock already depends on the new lock.
[   32.226109] 
[   32.234404] 
[   32.234404] the existing dependency chain (in reverse order) is:
[   32.242002] 
[   32.242002] -> #1 (&mm->mmap_sem){++++}:
[   32.247539]        __might_fault+0x155/0x1e0
[   32.251933]        _copy_to_user+0x30/0x110
[   32.256238]        mon_bin_read+0x334/0x650
[   32.260544]        __vfs_read+0x117/0x9b0
[   32.264676]        vfs_read+0x17f/0x3c0
[   32.268632]        ksys_pread64+0x181/0x1b0
[   32.272939]        __x64_sys_pread64+0x97/0xf0
[   32.277507]        do_syscall_64+0x1b9/0x820
[   32.281898]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   32.287583] 
[   32.287583] -> #0 (&rp->fetch_lock){+.+.}:
[   32.293290]        lock_acquire+0x1e4/0x4f0
[   32.297598]        __mutex_lock+0x171/0x1700
[   32.301987]        mutex_lock_nested+0x16/0x20
[   32.306555]        mon_bin_vma_fault+0xdc/0x4a0
[   32.311203]        __do_fault+0xee/0x450
[   32.315262]        __handle_mm_fault+0x2b4a/0x4350
[   32.320173]        handle_mm_fault+0x53e/0xc80
[   32.324738]        __get_user_pages+0x823/0x1b50
[   32.329494]        populate_vma_page_range+0x2db/0x3d0
[   32.334755]        __mm_populate+0x286/0x4d0
[   32.339148]        vm_mmap_pgoff+0x27f/0x2c0
[   32.343538]        ksys_mmap_pgoff+0x4da/0x660
[   32.348104]        __x64_sys_mmap+0xe9/0x1b0
[   32.352504]        do_syscall_64+0x1b9/0x820
[   32.356910]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   32.362594] 
[   32.362594] other info that might help us debug this:
[   32.362594] 
[   32.370714]  Possible unsafe locking scenario:
[   32.370714] 
[   32.376759]        CPU0                    CPU1
[   32.381410]        ----                    ----
[   32.386053]   lock(&mm->mmap_sem);
[   32.389576]                                lock(&rp->fetch_lock);
[   32.395808]                                lock(&mm->mmap_sem);
[   32.401843]   lock(&rp->fetch_lock);
[   32.405535] 
[   32.405535]  *** DEADLOCK ***
[   32.405535] 
[   32.411577] 1 lock held by syz-executor275/4672:
[   32.416568]  #0: 00000000985d1e8a (&mm->mmap_sem){++++}, at: __mm_populate+0x31a/0x4d0
[   32.424619] 
[   32.424619] stack backtrace:
[   32.429102] CPU: 1 PID: 4672 Comm: syz-executor275 Not tainted 4.19.0-rc1+ #217
[   32.436533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   32.445866] Call Trace:
[   32.448444]  dump_stack+0x1c9/0x2b4
[   32.452072]  ? dump_stack_print_info.cold.2+0x52/0x52
[   32.457259]  ? vprintk_func+0x81/0x117
[   32.461131]  print_circular_bug.isra.34.cold.55+0x1bd/0x27d
[   32.466824]  ? save_trace+0xe0/0x290
[   32.470520]  __lock_acquire+0x3449/0x5020
[   32.474651]  ? __isolate_free_page+0x690/0x690
[   32.479217]  ? mark_held_locks+0x160/0x160
[   32.483451]  ? print_usage_bug+0xc0/0xc0
[   32.487493]  ? __lock_acquire+0x7fc/0x5020
[   32.491711]  ? print_usage_bug+0xc0/0xc0
[   32.495773]  ? __lock_acquire+0x7fc/0x5020
[   32.499999]  ? mark_held_locks+0x160/0x160
[   32.504221]  ? mark_held_locks+0x160/0x160
[   32.508451]  ? graph_lock+0x170/0x170
[   32.512249]  ? mark_held_locks+0x160/0x160
[   32.516475]  ? print_usage_bug+0xc0/0xc0
[   32.520540]  lock_acquire+0x1e4/0x4f0
[   32.524326]  ? mon_bin_vma_fault+0xdc/0x4a0
[   32.528654]  ? lock_release+0x9f0/0x9f0
[   32.532616]  ? check_same_owner+0x340/0x340
[   32.536922]  ? rcu_note_context_switch+0x680/0x680
[   32.541836]  __mutex_lock+0x171/0x1700
[   32.545706]  ? mon_bin_vma_fault+0xdc/0x4a0
[   32.550011]  ? mon_bin_vma_fault+0xdc/0x4a0
[   32.554345]  ? mutex_trylock+0x2b0/0x2b0
[   32.558390]  ? mark_held_locks+0x160/0x160
[   32.562606]  ? lock_downgrade+0x8f0/0x8f0
[   32.566738]  ? trace_hardirqs_off+0xb8/0x2b0
[   32.571129]  ? kasan_check_read+0x11/0x20
[   32.575259]  ? print_usage_bug+0xc0/0xc0
[   32.579302]  ? trace_hardirqs_on+0x2c0/0x2c0
[   32.583693]  ? kasan_check_write+0x14/0x20
[   32.587910]  ? do_raw_spin_lock+0xc1/0x200
[   32.592128]  ? _raw_spin_unlock_irqrestore+0x63/0xc0
[   32.597215]  ? print_usage_bug+0xc0/0xc0
[   32.601257]  ? graph_lock+0x170/0x170
[   32.605045]  ? print_usage_bug+0xc0/0xc0
[   32.609087]  ? __lock_acquire+0x7fc/0x5020
[   32.613303]  ? graph_lock+0x170/0x170
[   32.617085]  ? kasan_slab_free+0xe/0x10
[   32.621047]  ? print_usage_bug+0xc0/0xc0
[   32.625110]  ? __lock_acquire+0x7fc/0x5020
[   32.629334]  mutex_lock_nested+0x16/0x20
[   32.633378]  ? mutex_lock_nested+0x16/0x20
[   32.637598]  mon_bin_vma_fault+0xdc/0x4a0
[   32.641730]  ? kasan_check_read+0x11/0x20
[   32.645861]  ? mon_alloc_buff+0x200/0x200
[   32.649994]  ? rcu_cleanup_dead_rnp+0x200/0x200
[   32.654648]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   32.659653]  ? vma_compute_subtree_gap+0x160/0x240
[   32.664565]  ? vma_gap_callbacks_rotate+0x62/0x80
[   32.669388]  __do_fault+0xee/0x450
[   32.672914]  ? vma_compute_subtree_gap+0x240/0x240
[   32.677826]  ? pmd_devmap_trans_unstable+0x1d0/0x1d0
[   32.682914]  ? __save_stack_trace+0x8d/0xf0
[   32.687221]  ? pud_val+0x88/0x100
[   32.690656]  ? pmd_val+0x100/0x100
[   32.694181]  __handle_mm_fault+0x2b4a/0x4350
[   32.698572]  ? vmf_insert_mixed_mkwrite+0xa0/0xa0
[   32.703397]  ? graph_lock+0x170/0x170
[   32.707186]  ? lock_downgrade+0x8f0/0x8f0
[   32.711313]  ? handle_mm_fault+0x8c4/0xc80
[   32.715529]  ? handle_mm_fault+0x8c4/0xc80
[   32.719746]  ? kasan_check_read+0x11/0x20
[   32.723877]  ? rcu_is_watching+0x8c/0x150
[   32.728007]  ? __get_user_pages+0x823/0x1b50
[   32.732403]  ? rcu_cleanup_dead_rnp+0x200/0x200
[   32.737058]  handle_mm_fault+0x53e/0xc80
[   32.741102]  ? __handle_mm_fault+0x4350/0x4350
[   32.745669]  ? check_same_owner+0x340/0x340
[   32.749973]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   32.754973]  __get_user_pages+0x823/0x1b50
[   32.759192]  ? follow_page_mask+0x1e30/0x1e30
[   32.763671]  ? lock_acquire+0x1e4/0x4f0
[   32.767629]  ? __mm_populate+0x31a/0x4d0
[   32.771677]  ? lock_release+0x9f0/0x9f0
[   32.775642]  ? check_same_owner+0x340/0x340
[   32.779958]  ? rcu_note_context_switch+0x680/0x680
[   32.784874]  populate_vma_page_range+0x2db/0x3d0
[   32.789615]  ? get_user_pages_unlocked+0x5d0/0x5d0
[   32.794528]  ? find_vma+0x34/0x190
[   32.798055]  __mm_populate+0x286/0x4d0
[   32.801926]  ? populate_vma_page_range+0x3d0/0x3d0
[   32.806839]  ? down_read_killable+0x200/0x200
[   32.811318]  ? security_mmap_file+0x176/0x1c0
[   32.815804]  vm_mmap_pgoff+0x27f/0x2c0
[   32.819690]  ? vma_is_stack_for_current+0xd0/0xd0
[   32.824529]  ? sockfd_lookup_light+0xc5/0x160
[   32.829012]  ksys_mmap_pgoff+0x4da/0x660
[   32.833065]  ? do_syscall_64+0x9a/0x820
[   32.837022]  ? find_mergeable_anon_vma+0xd0/0xd0
[   32.841768]  ? trace_hardirqs_on+0xbd/0x2c0
[   32.846076]  ? filp_open+0x80/0x80
[   32.849600]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   32.854944]  ? trace_hardirqs_off_caller+0x2b0/0x2b0
[   32.860041]  __x64_sys_mmap+0xe9/0x1b0
[   32.863916]  do_syscall_64+0x1b9/0x820
[   32.867784]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   32.873135]  ? syscall_return_slowpath+0x5e0/0x5e0
[   32.878054]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   32.882877]  ? trace_hardirqs_on_caller+0x2b0/0x2b0
[   32.887876]  ? prepare_exit_to_usermode+0x291/0x3b0
[   32.892878]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   32.897705]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   32.902872] RIP: 0033:0x443e29
[   32.906053] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   32.924933] RSP: 002b:0000