[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 32.702407] random: sshd: uninitialized urandom read (32 bytes read) [ 33.113072] audit: type=1400 audit(1550407529.021:6): avc: denied { map } for pid=1766 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 33.154530] random: sshd: uninitialized urandom read (32 bytes read) [ 33.644891] random: sshd: uninitialized urandom read (32 bytes read) [ 33.794544] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.15.197' (ECDSA) to the list of known hosts. [ 39.420189] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 39.507835] audit: type=1400 audit(1550407535.411:7): avc: denied { map } for pid=1784 comm="syz-executor813" path="/root/syz-executor813874553" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 39.551145] audit: type=1400 audit(1550407535.461:8): avc: denied { create } for pid=1784 comm="syz-executor813" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_iscsi_socket permissive=1 [ 39.590299] [ 39.591928] ====================================================== [ 39.598216] WARNING: possible circular locking dependency detected [ 39.604501] 4.14.101+ #14 Not tainted [ 39.608268] ------------------------------------------------------ [ 39.614554] syz-executor813/1784 is trying to acquire lock: [ 39.620241] (pmus_lock){+.+.}, at: [] perf_swevent_init+0x123/0x4e0 [ 39.628275] [ 39.628275] but task is already holding lock: [ 39.634215] (&cpuctx_mutex/1){+.+.}, at: [] perf_event_ctx_lock_nested+0x14d/0x2c0 [ 39.643552] [ 39.643552] which lock already depends on the new lock. [ 39.643552] [ 39.651837] [ 39.651837] the existing dependency chain (in reverse order) is: [ 39.659425] [ 39.659425] -> #2 (&cpuctx_mutex/1){+.+.}: [ 39.665110] [ 39.665110] -> #1 (&cpuctx_mutex){+.+.}: [ 39.670622] [ 39.670622] -> #0 (pmus_lock){+.+.}: [ 39.675785] [ 39.675785] other info that might help us debug this: [ 39.675785] [ 39.683899] Chain exists of: [ 39.683899] pmus_lock --> &cpuctx_mutex --> &cpuctx_mutex/1 [ 39.683899] [ 39.694125] Possible unsafe locking scenario: [ 39.694125] [ 39.700151] CPU0 CPU1 [ 39.704785] ---- ---- [ 39.709418] lock(&cpuctx_mutex/1); [ 39.713101] lock(&cpuctx_mutex); [ 39.719129] lock(&cpuctx_mutex/1); [ 39.725330] lock(pmus_lock); [ 39.728490] [ 39.728490] *** DEADLOCK *** [ 39.728490] [ 39.734519] 2 locks held by syz-executor813/1784: [ 39.739330] #0: (&pmus_srcu){....}, at: [] perf_event_alloc.part.0+0xadd/0x1e70 [ 39.748492] #1: (&cpuctx_mutex/1){+.+.}, at: [] perf_event_ctx_lock_nested+0x14d/0x2c0 [ 39.758260] [ 39.758260] stack backtrace: [ 39.762729] CPU: 0 PID: 1784 Comm: syz-executor813 Not tainted 4.14.101+ #14 [ 39.769882] Call Trace: [ 39.772445] dump_stack+0xb9/0x10e [ 39.775962] print_circular_bug.isra.0.cold+0x2dc/0x425 [ 39.781299] ? __lock_acquire+0x2d83/0x3fa0 [ 39.785593] ? __lock_acquire+0x56a/0x3fa0 [ 39.789798] ? trace_hardirqs_on+0x10/0x10 [ 39.794010] ? perf_trace_run_bpf_submit+0x113/0x170 [ 39.799083] ? lock_acquire+0x10f/0x380 [ 39.803046] ? perf_swevent_init+0x123/0x4e0 [ 39.807439] ? perf_swevent_init+0x123/0x4e0 [ 39.811822] ? __mutex_lock+0xf7/0x1430 [ 39.815770] ? perf_swevent_init+0x123/0x4e0 [ 39.820148] ? __mutex_lock+0x6aa/0x1430 [ 39.824177] ? perf_swevent_init+0x123/0x4e0 [ 39.828556] ? perf_event_ctx_lock_nested+0x14d/0x2c0 [ 39.833720] ? perf_try_init_event+0xf1/0x200 [ 39.838184] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 39.843768] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 39.849220] ? perf_event_ctx_lock_nested+0x117/0x2c0 [ 39.854385] ? lock_downgrade+0x5d0/0x5d0 [ 39.858503] ? lock_acquire+0x10f/0x380 [ 39.862447] ? perf_event_ctx_lock_nested+0x39/0x2c0 [ 39.867521] ? perf_swevent_init+0x123/0x4e0 [ 39.871900] ? perf_swevent_init+0x123/0x4e0 [ 39.876289] ? perf_event_ctx_lock_nested+0x14d/0x2c0 [ 39.881446] ? perf_event_ctx_lock_nested+0x247/0x2c0 [ 39.886635] ? perf_try_init_event+0xe5/0x200 [ 39.891117] ? perf_event_alloc.part.0+0xcc5/0x1e70 [ 39.896106] ? SyS_perf_event_open+0x6eb/0x2520 [ 39.900751] ? perf_bp_event+0x1a0/0x1a0 [ 39.904786] ? do_sys_open+0x255/0x590 [ 39.908658