[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.524238] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 28.556150] random: sshd: uninitialized urandom read (32 bytes read) [ 28.955502] random: sshd: uninitialized urandom read (32 bytes read) [ 29.517012] random: sshd: uninitialized urandom read (32 bytes read) [ 29.695389] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.51' (ECDSA) to the list of known hosts. [ 35.236679] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 35.339373] [ 35.341129] ====================================================== [ 35.347422] WARNING: possible circular locking dependency detected [ 35.353755] 4.19.0-rc1+ #217 Not tainted [ 35.357792] ------------------------------------------------------ [ 35.364086] syz-executor601/4642 is trying to acquire lock: [ 35.369796] 00000000a954486e (&rp->fetch_lock){+.+.}, at: mon_bin_vma_fault+0xdc/0x4a0 [ 35.377844] [ 35.377844] but task is already holding lock: [ 35.383791] 00000000766d6735 (&mm->mmap_sem){++++}, at: __mm_populate+0x31a/0x4d0 [ 35.391406] [ 35.391406] which lock already depends on the new lock. [ 35.391406] [ 35.399701] [ 35.399701] the existing dependency chain (in reverse order) is: [ 35.407410] [ 35.407410] -> #1 (&mm->mmap_sem){++++}: [ 35.412951] __might_fault+0x155/0x1e0 [ 35.417346] _copy_to_user+0x30/0x110 [ 35.421653] mon_bin_read+0x334/0x650 [ 35.425959] __vfs_read+0x117/0x9b0 [ 35.430086] vfs_read+0x17f/0x3c0 [ 35.434138] ksys_pread64+0x181/0x1b0 [ 35.438449] __x64_sys_pread64+0x97/0xf0 [ 35.443020] do_syscall_64+0x1b9/0x820 [ 35.447415] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.453106] [ 35.453106] -> #0 (&rp->fetch_lock){+.+.}: [ 35.458824] lock_acquire+0x1e4/0x4f0 [ 35.463143] __mutex_lock+0x171/0x1700 [ 35.467533] mutex_lock_nested+0x16/0x20 [ 35.472100] mon_bin_vma_fault+0xdc/0x4a0 [ 35.476797] __do_fault+0xee/0x450 [ 35.480857] __handle_mm_fault+0x13c6/0x4350 [ 35.485819] handle_mm_fault+0x53e/0xc80 [ 35.490399] __get_user_pages+0x823/0x1b50 [ 35.495239] populate_vma_page_range+0x2db/0x3d0 [ 35.500501] __mm_populate+0x286/0x4d0 [ 35.504892] vm_mmap_pgoff+0x27f/0x2c0 [ 35.509287] ksys_mmap_pgoff+0x4da/0x660 [ 35.513855] __x64_sys_mmap+0xe9/0x1b0 [ 35.518252] do_syscall_64+0x1b9/0x820 [ 35.522650] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.528338] [ 35.528338] other info that might help us debug this: [ 35.528338] [ 35.536523] Possible unsafe locking scenario: [ 35.536523] [ 35.542563] CPU0 CPU1 [ 35.547207] ---- ---- [ 35.551848] lock(&mm->mmap_sem); [ 35.555366] lock(&rp->fetch_lock); [ 35.561578] lock(&mm->mmap_sem); [ 35.567612] lock(&rp->fetch_lock); [ 35.571305] [ 35.571305] *** DEADLOCK *** [ 35.571305] [ 35.577345] 1 lock held by syz-executor601/4642: [ 35.582079] #0: 00000000766d6735 (&mm->mmap_sem){++++}, at: __mm_populate+0x31a/0x4d0 [ 35.590138] [ 35.590138] stack backtrace: [ 35.594617] CPU: 1 PID: 4642 Comm: syz-executor601 Not tainted 4.19.0-rc1+ #217 [ 35.602044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.611375] Call Trace: [ 35.613956] dump_stack+0x1c9/0x2b4 [ 35.617568] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.622744] ? vprintk_func+0x81/0x117 [ 35.626619] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 35.632312] ? save_trace+0xe0/0x290 [ 35.636007] __lock_acquire+0x3449/0x5020 [ 35.640136] ? __isolate_free_page+0x690/0x690 [ 35.644701] ? mark_held_locks+0x160/0x160 [ 35.648920] ? print_usage_bug+0xc0/0xc0 [ 35.652967] ? mark_held_locks+0x160/0x160 [ 35.657182] ? print_usage_bug+0xc0/0xc0 [ 35.661224] ? mark_held_locks+0x160/0x160 [ 35.665439] ? print_usage_bug+0xc0/0xc0 [ 35.669483] ? __lock_acquire+0x7fc/0x5020 [ 35.673701] ? mark_held_locks+0x160/0x160 [ 35.677966] ? print_usage_bug+0xc0/0xc0 [ 35.682019] ? graph_lock+0x170/0x170 [ 35.685812] lock_acquire+0x1e4/0x4f0 [ 35.689602] ? mon_bin_vma_fault+0xdc/0x4a0 [ 35.693908] ? lock_release+0x9f0/0x9f0 [ 35.697869] ? check_same_owner+0x340/0x340 [ 35.702232] ? __lock_acquire+0x7fc/0x5020 [ 35.706457] ? rcu_note_context_switch+0x680/0x680 [ 35.711373] __mutex_lock+0x171/0x1700 [ 35.715244] ? mon_bin_vma_fault+0xdc/0x4a0 [ 35.719551] ? mark_held_locks+0x160/0x160 [ 35.723773] ? mon_bin_vma_fault+0xdc/0x4a0 [ 35.728079] ? mutex_trylock+0x2b0/0x2b0 [ 35.732125] ? rb_insert_color_cached+0x14c0/0x14c0 [ 35.737124] ? kernel_text_address+0x79/0xf0 [ 35.741516] ? __kernel_text_address+0xd/0x40 [ 35.746001] ? unwind_get_return_address+0x61/0xa0 [ 35.750922] ? find_held_lock+0x36/0x1c0 [ 35.754973] ? __mem_cgroup_largest_soft_limit_node.part.64+0x7f0/0x7f0 [ 35.761709] ? lock_downgrade+0x8f0/0x8f0 [ 35.765839] ? kasan_check_read+0x11/0x20 [ 35.769968] ? rcu_is_watching+0x8c/0x150 [ 35.774097] ? graph_lock+0x170/0x170 [ 35.777883] ? get_mem_cgroup_from_mm+0x209/0x440 [ 35.782709] ? find_held_lock+0x36/0x1c0 [ 35.786766] mutex_lock_nested+0x16/0x20 [ 35.790945] ? mutex_lock_nested+0x16/0x20 [ 35.795177] mon_bin_vma_fault+0xdc/0x4a0 [ 35.799313] ? rcu_is_watching+0x8c/0x150 [ 35.803449] ? mon_alloc_buff+0x200/0x200 [ 35.807584] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 35.812240] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.817759] __do_fault+0xee/0x450 [ 35.821282] ? pmd_devmap_trans_unstable+0x1d0/0x1d0 [ 35.826368] ? __save_stack_trace+0x8d/0xf0 [ 35.830675] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 35.836196] __handle_mm_fault+0x13c6/0x4350 [ 35.840588] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 35.845415] ? graph_lock+0x170/0x170 [ 35.849203] ? lock_downgrade+0x8f0/0x8f0 [ 35.853336] ? handle_mm_fault+0x8c4/0xc80 [ 35.857553] ? handle_mm_fault+0x8c4/0xc80 [ 35.861779] ? kasan_check_read+0x11/0x20 [ 35.865921] ? rcu_is_watching+0x8c/0x150 [ 35.870056] ? __get_user_pages+0x823/0x1b50 [ 35.874446] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 35.879101] handle_mm_fault+0x53e/0xc80 [ 35.883154] ? __handle_mm_fault+0x4350/0x4350 [ 35.887721] ? check_same_owner+0x340/0x340 [ 35.892028] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 35.897157] __get_user_pages+0x823/0x1b50 [ 35.901388] ? follow_page_mask+0x1e30/0x1e30 [ 35.905872] ? lock_acquire+0x1e4/0x4f0 [ 35.909827] ? __mm_populate+0x31a/0x4d0 [ 35.913871] ? lock_release+0x9f0/0x9f0 [ 35.917827] ? check_same_owner+0x340/0x340 [ 35.922133] ? rcu_note_context_switch+0x680/0x680 [ 35.927050] populate_vma_page_range+0x2db/0x3d0 [ 35.931855] ? get_user_pages_unlocked+0x5d0/0x5d0 [ 35.936778] ? find_vma+0x34/0x190 [ 35.940304] __mm_populate+0x286/0x4d0 [ 35.944179] ? populate_vma_page_range+0x3d0/0x3d0 [ 35.949094] ? down_read_killable+0x200/0x200 [ 35.953574] ? security_mmap_file+0x176/0x1c0 [ 35.958052] vm_mmap_pgoff+0x27f/0x2c0 [ 35.961922] ? vma_is_stack_for_current+0xd0/0xd0 [ 35.966752] ? putname+0xf2/0x130 [ 35.970192] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.975191] ksys_mmap_pgoff+0x4da/0x660 [ 35.979238] ? do_syscall_64+0x9a/0x820 [ 35.983196] ? find_mergeable_anon_vma+0xd0/0xd0 [ 35.987932] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.992242] ? filp_open+0x80/0x80 [ 35.995768] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.001114] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 36.006199] __x64_sys_mmap+0xe9/0x1b0 [ 36.010069] do_syscall_64+0x1b9/0x820 [ 36.013946] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 36.019293] ? syscall_return_slowpath+0x5e0/0x5e0 [ 36.024201] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.029022] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 36.034019] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 36.039016] ? prepare_exit_to_usermode+0x291/0x3b0 [ 36.044015] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.048845] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.054015] RIP: 0033:0x445749 [ 36.057241] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 36.076227] RSP: 002b:00007ffe56dbdf48 EFLAGS: 00000212 ORIG_RAX: 0000000000000009 [ 36.084016] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000445749 [ 36.091269] RDX: