[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   24.406313] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   26.556820] random: sshd: uninitialized urandom read (32 bytes read)
[   26.835251] random: sshd: uninitialized urandom read (32 bytes read)
[   27.379209] random: sshd: uninitialized urandom read (32 bytes read)
[   27.558551] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.9' (ECDSA) to the list of known hosts.
[   33.154075] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   33.264777] 
[   33.266461] ======================================================
[   33.272768] WARNING: possible circular locking dependency detected
[   33.279066] 4.19.0-rc1+ #217 Not tainted
[   33.283102] ------------------------------------------------------
[   33.289399] syz-executor011/4723 is trying to acquire lock:
[   33.295089] 000000004870e3ae (&rp->fetch_lock){+.+.}, at: mon_bin_vma_fault+0xdc/0x4a0
[   33.303140] 
[   33.303140] but task is already holding lock:
[   33.309092] 0000000079c4913f (&mm->mmap_sem){++++}, at: __mm_populate+0x31a/0x4d0
[   33.316707] 
[   33.316707] which lock already depends on the new lock.
[   33.316707] 
[   33.325005] 
[   33.325005] the existing dependency chain (in reverse order) is:
[   33.332608] 
[   33.332608] -> #1 (&mm->mmap_sem){++++}:
[   33.338144]        __might_fault+0x155/0x1e0
[   33.342538]        _copy_to_user+0x30/0x110
[   33.346846]        mon_bin_read+0x334/0x650
[   33.351153]        __vfs_read+0x117/0x9b0
[   33.355288]        vfs_read+0x17f/0x3c0
[   33.359247]        ksys_pread64+0x181/0x1b0
[   33.363553]        __x64_sys_pread64+0x97/0xf0
[   33.368120]        do_syscall_64+0x1b9/0x820
[   33.372517]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   33.378204] 
[   33.378204] -> #0 (&rp->fetch_lock){+.+.}:
[   33.383917]        lock_acquire+0x1e4/0x4f0
[   33.388254]        __mutex_lock+0x171/0x1700
[   33.392670]        mutex_lock_nested+0x16/0x20
[   33.397240]        mon_bin_vma_fault+0xdc/0x4a0
[   33.401899]        __do_fault+0xee/0x450
[   33.405978]        __handle_mm_fault+0x2b4a/0x4350
[   33.410899]        handle_mm_fault+0x53e/0xc80
[   33.415482]        __get_user_pages+0x823/0x1b50
[   33.420228]        populate_vma_page_range+0x2db/0x3d0
[   33.425490]        __mm_populate+0x286/0x4d0
[   33.429899]        vm_mmap_pgoff+0x27f/0x2c0
[   33.434303]        ksys_mmap_pgoff+0x4da/0x660
[   33.438868]        __x64_sys_mmap+0xe9/0x1b0
[   33.443271]        do_syscall_64+0x1b9/0x820
[   33.447665]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   33.453350] 
[   33.453350] other info that might help us debug this:
[   33.453350] 
[   33.461480]  Possible unsafe locking scenario:
[   33.461480] 
[   33.467544]        CPU0                    CPU1
[   33.472200]        ----                    ----
[   33.476843]   lock(&mm->mmap_sem);
[   33.480364]                                lock(&rp->fetch_lock);
[   33.486575]                                lock(&mm->mmap_sem);
[   33.492610]   lock(&rp->fetch_lock);
[   33.496305] 
[   33.496305]  *** DEADLOCK ***
[   33.496305] 
[   33.502346] 1 lock held by syz-executor011/4723:
[   33.507078]  #0: 0000000079c4913f (&mm->mmap_sem){++++}, at: __mm_populate+0x31a/0x4d0
[   33.515161] 
[   33.515161] stack backtrace:
[   33.519673] CPU: 0 PID: 4723 Comm: syz-executor011 Not tainted 4.19.0-rc1+ #217
[   33.527101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   33.536434] Call Trace:
[   33.539022]  dump_stack+0x1c9/0x2b4
[   33.542636]  ? dump_stack_print_info.cold.2+0x52/0x52
[   33.547810]  ? vprintk_func+0x81/0x117
[   33.551771]  print_circular_bug.isra.34.cold.55+0x1bd/0x27d
[   33.557465]  ? save_trace+0xe0/0x290
[   33.561163]  __lock_acquire+0x3449/0x5020
[   33.565296]  ? __isolate_free_page+0x690/0x690
[   33.569865]  ? mark_held_locks+0x160/0x160
[   33.574086]  ? print_usage_bug+0xc0/0xc0
[   33.578131]  ? free_unref_page_list+0xbca/0x11a0
[   33.582899]  ? __lock_acquire+0x7fc/0x5020
[   33.587133]  ? print_usage_bug+0xc0/0xc0
[   33.591176]  ? mark_held_locks+0x160/0x160
[   33.595392]  ? __lock_acquire+0x7fc/0x5020
[   33.599608]  ? mark_held_locks+0x160/0x160
[   33.603841]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[   33.608945]  ? mark_held_locks+0x160/0x160
[   33.613176]  ? graph_lock+0x170/0x170
[   33.616985]  ? mark_held_locks+0x160/0x160
[   33.621203]  ? print_usage_bug+0xc0/0xc0
[   33.625248]  lock_acquire+0x1e4/0x4f0
[   33.629050]  ? mon_bin_vma_fault+0xdc/0x4a0
[   33.633380]  ? lock_release+0x9f0/0x9f0
[   33.637350]  ? check_same_owner+0x340/0x340
[   33.641669]  ? rcu_note_context_switch+0x680/0x680
[   33.646586]  __mutex_lock+0x171/0x1700
[   33.650468]  ? mon_bin_vma_fault+0xdc/0x4a0
[   33.654775]  ? mon_bin_vma_fault+0xdc/0x4a0
[   33.659083]  ? mutex_trylock+0x2b0/0x2b0
[   33.663130]  ? mark_held_locks+0x160/0x160
[   33.667349]  ? lock_downgrade+0x8f0/0x8f0
[   33.671481]  ? trace_hardirqs_off+0xb8/0x2b0
[   33.675890]  ? kasan_check_read+0x11/0x20
[   33.680034]  ? print_usage_bug+0xc0/0xc0
[   33.684077]  ? trace_hardirqs_on+0x2c0/0x2c0
[   33.688471]  ? kasan_check_write+0x14/0x20
[   33.692692]  ? do_raw_spin_lock+0xc1/0x200
[   33.696921]  ? _raw_spin_unlock_irqrestore+0x63/0xc0
[   33.702012]  ? print_usage_bug+0xc0/0xc0
[   33.706055]  ? graph_lock+0x170/0x170
[   33.709837]  ? print_usage_bug+0xc0/0xc0
[   33.713903]  ? __lock_acquire+0x7fc/0x5020
[   33.718172]  ? graph_lock+0x170/0x170
[   33.721990]  ? kasan_slab_free+0xe/0x10
[   33.725969]  ? print_usage_bug+0xc0/0xc0
[   33.730017]  ? __lock_acquire+0x7fc/0x5020
[   33.734238]  mutex_lock_nested+0x16/0x20
[   33.738285]  ? mutex_lock_nested+0x16/0x20
[   33.742511]  mon_bin_vma_fault+0xdc/0x4a0
[   33.746646]  ? kasan_check_read+0x11/0x20
[   33.750803]  ? mon_alloc_buff+0x200/0x200
[   33.754947]  ? rcu_cleanup_dead_rnp+0x200/0x200
[   33.759625]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   33.764627]  ? vma_compute_subtree_gap+0x160/0x240
[   33.769564]  ? vma_gap_callbacks_rotate+0x62/0x80
[   33.774410]  __do_fault+0xee/0x450
[   33.777949]  ? vma_compute_subtree_gap+0x240/0x240
[   33.782862]  ? pmd_devmap_trans_unstable+0x1d0/0x1d0
[   33.787951]  ? __save_stack_trace+0x8d/0xf0
[   33.792270]  ? pud_val+0x88/0x100
[   33.795706]  ? pmd_val+0x100/0x100
[   33.799230]  __handle_mm_fault+0x2b4a/0x4350
[   33.803653]  ? vmf_insert_mixed_mkwrite+0xa0/0xa0
[   33.808480]  ? graph_lock+0x170/0x170
[   33.812273]  ? lock_downgrade+0x8f0/0x8f0
[   33.816403]  ? handle_mm_fault+0x8c4/0xc80
[   33.820623]  ? handle_mm_fault+0x8c4/0xc80
[   33.824840]  ? kasan_check_read+0x11/0x20
[   33.828970]  ? rcu_is_watching+0x8c/0x150
[   33.833101]  ? __get_user_pages+0x823/0x1b50
[   33.837494]  ? rcu_cleanup_dead_rnp+0x200/0x200
[   33.842156]  handle_mm_fault+0x53e/0xc80
[   33.846214]  ? __handle_mm_fault+0x4350/0x4350
[   33.850777]  ? check_same_owner+0x340/0x340
[   33.855087]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   33.860105]  __get_user_pages+0x823/0x1b50
[   33.864324]  ? follow_page_mask+0x1e30/0x1e30
[   33.868804]  ? lock_acquire+0x1e4/0x4f0
[   33.872761]  ? __mm_populate+0x31a/0x4d0
[   33.876808]  ? lock_release+0x9f0/0x9f0
[   33.880800]  ? check_same_owner+0x340/0x340
[   33.885106]  ? rcu_note_context_switch+0x680/0x680
[   33.890024]  populate_vma_page_range+0x2db/0x3d0
[   33.894798]  ? get_user_pages_unlocked+0x5d0/0x5d0
[   33.899731]  ? find_vma+0x34/0x190
[   33.903287]  __mm_populate+0x286/0x4d0
[   33.907169]  ? populate_vma_page_range+0x3d0/0x3d0
[   33.912118]  ? down_read_killable+0x200/0x200
[   33.916596]  ? security_mmap_file+0x176/0x1c0
[   33.921075]  vm_mmap_pgoff+0x27f/0x2c0
[   33.924947]  ? vma_is_stack_for_current+0xd0/0xd0
[   33.929775]  ? putname+0xf2/0x130
[   33.933216]  ? rcu_read_lock_sched_held+0x108/0x120
[   33.938219]  ksys_mmap_pgoff+0x4da/0x660
[   33.942267]  ? do_syscall_64+0x9a/0x820
[   33.946226]  ? find_mergeable_anon_vma+0xd0/0xd0
[   33.950970]  ? trace_hardirqs_on+0xbd/0x2c0
[   33.955274]  ? filp_open+0x80/0x80
[   33.958798]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   33.964146]  ? trace_hardirqs_off_caller+0x2b0/0x2b0
[   33.969669]  __x64_sys_mmap+0xe9/0x1b0
[   33.973540]  do_syscall_64+0x1b9/0x820
[   33.977412]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   33.982758]  ? syscall_return_slowpath+0x5e0/0x5e0
[   33.987670]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   33.992498]  ? trace_hardirqs_on_caller+0x2b0/0x2b0
[   33.997509]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   34.002513]  ? prepare_exit_to_usermode+0x291/0x3b0
[   34.007519]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   34.012348]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   34.017525] RIP: 0033:0x443df9
[   34.020705] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   34.039587] RSP: 002b:00007ffc6ff5f4d8 EFLAGS: 00000216 ORIG_RAX: 0000000000000009
[   34.047280] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000443df9
[   34.054536] RDX: 0000000001fffffd RSI: 0000000000400000 RDI: 0000000020a05000
[   34.061790] RBP: 00000000006ce018 R08: 0000000000000005 R09: 00000000000