[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 24.406313] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 26.556820] random: sshd: uninitialized urandom read (32 bytes read) [ 26.835251] random: sshd: uninitialized urandom read (32 bytes read) [ 27.379209] random: sshd: uninitialized urandom read (32 bytes read) [ 27.558551] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.9' (ECDSA) to the list of known hosts. [ 33.154075] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 33.264777] [ 33.266461] ====================================================== [ 33.272768] WARNING: possible circular locking dependency detected [ 33.279066] 4.19.0-rc1+ #217 Not tainted [ 33.283102] ------------------------------------------------------ [ 33.289399] syz-executor011/4723 is trying to acquire lock: [ 33.295089] 000000004870e3ae (&rp->fetch_lock){+.+.}, at: mon_bin_vma_fault+0xdc/0x4a0 [ 33.303140] [ 33.303140] but task is already holding lock: [ 33.309092] 0000000079c4913f (&mm->mmap_sem){++++}, at: __mm_populate+0x31a/0x4d0 [ 33.316707] [ 33.316707] which lock already depends on the new lock. [ 33.316707] [ 33.325005] [ 33.325005] the existing dependency chain (in reverse order) is: [ 33.332608] [ 33.332608] -> #1 (&mm->mmap_sem){++++}: [ 33.338144] __might_fault+0x155/0x1e0 [ 33.342538] _copy_to_user+0x30/0x110 [ 33.346846] mon_bin_read+0x334/0x650 [ 33.351153] __vfs_read+0x117/0x9b0 [ 33.355288] vfs_read+0x17f/0x3c0 [ 33.359247] ksys_pread64+0x181/0x1b0 [ 33.363553] __x64_sys_pread64+0x97/0xf0 [ 33.368120] do_syscall_64+0x1b9/0x820 [ 33.372517] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.378204] [ 33.378204] -> #0 (&rp->fetch_lock){+.+.}: [ 33.383917] lock_acquire+0x1e4/0x4f0 [ 33.388254] __mutex_lock+0x171/0x1700 [ 33.392670] mutex_lock_nested+0x16/0x20 [ 33.397240] mon_bin_vma_fault+0xdc/0x4a0 [ 33.401899] __do_fault+0xee/0x450 [ 33.405978] __handle_mm_fault+0x2b4a/0x4350 [ 33.410899] handle_mm_fault+0x53e/0xc80 [ 33.415482] __get_user_pages+0x823/0x1b50 [ 33.420228] populate_vma_page_range+0x2db/0x3d0 [ 33.425490] __mm_populate+0x286/0x4d0 [ 33.429899] vm_mmap_pgoff+0x27f/0x2c0 [ 33.434303] ksys_mmap_pgoff+0x4da/0x660 [ 33.438868] __x64_sys_mmap+0xe9/0x1b0 [ 33.443271] do_syscall_64+0x1b9/0x820 [ 33.447665] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.453350] [ 33.453350] other info that might help us debug this: [ 33.453350] [ 33.461480] Possible unsafe locking scenario: [ 33.461480] [ 33.467544] CPU0 CPU1 [ 33.472200] ---- ---- [ 33.476843] lock(&mm->mmap_sem); [ 33.480364] lock(&rp->fetch_lock); [ 33.486575] lock(&mm->mmap_sem); [ 33.492610] lock(&rp->fetch_lock); [ 33.496305] [ 33.496305] *** DEADLOCK *** [ 33.496305] [ 33.502346] 1 lock held by syz-executor011/4723: [ 33.507078] #0: 0000000079c4913f (&mm->mmap_sem){++++}, at: __mm_populate+0x31a/0x4d0 [ 33.515161] [ 33.515161] stack backtrace: [ 33.519673] CPU: 0 PID: 4723 Comm: syz-executor011 Not tainted 4.19.0-rc1+ #217 [ 33.527101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.536434] Call Trace: [ 33.539022] dump_stack+0x1c9/0x2b4 [ 33.542636] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.547810] ? vprintk_func+0x81/0x117 [ 33.551771] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 33.557465] ? save_trace+0xe0/0x290 [ 33.561163] __lock_acquire+0x3449/0x5020 [ 33.565296] ? __isolate_free_page+0x690/0x690 [ 33.569865] ? mark_held_locks+0x160/0x160 [ 33.574086] ? print_usage_bug+0xc0/0xc0 [ 33.578131] ? free_unref_page_list+0xbca/0x11a0 [ 33.582899] ? __lock_acquire+0x7fc/0x5020 [ 33.587133] ? print_usage_bug+0xc0/0xc0 [ 33.591176] ? mark_held_locks+0x160/0x160 [ 33.595392] ? __lock_acquire+0x7fc/0x5020 [ 33.599608] ? mark_held_locks+0x160/0x160 [ 33.603841] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 33.608945] ? mark_held_locks+0x160/0x160 [ 33.613176] ? graph_lock+0x170/0x170 [ 33.616985] ? mark_held_locks+0x160/0x160 [ 33.621203] ? print_usage_bug+0xc0/0xc0 [ 33.625248] lock_acquire+0x1e4/0x4f0 [ 33.629050] ? mon_bin_vma_fault+0xdc/0x4a0 [ 33.633380] ? lock_release+0x9f0/0x9f0 [ 33.637350] ? check_same_owner+0x340/0x340 [ 33.641669] ? rcu_note_context_switch+0x680/0x680 [ 33.646586] __mutex_lock+0x171/0x1700 [ 33.650468] ? mon_bin_vma_fault+0xdc/0x4a0 [ 33.654775] ? mon_bin_vma_fault+0xdc/0x4a0 [ 33.659083] ? mutex_trylock+0x2b0/0x2b0 [ 33.663130] ? mark_held_locks+0x160/0x160 [ 33.667349] ? lock_downgrade+0x8f0/0x8f0 [ 33.671481] ? trace_hardirqs_off+0xb8/0x2b0 [ 33.675890] ? kasan_check_read+0x11/0x20 [ 33.680034] ? print_usage_bug+0xc0/0xc0 [ 33.684077] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.688471] ? kasan_check_write+0x14/0x20 [ 33.692692] ? do_raw_spin_lock+0xc1/0x200 [ 33.696921] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 33.702012] ? print_usage_bug+0xc0/0xc0 [ 33.706055] ? graph_lock+0x170/0x170 [ 33.709837] ? print_usage_bug+0xc0/0xc0 [ 33.713903] ? __lock_acquire+0x7fc/0x5020 [ 33.718172] ? graph_lock+0x170/0x170 [ 33.721990] ? kasan_slab_free+0xe/0x10 [ 33.725969] ? print_usage_bug+0xc0/0xc0 [ 33.730017] ? __lock_acquire+0x7fc/0x5020 [ 33.734238] mutex_lock_nested+0x16/0x20 [ 33.738285] ? mutex_lock_nested+0x16/0x20 [ 33.742511] mon_bin_vma_fault+0xdc/0x4a0 [ 33.746646] ? kasan_check_read+0x11/0x20 [ 33.750803] ? mon_alloc_buff+0x200/0x200 [ 33.754947] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 33.759625] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 33.764627] ? vma_compute_subtree_gap+0x160/0x240 [ 33.769564] ? vma_gap_callbacks_rotate+0x62/0x80 [ 33.774410] __do_fault+0xee/0x450 [ 33.777949] ? vma_compute_subtree_gap+0x240/0x240 [ 33.782862] ? pmd_devmap_trans_unstable+0x1d0/0x1d0 [ 33.787951] ? __save_stack_trace+0x8d/0xf0 [ 33.792270] ? pud_val+0x88/0x100 [ 33.795706] ? pmd_val+0x100/0x100 [ 33.799230] __handle_mm_fault+0x2b4a/0x4350 [ 33.803653] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 33.808480] ? graph_lock+0x170/0x170 [ 33.812273] ? lock_downgrade+0x8f0/0x8f0 [ 33.816403] ? handle_mm_fault+0x8c4/0xc80 [ 33.820623] ? handle_mm_fault+0x8c4/0xc80 [ 33.824840] ? kasan_check_read+0x11/0x20 [ 33.828970] ? rcu_is_watching+0x8c/0x150 [ 33.833101] ? __get_user_pages+0x823/0x1b50 [ 33.837494] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 33.842156] handle_mm_fault+0x53e/0xc80 [ 33.846214] ? __handle_mm_fault+0x4350/0x4350 [ 33.850777] ? check_same_owner+0x340/0x340 [ 33.855087] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 33.860105] __get_user_pages+0x823/0x1b50 [ 33.864324] ? follow_page_mask+0x1e30/0x1e30 [ 33.868804] ? lock_acquire+0x1e4/0x4f0 [ 33.872761] ? __mm_populate+0x31a/0x4d0 [ 33.876808] ? lock_release+0x9f0/0x9f0 [ 33.880800] ? check_same_owner+0x340/0x340 [ 33.885106] ? rcu_note_context_switch+0x680/0x680 [ 33.890024] populate_vma_page_range+0x2db/0x3d0 [ 33.894798] ? get_user_pages_unlocked+0x5d0/0x5d0 [ 33.899731] ? find_vma+0x34/0x190 [ 33.903287] __mm_populate+0x286/0x4d0 [ 33.907169] ? populate_vma_page_range+0x3d0/0x3d0 [ 33.912118] ? down_read_killable+0x200/0x200 [ 33.916596] ? security_mmap_file+0x176/0x1c0 [ 33.921075] vm_mmap_pgoff+0x27f/0x2c0 [ 33.924947] ? vma_is_stack_for_current+0xd0/0xd0 [ 33.929775] ? putname+0xf2/0x130 [ 33.933216] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.938219] ksys_mmap_pgoff+0x4da/0x660 [ 33.942267] ? do_syscall_64+0x9a/0x820 [ 33.946226] ? find_mergeable_anon_vma+0xd0/0xd0 [ 33.950970] ? trace_hardirqs_on+0xbd/0x2c0 [ 33.955274] ? filp_open+0x80/0x80 [ 33.958798] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.964146] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 33.969669] __x64_sys_mmap+0xe9/0x1b0 [ 33.973540] do_syscall_64+0x1b9/0x820 [ 33.977412] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 33.982758] ? syscall_return_slowpath+0x5e0/0x5e0 [ 33.987670] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.992498] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 33.997509] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 34.002513] ? prepare_exit_to_usermode+0x291/0x3b0 [ 34.007519] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.012348] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.017525] RIP: 0033:0x443df9 [ 34.020705] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 34.039587] RSP: 002b:00007ffc6ff5f4d8 EFLAGS: 00000216 ORIG_RAX: 0000000000000009 [ 34.047280] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000443df9 [ 34.054536] RDX: 0000000001fffffd RSI: 0000000000400000 RDI: 0000000020a05000 [ 34.061790] RBP: 00000000006ce018 R08: 0000000000000005 R09: 00000000000