[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 32.977943] random: sshd: uninitialized urandom read (32 bytes read) [ 33.424412] kauditd_printk_skb: 9 callbacks suppressed [ 33.424421] audit: type=1400 audit(1561664045.753:35): avc: denied { map } for pid=6827 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 33.469150] random: sshd: uninitialized urandom read (32 bytes read) [ 33.992671] random: sshd: uninitialized urandom read (32 bytes read) [ 34.178118] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.1.34' (ECDSA) to the list of known hosts. [ 40.119031] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 40.242149] audit: type=1400 audit(1561664052.573:36): avc: denied { map } for pid=6840 comm="syz-executor846" path="/root/syz-executor846538853" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 40.311025] [ 40.312684] ====================================================== [ 40.319126] WARNING: possible circular locking dependency detected [ 40.325437] 4.14.131 #25 Not tainted [ 40.329129] ------------------------------------------------------ [ 40.335607] syz-executor846/6840 is trying to acquire lock: [ 40.341629] (pmus_lock){+.+.}, at: [] perf_swevent_init+0x12e/0x490 [ 40.349790] [ 40.349790] but task is already holding lock: [ 40.355753] (&cpuctx_mutex/1){+.+.}, at: [] perf_event_ctx_lock_nested+0x150/0x2c0 [ 40.365108] [ 40.365108] which lock already depends on the new lock. [ 40.365108] [ 40.373765] [ 40.373765] the existing dependency chain (in reverse order) is: [ 40.381366] [ 40.381366] -> #2 (&cpuctx_mutex/1){+.+.}: [ 40.387069] lock_acquire+0x16f/0x430 [ 40.391366] __mutex_lock+0xe8/0x1470 [ 40.395765] mutex_lock_nested+0x16/0x20 [ 40.400345] SYSC_perf_event_open+0x121f/0x24b0 [ 40.405513] SyS_perf_event_open+0x34/0x40 [ 40.410243] do_syscall_64+0x1e8/0x640 [ 40.414627] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 40.420379] [ 40.420379] -> #1 (&cpuctx_mutex){+.+.}: [ 40.425939] lock_acquire+0x16f/0x430 [ 40.430425] __mutex_lock+0xe8/0x1470 [ 40.434908] mutex_lock_nested+0x16/0x20 [ 40.439802] perf_event_init_cpu+0xc2/0x170 [ 40.444993] perf_event_init+0x2d8/0x31a [ 40.449560] start_kernel+0x3b6/0x6fd [ 40.453872] x86_64_start_reservations+0x29/0x2b [ 40.459124] x86_64_start_kernel+0x77/0x7b [ 40.463864] secondary_startup_64+0xa5/0xb0 [ 40.468685] [ 40.468685] -> #0 (pmus_lock){+.+.}: [ 40.473924] __lock_acquire+0x2c89/0x45e0 [ 40.478651] lock_acquire+0x16f/0x430 [ 40.482968] __mutex_lock+0xe8/0x1470 [ 40.487342] mutex_lock_nested+0x16/0x20 [ 40.491936] perf_swevent_init+0x12e/0x490 [ 40.496668] perf_try_init_event+0xe6/0x200 [ 40.501699] perf_event_alloc.part.0+0xd48/0x2530 [ 40.507171] SYSC_perf_event_open+0xa2d/0x24b0 [ 40.512248] SyS_perf_event_open+0x34/0x40 [ 40.517244] do_syscall_64+0x1e8/0x640 [ 40.521780] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 40.527646] [ 40.527646] other info that might help us debug this: [ 40.527646] [ 40.536022] Chain exists of: [ 40.536022] pmus_lock --> &cpuctx_mutex --> &cpuctx_mutex/1 [ 40.536022] [ 40.546335] Possible unsafe locking scenario: [ 40.546335] [ 40.552372] CPU0 CPU1 [ 40.557013] ---- ---- [ 40.561829] lock(&cpuctx_mutex/1); [ 40.566178] lock(&cpuctx_mutex); [ 40.572240] lock(&cpuctx_mutex/1); [ 40.578563] lock(pmus_lock); [ 40.581738] [ 40.581738] *** DEADLOCK *** [ 40.581738] [ 40.588046] 2 locks held by syz-executor846/6840: [ 40.593036] #0: (&pmus_srcu){....}, at: [] perf_event_alloc.part.0+0xba8/0x2530 [ 40.602916] #1: (&cpuctx_mutex/1){+.+.}, at: [] perf_event_ctx_lock_nested+0x150/0x2c0 [ 40.612722] [ 40.612722] stack backtrace: [ 40.617289] CPU: 1 PID: 6840 Comm: syz-executor846 Not tainted 4.14.131 #25 [ 40.624631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.634255] Call Trace: [ 40.636836] dump_stack+0x138/0x19c [ 40.640504] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 40.645864] __lock_acquire+0x2c89/0x45e0 [ 40.650006] ? __lock_acquire+0x5f9/0x45e0 [ 40.654219] ? trace_hardirqs_on+0x10/0x10 [ 40.658793] ? depot_save_stack+0x11c/0x410 [ 40.663108] lock_acquire+0x16f/0x430 [ 40.667058] ? perf_swevent_init+0x12e/0x490 [ 40.671530] ? perf_swevent_init+0x12e/0x490 [ 40.676155] __mutex_lock+0xe8/0x1470 [ 40.679937] ? perf_swevent_init+0x12e/0x490 [ 40.684493] ? __mutex_lock+0x36a/0x1470 [ 40.688536] ? trace_hardirqs_on+0x10/0x10 [ 40.692758] ? perf_try_init_event+0xf2/0x200 [ 40.697240] ? perf_swevent_init+0x12e/0x490 [ 40.701891] ? perf_event_ctx_lock_nested+0x150/0x2c0 [ 40.707062] ? perf_try_init_event+0xf2/0x200 [ 40.711538] ? mutex_trylock+0x1c0/0x1c0 [ 40.715587] ? mutex_trylock+0x1c0/0x1c0 [ 40.719652] ? find_held_lock+0x35/0x130 [ 40.723693] ? perf_event_ctx_lock_nested+0x119/0x2c0 [ 40.728863] mutex_lock_nested+0x16/0x20 [ 40.732899] ? mutex_lock_nested+0x16/0x20 [ 40.737253] perf_swevent_init+0x12e/0x490 [ 40.741557] ? perf_event_ctx_lock_nested+0x248/0x2c0 [ 40.746723] perf_try_init_event+0xe6/0x200 [ 40.751023] perf_event_alloc.part.0+0xd48/0x2530 [ 40.755994] SYSC_perf_event_open+0xa2d/0x24b0 [ 40.760656] ? perf_event_set_output+0x460/0x460 [ 40.765387] ? lock_downgrade+0x6e0/0x6e0 [ 40.769847] SyS_perf_event_open+0x34/0x40 [ 40.774061] ? perf_bp_event+0x170/0x170 [ 40.778104] do_syscall_64+0x1e8/0x640 [ 40.782162] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 40.787094] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 40.792276] RIP: 0033:0x440569 [ 40.795443] RSP: 002b:00007ffc9b023b38 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 40.803217] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440569 [ 40.810871] RDX: 000000000000