[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 33.426835] random: sshd: uninitialized urandom read (32 bytes read) [ 33.670930] kauditd_printk_skb: 9 callbacks suppressed [ 33.670939] audit: type=1400 audit(1566774836.231:35): avc: denied { map } for pid=6807 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 33.726200] random: sshd: uninitialized urandom read (32 bytes read) [ 34.254604] random: sshd: uninitialized urandom read (32 bytes read) [ 34.432420] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.145' (ECDSA) to the list of known hosts. [ 39.988936] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 40.099583] audit: type=1400 audit(1566774842.651:36): avc: denied { map } for pid=6820 comm="syz-executor004" path="/root/syz-executor004254867" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 40.170812] [ 40.172458] ====================================================== [ 40.178745] WARNING: possible circular locking dependency detected [ 40.185036] 4.14.140 #36 Not tainted [ 40.188720] ------------------------------------------------------ [ 40.195479] syz-executor004/6820 is trying to acquire lock: [ 40.201163] (event_mutex){+.+.}, at: [] perf_trace_init+0x58/0xaa0 [ 40.209121] [ 40.209121] but task is already holding lock: [ 40.215061] (&cpuctx_mutex/1){+.+.}, at: [] perf_event_ctx_lock_nested+0x150/0x2c0 [ 40.224400] [ 40.224400] which lock already depends on the new lock. [ 40.224400] [ 40.232705] [ 40.232705] the existing dependency chain (in reverse order) is: [ 40.240297] [ 40.240297] -> #5 (&cpuctx_mutex/1){+.+.}: [ 40.245993] lock_acquire+0x16f/0x430 [ 40.250303] __mutex_lock+0xe8/0x1470 [ 40.254608] mutex_lock_nested+0x16/0x20 [ 40.259163] SYSC_perf_event_open+0x134c/0x2690 [ 40.264329] SyS_perf_event_open+0x34/0x40 [ 40.269066] do_syscall_64+0x1e8/0x640 [ 40.273462] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 40.279142] [ 40.279142] -> #4 (&cpuctx_mutex){+.+.}: [ 40.284680] lock_acquire+0x16f/0x430 [ 40.288976] __mutex_lock+0xe8/0x1470 [ 40.293268] mutex_lock_nested+0x16/0x20 [ 40.297821] perf_event_init_cpu+0xc2/0x170 [ 40.302637] perf_event_init+0x2d8/0x31a [ 40.307191] start_kernel+0x3b6/0x6fd [ 40.311484] x86_64_start_reservations+0x29/0x2b [ 40.316732] x86_64_start_kernel+0x77/0x7b [ 40.321465] secondary_startup_64+0xa5/0xb0 [ 40.326279] [ 40.326279] -> #3 (pmus_lock){+.+.}: [ 40.331450] lock_acquire+0x16f/0x430 [ 40.335759] __mutex_lock+0xe8/0x1470 [ 40.340058] mutex_lock_nested+0x16/0x20 [ 40.344621] perf_event_init_cpu+0x2f/0x170 [ 40.349450] cpuhp_invoke_callback+0x1ea/0x1ab0 [ 40.354611] _cpu_up+0x228/0x530 [ 40.358485] do_cpu_up+0x121/0x150 [ 40.362531] cpu_up+0x1b/0x20 [ 40.366134] smp_init+0x157/0x170 [ 40.370084] kernel_init_freeable+0x30b/0x532 [ 40.375094] kernel_init+0x12/0x162 [ 40.379216] ret_from_fork+0x24/0x30 [ 40.383424] [ 40.383424] -> #2 (cpu_hotplug_lock.rw_sem){++++}: [ 40.389811] lock_acquire+0x16f/0x430 [ 40.394106] cpus_read_lock+0x3d/0xc0 [ 40.398406] static_key_slow_inc+0x13/0x30 [ 40.403138] tracepoint_probe_register_prio+0x4d6/0x6d0 [ 40.408993] tracepoint_probe_register+0x2b/0x40 [ 40.414243] trace_event_reg+0x277/0x330 [ 40.418797] perf_trace_init+0x449/0xaa0 [ 40.423355] perf_tp_event_init+0x7d/0xf0 [ 40.427994] perf_try_init_event+0x164/0x200 [ 40.432892] perf_event_alloc.part.0+0xd90/0x25b0 [ 40.438225] SYSC_perf_event_open+0xad1/0x2690 [ 40.443300] SyS_perf_event_open+0x34/0x40 [ 40.448033] do_syscall_64+0x1e8/0x640 [ 40.452415] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 40.458098] [ 40.458098] -> #1 (tracepoints_mutex){+.+.}: [ 40.463964] lock_acquire+0x16f/0x430 [ 40.468258] __mutex_lock+0xe8/0x1470 [ 40.472548] mutex_lock_nested+0x16/0x20 [ 40.477102] tracepoint_probe_register_prio+0x36/0x6d0 [ 40.482985] tracepoint_probe_register+0x2b/0x40 [ 40.488256] trace_event_reg+0x277/0x330 [ 40.492810] perf_trace_init+0x449/0xaa0 [ 40.497363] perf_tp_event_init+0x7d/0xf0 [ 40.502005] perf_try_init_event+0x164/0x200 [ 40.506904] perf_event_alloc.part.0+0xd90/0x25b0 [ 40.512238] SYSC_perf_event_open+0xad1/0x2690 [ 40.517314] SyS_perf_event_open+0x34/0x40 [ 40.522046] do_syscall_64+0x1e8/0x640 [ 40.526455] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 40.532137] [ 40.532137] -> #0 (event_mutex){+.+.}: [ 40.537487] __lock_acquire+0x2cb3/0x4620 [ 40.542129] lock_acquire+0x16f/0x430 [ 40.546425] __mutex_lock+0xe8/0x1470 [ 40.550717] mutex_lock_nested+0x16/0x20 [ 40.555269] perf_trace_init+0x58/0xaa0 [ 40.559738] perf_tp_event_init+0x7d/0xf0 [ 40.564381] perf_try_init_event+0xe6/0x200 [ 40.569196] perf_event_alloc.part.0+0xd90/0x25b0 [ 40.574533] SYSC_perf_event_open+0xad1/0x2690 [ 40.579608] SyS_perf_event_open+0x34/0x40 [ 40.584342] do_syscall_64+0x1e8/0x640 [ 40.588726] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 40.594407] [ 40.594407] other info that might help us debug this: [ 40.594407] [ 40.602520] Chain exists of: [ 40.602520] event_mutex --> &cpuctx_mutex --> &cpuctx_mutex/1 [ 40.602520] [ 40.612916] Possible unsafe locking scenario: [ 40.612916] [ 40.618945] CPU0 CPU1 [ 40.623582] ---- ---- [ 40.628219] lock(&cpuctx_mutex/1); [ 40.631904] lock(&cpuctx_mutex); [ 40.637932] lock(&cpuctx_mutex/1); [ 40.644133] lock(event_mutex); [ 40.647474] [ 40.647474] *** DEADLOCK *** [ 40.647474] [ 40.653509] 2 locks held by syz-executor004/6820: [ 40.658322] #0: (&pmus_srcu){....}, at: [] perf_event_alloc.part.0+0xbaa/0x25b0 [ 40.667486] #1: (&cpuctx_mutex/1){+.+.}, at: [] perf_event_ctx_lock_nested+0x150/0x2c0 [ 40.677345] [ 40.677345] stack backtrace: [ 40.681816] CPU: 0 PID: 6820 Comm: syz-executor004 Not tainted 4.14.140 #36 [ 40.688885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.698212] Call Trace: [ 40.700783] dump_stack+0x138/0x197 [ 40.704391] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 40.709739] __lock_acquire+0x2cb3/0x4620 [ 40.713863] ? trace_hardirqs_on+0x10/0x10 [ 40.718068] ? trace_hardirqs_on+0x10/0x10 [ 40.722279] lock_acquire+0x16f/0x430 [ 40.726054] ? perf_trace_init+0x58/0xaa0 [ 40.730172] ? perf_trace_init+0x58/0xaa0 [ 40.734294] __mutex_lock+0xe8/0x1470 [ 40.738065] ? perf_trace_init+0x58/0xaa0 [ 40.742188] ? perf_event_ctx_lock_nested+0x150/0x2c0 [ 40.747353] ? perf_trace_init+0x58/0xaa0 [ 40.751472] ? __mutex_lock+0x36a/0x1470 [ 40.755505] ? trace_hardirqs_on+0x10/0x10 [ 40.759709] ? perf_try_init_event+0xf2/0x200 [ 40.764193] ? mutex_trylock+0x1c0/0x1c0 [ 40.768226] ? perf_event_ctx_lock_nested+0x150/0x2c0 [ 40.780043] ? perf_try_init_event+0xf2/0x200 [ 40.784520] ? mutex_trylock+0x1c0/0x1c0 [ 40.788554] ? find_held_lock+0x35/0x130 [ 40.792604] ? perf_event_ctx_lock_nested+0x119/0x2c0 [ 40.797767] mutex_lock_nested+0x16/0x20 [ 40.801802] ? lock_downgrade+0x6e0/0x6e0 [ 40.805925] ? mutex_lock_nested+0x16/0x20 [ 40.810137] perf_trace_init+0x58/0xaa0 [ 40.814100] ? mutex_lock_nested+0x16/0x20 [ 40.818313] perf_tp_event_init+0x7d/0xf0 [ 40.822447] perf_try_init_event+0xe6/0x200 [ 40.826912] perf_event_alloc.part.0+0xd90/0x25b0 [ 40.831734] SYSC_perf_event_open+0xad1/0x2690 [ 40.836294] ? perf_event_set_output+0x460/0x460 [ 40.841036] ? lock_downgrade+0x6e0/0x6e0 [ 40.845252] SyS_perf_event_open+0x34/0x40 [ 40.849467] ? perf_bp_event+0x170/0x170 [ 40.853513] do_syscall_64+0x1e8/0x640 [ 40.857379] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 40.862202] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 40.867366] RIP: 0033:0x440459 [ 40.870532] RSP: 002b:00007ffc0f5e1f08 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 40.