[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 24.241188] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 26.427216] random: sshd: uninitialized urandom read (32 bytes read) [ 26.756627] random: sshd: uninitialized urandom read (32 bytes read) [ 27.352922] random: sshd: uninitialized urandom read (32 bytes read) [ 27.537053] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.34' (ECDSA) to the list of known hosts. [ 33.338000] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 33.443142] [ 33.444790] ====================================================== [ 33.451088] WARNING: possible circular locking dependency detected [ 33.457442] 4.19.0-rc1-next-20180831+ #53 Not tainted [ 33.462614] ------------------------------------------------------ [ 33.468913] syz-executor970/4643 is trying to acquire lock: [ 33.474610] 0000000086366e4d (&rp->fetch_lock){+.+.}, at: mon_bin_vma_fault+0xdc/0x4a0 [ 33.482696] [ 33.482696] but task is already holding lock: [ 33.488648] 00000000c9e869c0 (&mm->mmap_sem){++++}, at: __mm_populate+0x31a/0x4d0 [ 33.496274] [ 33.496274] which lock already depends on the new lock. [ 33.496274] [ 33.504571] [ 33.504571] the existing dependency chain (in reverse order) is: [ 33.512194] [ 33.512194] -> #1 (&mm->mmap_sem){++++}: [ 33.517737] __might_fault+0x155/0x1e0 [ 33.522133] _copy_to_user+0x30/0x110 [ 33.526441] mon_bin_read+0x334/0x650 [ 33.530753] __vfs_read+0x117/0x9b0 [ 33.534889] vfs_read+0x17f/0x3c0 [ 33.538860] ksys_pread64+0x181/0x1b0 [ 33.543169] __x64_sys_pread64+0x97/0xf0 [ 33.547745] do_syscall_64+0x1b9/0x820 [ 33.552160] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.557854] [ 33.557854] -> #0 (&rp->fetch_lock){+.+.}: [ 33.563563] lock_acquire+0x1e4/0x4f0 [ 33.567871] __mutex_lock+0x171/0x1700 [ 33.572264] mutex_lock_nested+0x16/0x20 [ 33.576833] mon_bin_vma_fault+0xdc/0x4a0 [ 33.581496] __do_fault+0xee/0x450 [ 33.585859] __handle_mm_fault+0x2b4a/0x4350 [ 33.590773] handle_mm_fault+0x53e/0xc80 [ 33.595361] __get_user_pages+0x823/0x1b50 [ 33.600103] populate_vma_page_range+0x2db/0x3d0 [ 33.605365] __mm_populate+0x286/0x4d0 [ 33.609776] vm_mmap_pgoff+0x27f/0x2c0 [ 33.614169] ksys_mmap_pgoff+0x4da/0x660 [ 33.618772] __x64_sys_mmap+0xe9/0x1b0 [ 33.623168] do_syscall_64+0x1b9/0x820 [ 33.627571] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.633256] [ 33.633256] other info that might help us debug this: [ 33.633256] [ 33.641383] Possible unsafe locking scenario: [ 33.641383] [ 33.647420] CPU0 CPU1 [ 33.652082] ---- ---- [ 33.656752] lock(&mm->mmap_sem); [ 33.660291] lock(&rp->fetch_lock); [ 33.666511] lock(&mm->mmap_sem); [ 33.672557] lock(&rp->fetch_lock); [ 33.676255] [ 33.676255] *** DEADLOCK *** [ 33.676255] [ 33.682301] 1 lock held by syz-executor970/4643: [ 33.687034] #0: 00000000c9e869c0 (&mm->mmap_sem){++++}, at: __mm_populate+0x31a/0x4d0 [ 33.695091] [ 33.695091] stack backtrace: [ 33.699572] CPU: 1 PID: 4643 Comm: syz-executor970 Not tainted 4.19.0-rc1-next-20180831+ #53 [ 33.708128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.717468] Call Trace: [ 33.720060] dump_stack+0x1c9/0x2b4 [ 33.723690] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.728870] ? vprintk_func+0x81/0x117 [ 33.732752] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 33.738453] ? save_trace+0xe0/0x290 [ 33.742159] __lock_acquire+0x3449/0x5020 [ 33.746300] ? __isolate_free_page+0x690/0x690 [ 33.750870] ? mark_held_locks+0x160/0x160 [ 33.755094] ? print_usage_bug+0xc0/0xc0 [ 33.759175] ? free_unref_page_list+0xbca/0x11a0 [ 33.763926] ? __lock_acquire+0x7fc/0x5020 [ 33.768147] ? print_usage_bug+0xc0/0xc0 [ 33.772250] ? mark_held_locks+0x160/0x160 [ 33.776474] ? __lock_acquire+0x7fc/0x5020 [ 33.780721] ? mark_held_locks+0x160/0x160 [ 33.784952] ? mark_held_locks+0x160/0x160 [ 33.789193] ? graph_lock+0x170/0x170 [ 33.792988] ? mark_held_locks+0x160/0x160 [ 33.797203] ? print_usage_bug+0xc0/0xc0 [ 33.801252] lock_acquire+0x1e4/0x4f0 [ 33.805055] ? mon_bin_vma_fault+0xdc/0x4a0 [ 33.809360] ? lock_release+0x9f0/0x9f0 [ 33.813319] ? check_same_owner+0x340/0x340 [ 33.817625] ? rcu_note_context_switch+0x680/0x680 [ 33.822557] __mutex_lock+0x171/0x1700 [ 33.826430] ? mon_bin_vma_fault+0xdc/0x4a0 [ 33.830738] ? mon_bin_vma_fault+0xdc/0x4a0 [ 33.835051] ? mutex_trylock+0x2b0/0x2b0 [ 33.839103] ? mark_held_locks+0x160/0x160 [ 33.843328] ? lock_downgrade+0x8f0/0x8f0 [ 33.847462] ? trace_hardirqs_off+0xb8/0x2b0 [ 33.851864] ? kasan_check_read+0x11/0x20 [ 33.856010] ? print_usage_bug+0xc0/0xc0 [ 33.860071] ? trace_hardirqs_on+0x2c0/0x2c0 [ 33.864464] ? kasan_check_write+0x14/0x20 [ 33.868694] ? do_raw_spin_lock+0xc1/0x200 [ 33.872919] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 33.878022] ? print_usage_bug+0xc0/0xc0 [ 33.882068] ? graph_lock+0x170/0x170 [ 33.885849] ? print_usage_bug+0xc0/0xc0 [ 33.889893] ? __lock_acquire+0x7fc/0x5020 [ 33.894108] ? graph_lock+0x170/0x170 [ 33.897891] ? kasan_slab_free+0xe/0x10 [ 33.901866] ? print_usage_bug+0xc0/0xc0 [ 33.905911] ? __lock_acquire+0x7fc/0x5020 [ 33.910132] mutex_lock_nested+0x16/0x20 [ 33.914175] ? mutex_lock_nested+0x16/0x20 [ 33.918402] mon_bin_vma_fault+0xdc/0x4a0 [ 33.922554] ? kasan_check_read+0x11/0x20 [ 33.926688] ? mon_alloc_buff+0x200/0x200 [ 33.930820] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 33.935482] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 33.940504] ? vma_compute_subtree_gap+0x160/0x240 [ 33.945425] ? vma_gap_callbacks_rotate+0x62/0x80 [ 33.950253] __do_fault+0xee/0x450 [ 33.953778] ? vma_compute_subtree_gap+0x240/0x240 [ 33.958694] ? pmd_devmap_trans_unstable+0x1d0/0x1d0 [ 33.963785] ? __save_stack_trace+0x8d/0xf0 [ 33.968087] ? pud_val+0x88/0x100 [ 33.971524] ? pmd_val+0x100/0x100 [ 33.975048] __handle_mm_fault+0x2b4a/0x4350 [ 33.979455] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 33.984281] ? graph_lock+0x170/0x170 [ 33.988070] ? lock_downgrade+0x8f0/0x8f0 [ 33.992209] ? handle_mm_fault+0x8c4/0xc80 [ 33.996442] ? handle_mm_fault+0x8c4/0xc80 [ 34.000666] ? kasan_check_read+0x11/0x20 [ 34.004802] ? rcu_is_watching+0x8c/0x150 [ 34.008938] ? __get_user_pages+0x823/0x1b50 [ 34.013348] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 34.018005] handle_mm_fault+0x53e/0xc80 [ 34.022226] ? __handle_mm_fault+0x4350/0x4350 [ 34.026795] ? check_same_owner+0x340/0x340 [ 34.031105] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 34.036109] __get_user_pages+0x823/0x1b50 [ 34.040332] ? follow_page_mask+0x1e30/0x1e30 [ 34.044815] ? lock_acquire+0x1e4/0x4f0 [ 34.048773] ? __mm_populate+0x31a/0x4d0 [ 34.052819] ? lock_release+0x9f0/0x9f0 [ 34.056777] ? check_same_owner+0x340/0x340 [ 34.061083] ? rcu_note_context_switch+0x680/0x680 [ 34.066002] populate_vma_page_range+0x2db/0x3d0 [ 34.070751] ? get_user_pages_unlocked+0x5d0/0x5d0 [ 34.075665] ? find_vma+0x34/0x190 [ 34.079196] __mm_populate+0x286/0x4d0 [ 34.083068] ? populate_vma_page_range+0x3d0/0x3d0 [ 34.087982] ? down_read_killable+0x200/0x200 [ 34.092477] ? security_mmap_file+0x176/0x1c0 [ 34.096969] vm_mmap_pgoff+0x27f/0x2c0 [ 34.100844] ? vma_is_stack_for_current+0xd0/0xd0 [ 34.105670] ? putname+0xf2/0x130 [ 34.109111] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.114116] ksys_mmap_pgoff+0x4da/0x660 [ 34.118164] ? do_syscall_64+0x9a/0x820 [ 34.122131] ? find_mergeable_anon_vma+0xd0/0xd0 [ 34.126868] ? trace_hardirqs_on+0xbd/0x2c0 [ 34.131174] ? filp_open+0x80/0x80 [ 34.134706] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.140056] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 34.145149] __x64_sys_mmap+0xe9/0x1b0 [ 34.149025] do_syscall_64+0x1b9/0x820 [ 34.152904] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 34.158257] ? syscall_return_slowpath+0x5e0/0x5e0 [ 34.163171] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.168006] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 34.173009] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 34.178012] ? prepare_exit_to_usermode+0x291/0x3b0 [ 34.183034] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.187868] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.193040] RIP: 0033:0x443df9 [ 34.196219] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 34.215138] RSP: 002b:00007ffd46b12508 EFLAGS: 00000216 ORIG_RAX: 0000000000000009 [ 34.222835] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000443df9 [ 34.230088] RDX: 0000000001fffffd RSI: 0000000000001000 RDI: 0000000020aba000 [ 34.237343] RBP: 00000000006ce018 R08: 0000000000000005 R09: 0000000000000000 [ 34.244593] R10: 00000