[....] Starting OpenBSD Secure Shell server: sshd[ 10.085430] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 48.926645] random: sshd: uninitialized urandom read (32 bytes read) [ 49.337060] audit: type=1400 audit(1559745302.148:6): avc: denied { map } for pid=1774 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 49.377137] random: sshd: uninitialized urandom read (32 bytes read) [ 49.861964] random: sshd: uninitialized urandom read (32 bytes read) [ 50.009949] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.193' (ECDSA) to the list of known hosts. [ 55.506955] random: sshd: uninitialized urandom read (32 bytes read) [ 55.598246] audit: type=1400 audit(1559745308.408:7): avc: denied { map } for pid=1792 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/06/05 14:35:09 parsed 1 programs [ 56.518681] audit: type=1400 audit(1559745309.328:8): avc: denied { map } for pid=1792 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=5028 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 57.151330] random: cc1: uninitialized urandom read (8 bytes read) 2019/06/05 14:35:11 executed programs: 0 [ 58.446112] audit: type=1400 audit(1559745311.258:9): avc: denied { map } for pid=1792 comm="syz-execprog" path="/root/syzkaller-shm495150199" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 60.430961] [ 60.432626] ====================================================== [ 60.438928] WARNING: possible circular locking dependency detected [ 60.445229] 4.14.123+ #5 Not tainted [ 60.448915] ------------------------------------------------------ [ 60.455205] syz-executor.0/1964 is trying to acquire lock: [ 60.460800] (pmus_lock){+.+.}, at: [< (ptrval)>] perf_swevent_init+0x123/0x4e0 [ 60.468839] [ 60.468839] but task is already holding lock: [ 60.474783] (&cpuctx_mutex/1){+.+.}, at: [< (ptrval)>] perf_event_ctx_lock_nested+0x14d/0x2c0 [ 60.484127] [ 60.484127] which lock already depends on the new lock. [ 60.484127] [ 60.492453] [ 60.492453] the existing dependency chain (in reverse order) is: [ 60.500053] [ 60.500053] -> #2 (&cpuctx_mutex/1){+.+.}: [ 60.505792] [ 60.505792] -> #1 (&cpuctx_mutex){+.+.}: [ 60.511336] [ 60.511336] -> #0 (pmus_lock){+.+.}: [ 60.516504] [ 60.516504] other info that might help us debug this: [ 60.516504] [ 60.524629] Chain exists of: [ 60.524629] pmus_lock --> &cpuctx_mutex --> &cpuctx_mutex/1 [ 60.524629] [ 60.534857] Possible unsafe locking scenario: [ 60.534857] [ 60.540892] CPU0 CPU1 [ 60.545543] ---- ---- [ 60.550190] lock(&cpuctx_mutex/1); [ 60.553895] lock(&cpuctx_mutex); [ 60.559925] lock(&cpuctx_mutex/1); [ 60.566129] lock(pmus_lock); [ 60.569293] [ 60.569293] *** DEADLOCK *** [ 60.569293] [ 60.575328] 2 locks held by syz-executor.0/1964: [ 60.580066] #0: (&pmus_srcu){....}, at: [< (ptrval)>] perf_event_alloc.part.0+0xadd/0x1e70 [ 60.589257] #1: (&cpuctx_mutex/1){+.+.}, at: [< (ptrval)>] perf_event_ctx_lock_nested+0x14d/0x2c0 [ 60.599035] [ 60.599035] stack backtrace: [ 60.603532] CPU: 1 PID: 1964 Comm: syz-executor.0 Not tainted 4.14.123+ #5 [ 60.610519] Call Trace: [ 60.613090] dump_stack+0xb9/0x10e [ 60.616613] print_circular_bug.isra.0.cold+0x2dc/0x425 [ 60.621957] ? __lock_acquire+0x2d83/0x3fa0 [ 60.626258] ? __lock_acquire+0x56a/0x3fa0 [ 60.630474] ? trace_hardirqs_on+0x10/0x10 [ 60.634697] ? trace_hardirqs_on+0x10/0x10 [ 60.638909] ? __save_stack_trace+0x7a/0xf0 [ 60.643228] ? lock_acquire+0x10f/0x380 [ 60.647179] ? perf_swevent_init+0x123/0x4e0 [ 60.651569] ? perf_swevent_init+0x123/0x4e0 [ 60.655960] ? __mutex_lock+0xf7/0x1430 [ 60.659909] ? perf_swevent_init+0x123/0x4e0 [ 60.664295] ? __mutex_lock+0x6aa/0x1430 [ 60.668334] ? perf_swevent_init+0x123/0x4e0 [ 60.672721] ? perf_event_ctx_lock_nested+0x14d/0x2c0 [ 60.677885] ? perf_try_init_event+0xf1/0x200 [ 60.682363] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 60.687793] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 60.693221] ? trace_hardirqs_on+0x10/0x10 [ 60.697431] ? perf_event_ctx_lock_nested+0x117/0x2c0 [ 60.702600] ? lock_downgrade+0x5d0/0x5d0 [ 60.706724] ? lock_acquire+0x10f/0x380 [ 60.710685] ? perf_event_ctx_lock_nested+0x39/0x2c0 [ 60.715781] ? perf_swevent_init+0x123/0x4e0 [ 60.720165] ? perf_swevent_init+0x123/0x4e0 [ 60.724550] ? perf_event_ctx_lock_nested+0x14d/0x2c0 [ 60.729718] ? perf_event_