[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 22.660012] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 28.016044] random: sshd: uninitialized urandom read (32 bytes read) [ 28.432801] random: sshd: uninitialized urandom read (32 bytes read) [ 28.994902] random: sshd: uninitialized urandom read (32 bytes read) [ 29.172594] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.9' (ECDSA) to the list of known hosts. [ 34.848189] random: sshd: uninitialized urandom read (32 bytes read) executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 52.836366] [ 52.838025] ====================================================== [ 52.844323] WARNING: possible circular locking dependency detected [ 52.850618] 4.19.0-rc1-next-20180831+ #53 Not tainted [ 52.855794] ------------------------------------------------------ [ 52.862091] syz-executor560/5342 is trying to acquire lock: [ 52.867777] 00000000d0c295b6 (&mm->mmap_sem){++++}, at: __might_fault+0xfb/0x1e0 [ 52.875310] [ 52.875310] but task is already holding lock: [ 52.881256] 000000000e449f78 (&rp->fetch_lock){+.+.}, at: mon_bin_get_event+0x3f/0x460 [ 52.889301] [ 52.889301] which lock already depends on the new lock. [ 52.889301] [ 52.897600] [ 52.897600] the existing dependency chain (in reverse order) is: [ 52.905202] [ 52.905202] -> #1 (&rp->fetch_lock){+.+.}: [ 52.910905] __mutex_lock+0x171/0x1700 [ 52.915291] mutex_lock_nested+0x16/0x20 [ 52.919864] mon_bin_vma_fault+0xdc/0x4a0 [ 52.924517] __do_fault+0xee/0x450 [ 52.928556] __handle_mm_fault+0x13c6/0x4350 [ 52.933469] handle_mm_fault+0x53e/0xc80 [ 52.938037] __get_user_pages+0x823/0x1b50 [ 52.942783] populate_vma_page_range+0x2db/0x3d0 [ 52.948040] __mm_populate+0x286/0x4d0 [ 52.952430] vm_mmap_pgoff+0x27f/0x2c0 [ 52.956822] ksys_mmap_pgoff+0x4da/0x660 [ 52.961383] __x64_sys_mmap+0xe9/0x1b0 [ 52.965782] do_syscall_64+0x1b9/0x820 [ 52.970175] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.975860] [ 52.975860] -> #0 (&mm->mmap_sem){++++}: [ 52.981387] lock_acquire+0x1e4/0x4f0 [ 52.985685] __might_fault+0x155/0x1e0 [ 52.990077] _copy_to_user+0x30/0x110 [ 52.994380] mon_bin_get_event+0x116/0x460 [ 52.999115] mon_bin_ioctl+0x459/0xe80 [ 53.003506] do_vfs_ioctl+0x1de/0x1720 [ 53.007954] ksys_ioctl+0xa9/0xd0 [ 53.011917] __x64_sys_ioctl+0x73/0xb0 [ 53.016311] do_syscall_64+0x1b9/0x820 [ 53.020701] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.026389] [ 53.026389] other info that might help us debug this: [ 53.026389] [ 53.034508] Possible unsafe locking scenario: [ 53.034508] [ 53.040590] CPU0 CPU1 [ 53.045238] ---- ---- [ 53.049881] lock(&rp->fetch_lock); [ 53.053571] lock(&mm->mmap_sem); [ 53.059608] lock(&rp->fetch_lock); [ 53.065828] lock(&mm->mmap_sem); [ 53.069347] [ 53.069347] *** DEADLOCK *** [ 53.069347] [ 53.075387] 1 lock held by syz-executor560/5342: [ 53.080231] #0: 000000000e449f78 (&rp->fetch_lock){+.+.}, at: mon_bin_get_event+0x3f/0x460 [ 53.088716] [ 53.088716] stack backtrace: [ 53.093207] CPU: 0 PID: 5342 Comm: syz-executor560 Not tainted 4.19.0-rc1-next-20180831+ #53 [ 53.101769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.111107] Call Trace: [ 53.113680] dump_stack+0x1c9/0x2b4 [ 53.117295] ? dump_stack_print_info.cold.2+0x52/0x52 [ 53.122576] ? vprintk_func+0x81/0x117 [ 53.126500] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 53.132268] ? save_trace+0xe0/0x290 [ 53.135973] __lock_acquire+0x3449/0x5020 [ 53.140109] ? mark_held_locks+0x160/0x160 [ 53.144325] ? find_held_lock+0x36/0x1c0 [ 53.148369] ? mark_held_locks+0xc9/0x160 [ 53.152504] ? _raw_spin_unlock_irqrestore+0x74/0xc0 [ 53.157593] ? _raw_spin_unlock_irqrestore+0x74/0xc0 [ 53.162678] ? lockdep_hardirqs_on+0x421/0x5c0 [ 53.167240] ? trace_hardirqs_on+0xbd/0x2c0 [ 53.171544] ? kasan_check_read+0x11/0x20 [ 53.175672] ? remove_wait_queue+0x1a6/0x360 [ 53.180060] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 53.185143] ? kasan_check_write+0x14/0x20 [ 53.189359] ? do_raw_spin_lock+0xc1/0x200 [ 53.193582] ? remove_wait_queue+0x1a6/0x360 [ 53.198072] ? graph_lock+0x170/0x170 [ 53.201854] ? add_wait_queue+0x2b0/0x2b0 [ 53.205988] lock_acquire+0x1e4/0x4f0 [ 53.209779] ? __might_fault+0xfb/0x1e0 [ 53.213745] ? lock_release+0x9f0/0x9f0 [ 53.217842] ? check_same_owner+0x340/0x340 [ 53.222149] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 53.227148] ? __check_object_size+0xa3/0x5d7 [ 53.231633] __might_fault+0x155/0x1e0 [ 53.235501] ? __might_fault+0xfb/0x1e0 [ 53.239459] _copy_to_user+0x30/0x110 [ 53.243241] mon_bin_get_event+0x116/0x460 [ 53.247458] mon_bin_ioctl+0x459/0xe80 [ 53.251328] ? mon_bin_get_event+0x460/0x460 [ 53.255718] ? mon_bin_get_event+0x460/0x460 [ 53.260112] do_vfs_ioctl+0x1de/0x1720 [ 53.263982] ? ioctl_preallocate+0x300/0x300 [ 53.268373] ? __fget_light+0x2f7/0x440 [ 53.272331] ? fget_raw+0x20/0x20 [ 53.275775] ? _raw_spin_unlock_irq+0x27/0x70 [ 53.280255] ? do_syscall_64+0x9a/0x820 [ 53.284259] ? do_syscall_64+0x9a/0x820 [ 53.288223] ? lockdep_hardirqs_on+0x421/0x5c0 [ 53.292802] ? security_file_ioctl+0x94/0xc0 [ 53.297201] ksys_ioctl+0xa9/0xd0 [ 53.300681] __x64_sys_ioctl+0x73/0xb0 [ 53.304557] do_syscall_64+0x1b9/0x820 [ 53.308476] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 53.313826] ? syscall_return_slowpath+0x5e0/0x5e0 [ 53.318744] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 53.323772] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 53.328783] ? recalc_sigpending_tsk+0x180/0x180 [ 53.333529] ? kasan_check_write+0x14/0x20 [ 53.337754] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 53.342593] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.347771] RIP: 0033:0x44a139 [ 53.350947] Code: e8 6c b4 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 4b cd fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 53.369829] RSP: 002b:00007fa6f2498da8 EFLAGS: 00000293 ORIG_RAX: 0000000000000010 [ 53.377515] RAX: ffffffffffffffda RBX: 00000000006dbc68 RCX: 000000000044a139 executing program [ 53.384780] RDX: 0000000020000000 RSI: 000000004018920a RDI: 0000000000000005 [ 53.392042] RBP: 00000000006dbc60 R08: 00007fa6f2499700 R09: 0000000000000000 [ 53.399292] R10: 00007fa6f2499700 R11: 0000000000000293 R12: 00000000006dbc6c [ 53.406539] R13: 6273752f7665642f R14: 7375622f7665642f R15: 00000000006dbd4c executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program