[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 32.977943] random: sshd: uninitialized urandom read (32 bytes read)
[ 33.424412] kauditd_printk_skb: 9 callbacks suppressed
[ 33.424421] audit: type=1400 audit(1561664045.753:35): avc: denied { map } for pid=6827 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[ 33.469150] random: sshd: uninitialized urandom read (32 bytes read)
[ 33.992671] random: sshd: uninitialized urandom read (32 bytes read)
[ 34.178118] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.1.34' (ECDSA) to the list of known hosts.
[ 40.119031] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[ 40.242149] audit: type=1400 audit(1561664052.573:36): avc: denied { map } for pid=6840 comm="syz-executor846" path="/root/syz-executor846538853" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[ 40.311025]
[ 40.312684] ======================================================
[ 40.319126] WARNING: possible circular locking dependency detected
[ 40.325437] 4.14.131 #25 Not tainted
[ 40.329129] ------------------------------------------------------
[ 40.335607] syz-executor846/6840 is trying to acquire lock:
[ 40.341629] (pmus_lock){+.+.}, at: [<ffffffff816b6e6e>] perf_swevent_init+0x12e/0x490
[ 40.349790]
[ 40.349790] but task is already holding lock:
[ 40.355753] (&cpuctx_mutex/1){+.+.}, at: [<ffffffff816bb930>] perf_event_ctx_lock_nested+0x150/0x2c0
[ 40.365108]
[ 40.365108] which lock already depends on the new lock.
[ 40.365108]
[ 40.373765]
[ 40.373765] the existing dependency chain (in reverse order) is:
[ 40.381366]
[ 40.381366] -> #2 (&cpuctx_mutex/1){+.+.}:
[ 40.387069] lock_acquire+0x16f/0x430
[ 40.391366] __mutex_lock+0xe8/0x1470
[ 40.395765] mutex_lock_nested+0x16/0x20
[ 40.400345] SYSC_perf_event_open+0x121f/0x24b0
[ 40.405513] SyS_perf_event_open+0x34/0x40
[ 40.410243] do_syscall_64+0x1e8/0x640
[ 40.414627] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 40.420379]
[ 40.420379] -> #1 (&cpuctx_mutex){+.+.}:
[ 40.425939] lock_acquire+0x16f/0x430
[ 40.430425] __mutex_lock+0xe8/0x1470
[ 40.434908] mutex_lock_nested+0x16/0x20
[ 40.439802] perf_event_init_cpu+0xc2/0x170
[ 40.444993] perf_event_init+0x2d8/0x31a
[ 40.449560] start_kernel+0x3b6/0x6fd
[ 40.453872] x86_64_start_reservations+0x29/0x2b
[ 40.459124] x86_64_start_kernel+0x77/0x7b
[ 40.463864] secondary_startup_64+0xa5/0xb0
[ 40.468685]
[ 40.468685] -> #0 (pmus_lock){+.+.}:
[ 40.473924] __lock_acquire+0x2c89/0x45e0
[ 40.478651] lock_acquire+0x16f/0x430
[ 40.482968] __mutex_lock+0xe8/0x1470
[ 40.487342] mutex_lock_nested+0x16/0x20
[ 40.491936] perf_swevent_init+0x12e/0x490
[ 40.496668] perf_try_init_event+0xe6/0x200
[ 40.501699] perf_event_alloc.part.0+0xd48/0x2530
[ 40.507171] SYSC_perf_event_open+0xa2d/0x24b0
[ 40.512248] SyS_perf_event_open+0x34/0x40
[ 40.517244] do_syscall_64+0x1e8/0x640
[ 40.521780] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 40.527646]
[ 40.527646] other info that might help us debug this:
[ 40.527646]
[ 40.536022] Chain exists of:
[ 40.536022] pmus_lock --> &cpuctx_mutex --> &cpuctx_mutex/1
[ 40.536022]
[ 40.546335] Possible unsafe locking scenario:
[ 40.546335]
[ 40.552372] CPU0 CPU1
[ 40.557013] ---- ----
[ 40.561829] lock(&cpuctx_mutex/1);
[ 40.566178] lock(&cpuctx_mutex);
[ 40.572240] lock(&cpuctx_mutex/1);
[ 40.578563] lock(pmus_lock);
[ 40.581738]
[ 40.581738] *** DEADLOCK ***
[ 40.581738]
[ 40.588046] 2 locks held by syz-executor846/6840:
[ 40.593036] #0: (&pmus_srcu){....}, at: [<ffffffff816c0708>] perf_event_alloc.part.0+0xba8/0x2530
[ 40.602916] #1: (&cpuctx_mutex/1){+.+.}, at: [<ffffffff816bb930>] perf_event_ctx_lock_nested+0x150/0x2c0
[ 40.612722]
[ 40.612722] stack backtrace:
[ 40.617289] CPU: 1 PID: 6840 Comm: syz-executor846 Not tainted 4.14.131 #25
[ 40.624631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 40.634255] Call Trace:
[ 40.636836] dump_stack+0x138/0x19c
[ 40.640504] print_circular_bug.isra.0.cold+0x1cc/0x28f
[ 40.645864] __lock_acquire+0x2c89/0x45e0
[ 40.650006] ? __lock_acquire+0x5f9/0x45e0
[ 40.654219] ? trace_hardirqs_on+0x10/0x10
[ 40.658793] ? depot_save_stack+0x11c/0x410
[ 40.663108] lock_acquire+0x16f/0x430
[ 40.667058] ? perf_swevent_init+0x12e/0x490
[ 40.671530] ? perf_swevent_init+0x12e/0x490
[ 40.676155] __mutex_lock+0xe8/0x1470
[ 40.679937] ? perf_swevent_init+0x12e/0x490
[ 40.684493] ? __mutex_lock+0x36a/0x1470
[ 40.688536] ? trace_hardirqs_on+0x10/0x10
[ 40.692758] ? perf_try_init_event+0xf2/0x200
[ 40.697240] ? perf_swevent_init+0x12e/0x490
[ 40.701891] ? perf_event_ctx_lock_nested+0x150/0x2c0
[ 40.707062] ? perf_try_init_event+0xf2/0x200
[ 40.711538] ? mutex_trylock+0x1c0/0x1c0
[ 40.715587] ? mutex_trylock+0x1c0/0x1c0
[ 40.719652] ? find_held_lock+0x35/0x130
[ 40.723693] ? perf_event_ctx_lock_nested+0x119/0x2c0
[ 40.728863] mutex_lock_nested+0x16/0x20
[ 40.732899] ? mutex_lock_nested+0x16/0x20
[ 40.737253] perf_swevent_init+0x12e/0x490
[ 40.741557] ? perf_event_ctx_lock_nested+0x248/0x2c0
[ 40.746723] perf_try_init_event+0xe6/0x200
[ 40.751023] perf_event_alloc.part.0+0xd48/0x2530
[ 40.755994] SYSC_perf_event_open+0xa2d/0x24b0
[ 40.760656] ? perf_event_set_output+0x460/0x460
[ 40.765387] ? lock_downgrade+0x6e0/0x6e0
[ 40.769847] SyS_perf_event_open+0x34/0x40
[ 40.774061] ? perf_bp_event+0x170/0x170
[ 40.778104] do_syscall_64+0x1e8/0x640
[ 40.782162] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 40.787094] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 40.792276] RIP: 0033:0x440569
[ 40.795443] RSP: 002b:00007ffc9b023b38 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[ 40.803217] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440569
[ 40.810871] RDX: 000000000000