[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 20.619501] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 26.284790] random: sshd: uninitialized urandom read (32 bytes read) [ 26.698820] random: sshd: uninitialized urandom read (32 bytes read) [ 27.416071] random: sshd: uninitialized urandom read (32 bytes read) [ 27.579707] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.20' (ECDSA) to the list of known hosts. [ 33.062790] random: sshd: uninitialized urandom read (32 bytes read) [ 33.155966] [ 33.157638] ====================================================== [ 33.163931] WARNING: possible circular locking dependency detected [ 33.170229] 4.17.0-rc2+ #19 Not tainted [ 33.174219] ------------------------------------------------------ [ 33.180521] syz-executor823/4546 is trying to acquire lock: [ 33.186212] (ptrval) (sk_lock-AF_INET){+.+.}, at: tcp_mmap+0x1c7/0x14f0 [ 33.193662] [ 33.193662] but task is already holding lock: [ 33.199624] (ptrval) (&mm->mmap_sem){++++}, at: vm_mmap_pgoff+0x1a1/0x2a0 [ 33.207250] [ 33.207250] which lock already depends on the new lock. [ 33.207250] [ 33.215567] [ 33.215567] the existing dependency chain (in reverse order) is: [ 33.223177] [ 33.223177] -> #1 (&mm->mmap_sem){++++}: [ 33.228733] __might_fault+0x155/0x1e0 [ 33.233144] _copy_from_iter_full+0x2fd/0xd10 [ 33.238169] tcp_sendmsg_locked+0x2f98/0x3e10 [ 33.243251] tcp_sendmsg+0x2f/0x50 [ 33.247292] inet_sendmsg+0x19f/0x690 [ 33.251602] sock_sendmsg+0xd5/0x120 [ 33.255831] sock_write_iter+0x35a/0x5a0 [ 33.260400] __vfs_write+0x64d/0x960 [ 33.264614] vfs_write+0x1f8/0x560 [ 33.268656] ksys_write+0xf9/0x250 [ 33.272694] __x64_sys_write+0x73/0xb0 [ 33.277082] do_syscall_64+0x1b1/0x800 [ 33.281474] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.287168] [ 33.287168] -> #0 (sk_lock-AF_INET){+.+.}: [ 33.292886] lock_acquire+0x1dc/0x520 [ 33.297194] lock_sock_nested+0xd0/0x120 [ 33.301774] tcp_mmap+0x1c7/0x14f0 [ 33.305835] sock_mmap+0x8e/0xc0 [ 33.309709] mmap_region+0xd13/0x1820 [ 33.314028] do_mmap+0xc79/0x11d0 [ 33.318432] vm_mmap_pgoff+0x1fb/0x2a0 [ 33.322821] ksys_mmap_pgoff+0x4c9/0x640 [ 33.327399] __x64_sys_mmap+0xe9/0x1b0 [ 33.331791] do_syscall_64+0x1b1/0x800 [ 33.336193] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.341883] [ 33.341883] other info that might help us debug this: [ 33.341883] [ 33.350010] Possible unsafe locking scenario: [ 33.350010] [ 33.356051] CPU0 CPU1 [ 33.360952] ---- ---- [ 33.365769] lock(&mm->mmap_sem); [ 33.369287] lock(sk_lock-AF_INET); [ 33.375499] lock(&mm->mmap_sem); [ 33.381562] lock(sk_lock-AF_INET); [ 33.385256] [ 33.385256] *** DEADLOCK *** [ 33.385256] [ 33.391307] 1 lock held by syz-executor823/4546: [ 33.396126] #0: (ptrval) (&mm->mmap_sem){++++}, at: vm_mmap_pgoff+0x1a1/0x2a0 [ 33.404182] [ 33.404182] stack backtrace: [ 33.408679] CPU: 1 PID: 4546 Comm: syz-executor823 Not tainted 4.17.0-rc2+ #19 [ 33.416046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.425649] Call Trace: [ 33.428224] dump_stack+0x1b9/0x294 [ 33.431830] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.437008] ? print_lock+0xd1/0xd6 [ 33.440633] ? vprintk_func+0x81/0xe7 [ 33.444509] print_circular_bug.isra.36.cold.54+0x1bd/0x27d [ 33.450198] ? save_trace+0xe0/0x290 [ 33.453889] __lock_acquire+0x343e/0x5140 [ 33.458084] ? debug_check_no_locks_freed+0x310/0x310 [ 33.463249] ? find_held_lock+0x36/0x1c0 [ 33.467293] ? kasan_check_read+0x11/0x20 [ 33.471419] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 33.476604] ? graph_lock+0x170/0x170 [ 33.480391] ? kernel_text_address+0x79/0xf0 [ 33.484782] ? __unwind_start+0x166/0x330 [ 33.488911] ? __save_stack_trace+0x7e/0xd0 [ 33.493212] lock_acquire+0x1dc/0x520 [ 33.497003] ? tcp_mmap+0x1c7/0x14f0 [ 33.500707] ? lock_release+0xa10/0xa10 [ 33.504658] ? kasan_check_read+0x11/0x20 [ 33.508888] ? do_raw_spin_unlock+0x9e/0x2e0 [ 33.513300] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 33.517890] ? kasan_check_write+0x14/0x20 [ 33.522106] ? do_raw_spin_lock+0xc1/0x200 [ 33.526325] lock_sock_nested+0xd0/0x120 [ 33.530366] ? tcp_mmap+0x1c7/0x14f0 [ 33.534063] tcp_mmap+0x1c7/0x14f0 [ 33.537583] ? __lock_is_held+0xb5/0x140 [ 33.541627] ? tcp_splice_read+0xfc0/0xfc0 [ 33.545842] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.550931] ? kmem_cache_alloc+0x5fa/0x760 [ 33.555240] sock_mmap+0x8e/0xc0 [ 33.558612] mmap_region+0xd13/0x1820 [ 33.562441] ? __x64_sys_brk+0x790/0x790 [ 33.566545] ? arch_get_unmapped_area+0x750/0x750 [ 33.571415] ? lock_acquire+0x1dc/0x520 [ 33.575379] ? vm_mmap_pgoff+0x1a1/0x2a0 [ 33.579425] ? cap_mmap_addr+0x52/0x130 [ 33.583414] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.588945] ? security_mmap_addr+0x80/0xa0 [ 33.593247] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 33.598765] ? get_unmapped_area+0x292/0x3b0 [ 33.603172] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 33.608694] do_mmap+0xc79/0x11d0 [ 33.612125] ? mmap_region+0x1820/0x1820 [ 33.616162] ? vm_mmap_pgoff+0x1a1/0x2a0 [ 33.620206] ? down_read_killable+0x1f0/0x1f0 [ 33.624681] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.630201] ? security_mmap_file+0x166/0x1b0 [ 33.634693] vm_mmap_pgoff+0x1fb/0x2a0 [ 33.638653] ? vma_is_stack_for_current+0xd0/0xd0 [ 33.643475] ? sock_release+0x1b0/0x1b0 [ 33.647443] ? get_unused_fd_flags+0x121/0x190 [ 33.652008] ? __alloc_fd+0x700/0x700 [ 33.655795] ksys_mmap_pgoff+0x4c9/0x640 [ 33.659835] ? find_mergeable_anon_vma+0xd0/0xd0 [ 33.664587] ? move_addr_to_kernel+0x70/0x70 [ 33.668975] ? __ia32_sys_fallocate+0xf0/0xf0 [ 33.673448] __x64_sys_mmap+0xe9/0x1b0 [ 33.677317] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 33.682318] do_syscall_64+0x1b1/0x800 [ 33.686191] ? syscall_return_slowpath+0x5c0/0x5c0 [ 33.691111] ? syscall_return_slowpath+0x30f/0x5c0 [ 33.696026] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 33.701369] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.706198] entry_SYS