[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 19.866339] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 25.592953] random: sshd: uninitialized urandom read (32 bytes read) [ 25.977271] random: sshd: uninitialized urandom read (32 bytes read) [ 26.710157] random: sshd: uninitialized urandom read (32 bytes read) [ 32.010920] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.23' (ECDSA) to the list of known hosts. [ 37.770053] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 37.868902] sctp: [Deprecated]: syz-executor246 (pid 4548) Use of int in maxseg socket option. [ 37.868902] Use struct sctp_assoc_value instead [ 37.883504] [ 37.885150] ====================================================== [ 37.891466] WARNING: possible circular locking dependency detected [ 37.897787] 4.17.0-rc2+ #22 Not tainted [ 37.901759] ------------------------------------------------------ [ 37.908177] syz-executor246/4548 is trying to acquire lock: [ 37.913888] (ptrval) (sk_lock-AF_INET6){+.+.}, at: tcp_mmap+0x1c7/0x14f0 [ 37.921447] [ 37.921447] but task is already holding lock: [ 37.927422] (ptrval) (&mm->mmap_sem){++++}, at: vm_mmap_pgoff+0x1a1/0x2a0 [ 37.935151] [ 37.935151] which lock already depends on the new lock. [ 37.935151] [ 37.943472] [ 37.943472] the existing dependency chain (in reverse order) is: [ 37.951094] [ 37.951094] -> #1 (&mm->mmap_sem){++++}: [ 37.956752] __might_fault+0x155/0x1e0 [ 37.961352] _copy_from_user+0x30/0x150 [ 37.965866] sctp_setsockopt+0x5cb6/0x7000 [ 37.970643] sock_common_setsockopt+0x9a/0xe0 [ 37.975685] __sys_setsockopt+0x1bd/0x390 [ 37.980372] __x64_sys_setsockopt+0xbe/0x150 [ 37.985312] do_syscall_64+0x1b1/0x800 [ 37.989732] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.995435] [ 37.995435] -> #0 (sk_lock-AF_INET6){+.+.}: [ 38.001255] lock_acquire+0x1dc/0x520 [ 38.005578] lock_sock_nested+0xd0/0x120 [ 38.010162] tcp_mmap+0x1c7/0x14f0 [ 38.014224] sock_mmap+0x8e/0xc0 [ 38.018111] mmap_region+0xd13/0x1820 [ 38.022430] do_mmap+0xc79/0x11d0 [ 38.026400] vm_mmap_pgoff+0x1fb/0x2a0 [ 38.030896] ksys_mmap_pgoff+0x4c9/0x640 [ 38.035500] __x64_sys_mmap+0xe9/0x1b0 [ 38.039913] do_syscall_64+0x1b1/0x800 [ 38.045183] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.050982] [ 38.050982] other info that might help us debug this: [ 38.050982] [ 38.059132] Possible unsafe locking scenario: [ 38.059132] [ 38.065193] CPU0 CPU1 [ 38.069854] ---- ---- [ 38.074517] lock(&mm->mmap_sem); [ 38.078077] lock(sk_lock-AF_INET6); [ 38.084392] lock(&mm->mmap_sem); [ 38.090447] lock(sk_lock-AF_INET6); [ 38.094248] [ 38.094248] *** DEADLOCK *** [ 38.094248] [ 38.100314] 1 lock held by syz-executor246/4548: [ 38.105065] #0: (ptrval) (&mm->mmap_sem){++++}, at: vm_mmap_pgoff+0x1a1/0x2a0 [ 38.113146] [ 38.113146] stack backtrace: [ 38.117665] CPU: 1 PID: 4548 Comm: syz-executor246 Not tainted 4.17.0-rc2+ #22 [ 38.125025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.134377] Call Trace: [ 38.136972] dump_stack+0x1b9/0x294 [ 38.141636] ? dump_stack_print_info.cold.2+0x52/0x52 [ 38.146834] ? print_lock+0xd1/0xd6 [ 38.150468] ? vprintk_func+0x81/0xe7 [ 38.154274] print_circular_bug.isra.36.cold.54+0x1bd/0x27d [ 38.159999] ? save_trace+0xe0/0x290 [ 38.163723] __lock_acquire+0x343e/0x5140 [ 38.167884] ? debug_check_no_locks_freed+0x310/0x310 [ 38.173073] ? find_held_lock+0x36/0x1c0 [ 38.177237] ? kasan_check_read+0x11/0x20 [ 38.181394] ? graph_lock+0x170/0x170 [ 38.185194] ? kernel_text_address+0x79/0xf0 [ 38.189597] ? __unwind_start+0x166/0x330 [ 38.193755] ? __save_stack_trace+0x7e/0xd0 [ 38.198075] lock_acquire+0x1dc/0x520 [ 38.201873] ? tcp_mmap+0x1c7/0x14f0 [ 38.205582] ? lock_release+0xa10/0xa10 [ 38.209549] ? kasan_check_read+0x11/0x20 [ 38.213783] ? do_raw_spin_unlock+0x9e/0x2e0 [ 38.218189] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 38.222773] ? kasan_check_write+0x14/0x20 [ 38.227006] ? do_raw_spin_lock+0xc1/0x200 [ 38.231243] lock_sock_nested+0xd0/0x120 [ 38.235307] ? tcp_mmap+0x1c7/0x14f0 [ 38.239024] tcp_mmap+0x1c7/0x14f0 [ 38.242570] ? __lock_is_held+0xb5/0x140 [ 38.246636] ? tcp_splice_read+0xfc0/0xfc0 [ 38.250869] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.255882] ? kmem_cache_alloc+0x5fa/0x760 [ 38.260201] sock_mmap+0x8e/0xc0 [ 38.263563] mmap_region+0xd13/0x1820 [ 38.267358] ? __x64_sys_brk+0x790/0x790 [ 38.271419] ? arch_get_unmapped_area+0x750/0x750 [ 38.276261] ? lock_acquire+0x1dc/0x520 [ 38.280233] ? vm_mmap_pgoff+0x1a1/0x2a0 [ 38.284293] ? cap_mmap_addr+0x52/0x130 [ 38.288372] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.293915] ? security_mmap_addr+0x80/0xa0 [ 38.298589] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 38.304128] ? get_unmapped_area+0x292/0x3b0 [ 38.308537] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 38.314072] do_mmap+0xc79/0x11d0 [ 38.317523] ? mmap_region+0x1820/0x1820 [ 38.321577] ? vm_mmap_pgoff+0x1a1/0x2a0 [ 38.325637] ? down_read_killable+0x1f0/0x1f0 [ 38.330261] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.336366] ? security_mmap_file+0x166/0x1b0 [ 38.340871] vm_mmap_pgoff+0x1fb/0x2a0 [ 38.344770] ? vma_is_stack_for_current+0xd0/0xd0 [ 38.349620] ? sock_release+0x1b0/0x1b0 [ 38.353595] ? get_unused_fd_flags+0x121/0x190 [ 38.358169] ? __alloc_fd+0x700/0x700 [ 38.361965] ksys_mmap_pgoff+0x4c9/0x640 [ 38.366023] ? find_mergeable_anon_vma+0xd0/0xd0 [ 38.370778] ? move_addr_to_kernel+0x70/0x70 [ 38.375188] ? __ia32_sys_fallocate+0xf0/0xf0 [ 38.379690] __x64_sys_mmap+0xe9/0x1b0 [ 38.383560] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 38.388562] do_syscall_64+0x1b1/0x800 [ 38.392433] ? syscall_return_slowpath+0x5c0/0x5c0 [ 38.397348] ? syscall_return_slowpath+0x30f/0x5c0 [ 38.402265] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 38.407714] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.412546] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.417734] RIP: 0033:0x43fd19 [ 38.