[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 17.744674] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 19.740426] random: sshd: uninitialized urandom read (32 bytes read) [ 20.007366] random: sshd: uninitialized urandom read (32 bytes read) [ 20.710223] random: sshd: uninitialized urandom read (32 bytes read) [ 20.864125] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.7' (ECDSA) to the list of known hosts. [ 26.414148] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 26.500577] [ 26.502220] ====================================================== [ 26.508508] WARNING: possible circular locking dependency detected [ 26.514799] 4.17.0-rc2+ #23 Not tainted [ 26.518743] ------------------------------------------------------ [ 26.525036] syz-executor450/4435 is trying to acquire lock: [ 26.530715] (ptrval) (sk_lock-AF_INET){+.+.}, at: tcp_mmap+0x1c7/0x14f0 [ 26.538150] [ 26.538150] but task is already holding lock: [ 26.544095] (ptrval) (&mm->mmap_sem){++++}, at: vm_mmap_pgoff+0x1a1/0x2a0 [ 26.551697] [ 26.551697] which lock already depends on the new lock. [ 26.551697] [ 26.559986] [ 26.559986] the existing dependency chain (in reverse order) is: [ 26.567580] [ 26.567580] -> #1 (&mm->mmap_sem){++++}: [ 26.573105] __might_fault+0x155/0x1e0 [ 26.577488] _copy_from_iter_full+0x2fd/0xd10 [ 26.582479] tcp_sendmsg_locked+0x2f98/0x3e10 [ 26.587468] tcp_sendmsg+0x2f/0x50 [ 26.591502] inet_sendmsg+0x19f/0x690 [ 26.595801] sock_sendmsg+0xd5/0x120 [ 26.600017] sock_write_iter+0x35a/0x5a0 [ 26.604581] __vfs_write+0x64d/0x960 [ 26.608789] vfs_write+0x1f8/0x560 [ 26.612824] ksys_write+0xf9/0x250 [ 26.616858] __x64_sys_write+0x73/0xb0 [ 26.621247] do_syscall_64+0x1b1/0x800 [ 26.625634] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 26.631311] [ 26.631311] -> #0 (sk_lock-AF_INET){+.+.}: [ 26.637008] lock_acquire+0x1dc/0x520 [ 26.641311] lock_sock_nested+0xd0/0x120 [ 26.645867] tcp_mmap+0x1c7/0x14f0 [ 26.649903] sock_mmap+0x8e/0xc0 [ 26.653765] mmap_region+0xd13/0x1820 [ 26.658064] do_mmap+0xc79/0x11d0 [ 26.662016] vm_mmap_pgoff+0x1fb/0x2a0 [ 26.666410] ksys_mmap_pgoff+0x4c9/0x640 [ 26.670968] __x64_sys_mmap+0xe9/0x1b0 [ 26.675353] do_syscall_64+0x1b1/0x800 [ 26.679746] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 26.685426] [ 26.685426] other info that might help us debug this: [ 26.685426] [ 26.693541] Possible unsafe locking scenario: [ 26.693541] [ 26.699568] CPU0 CPU1 [ 26.704208] ---- ---- [ 26.708847] lock(&mm->mmap_sem); [ 26.712358] lock(sk_lock-AF_INET); [ 26.718563] lock(&mm->mmap_sem); [ 26.724590] lock(sk_lock-AF_INET); [ 26.728276] [ 26.728276] *** DEADLOCK *** [ 26.728276] [ 26.734311] 1 lock held by syz-executor450/4435: [ 26.739037] #0: (ptrval) (&mm->mmap_sem){++++}, at: vm_mmap_pgoff+0x1a1/0x2a0 [ 26.747075] [ 26.747075] stack backtrace: [ 26.751549] CPU: 1 PID: 4435 Comm: syz-executor450 Not tainted 4.17.0-rc2+ #23 [ 26.758879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.768205] Call Trace: [ 26.770767] dump_stack+0x1b9/0x294 [ 26.774368] ? dump_stack_print_info.cold.2+0x52/0x52 [ 26.779536] ? print_lock+0xd1/0xd6 [ 26.783138] ? vprintk_func+0x81/0xe7 [ 26.786917] print_circular_bug.isra.36.cold.54+0x1bd/0x27d [ 26.792601] ? save_trace+0xe0/0x290 [ 26.796290] __lock_acquire+0x343e/0x5140 [ 26.800423] ? debug_check_no_locks_freed+0x310/0x310 [ 26.805589] ? find_held_lock+0x36/0x1c0 [ 26.809722] ? kasan_check_read+0x11/0x20 [ 26.813860] ? graph_lock+0x170/0x170 [ 26.817647] ? kernel_text_address+0x79/0xf0 [ 26.822044] ? __unwind_start+0x166/0x330 [ 26.826172] ? __save_stack_trace+0x7e/0xd0 [ 26.830472] lock_acquire+0x1dc/0x520 [ 26.834248] ? tcp_mmap+0x1c7/0x14f0 [ 26.837935] ? lock_release+0xa10/0xa10 [ 26.841887] ? kasan_check_read+0x11/0x20 [ 26.846013] ? do_raw_spin_unlock+0x9e/0x2e0 [ 26.850408] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 26.854965] ? kasan_check_write+0x14/0x20 [ 26.859174] ? do_raw_spin_lock+0xc1/0x200 [ 26.863385] lock_sock_nested+0xd0/0x120 [ 26.867426] ? tcp_mmap+0x1c7/0x14f0 [ 26.871117] tcp_mmap+0x1c7/0x14f0 [ 26.874633] ? __lock_is_held+0xb5/0x140 [ 26.878669] ? tcp_splice_read+0xfc0/0xfc0 [ 26.882881] ? rcu_read_lock_sched_held+0x108/0x120 [ 26.887872] ? kmem_cache_alloc+0x5fa/0x760 [ 26.892172] sock_mmap+0x8e/0xc0 [ 26.895514] mmap_region+0xd13/0x1820 [ 26.899289] ? __x64_sys_brk+0x790/0x790 [ 26.903325] ? arch_get_unmapped_area+0x750/0x750 [ 26.908142] ? lock_acquire+0x1dc/0x520 [ 26.912097] ? vm_mmap_pgoff+0x1a1/0x2a0 [ 26.916140] ? cap_mmap_addr+0x52/0x130 [ 26.920098] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 26.925619] ? security_mmap_addr+0x80/0xa0 [ 26.929917] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 26.935427] ? get_unmapped_area+0x292/0x3b0 [ 26.939813] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 26.945325] do_mmap+0xc79/0x11d0 [ 26.948752] ? mmap_region+0x1820/0x1820 [ 26.952787] ? vm_mmap_pgoff+0x1a1/0x2a0 [ 26.956826] ? down_read_killable+0x1f0/0x1f0 [ 26.961298] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 26.966811] ? security_mmap_file+0x166/0x1b0 [ 26.971279] vm_mmap_pgoff+0x1fb/0x2a0 [ 26.975143] ? vma_is_stack_for_current+0xd0/0xd0 [ 26.979960] ? sock_release+0x1b0/0x1b0 [ 26.983914] ? get_unused_fd_flags+0x121/0x190 [ 26.988471] ? __alloc_fd+0x700/0x700 [ 26.992246] ksys_mmap_pgoff+0x4c9/0x640 [ 26.996283] ? find_mergeable_anon_vma+0xd0/0xd0 [ 27.001015] ? move_addr_to_kernel+0x70/0x70 [ 27.005402] ? __ia32_sys_fallocate+0xf0/0xf0 [ 27.009873] __x64_sys_mmap+0xe9/0x1b0 [ 27.013737] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 27.018729] do_syscall_64+0x1b1/0x800 [ 27.022592] ? syscall_return_slowpath+0x5c0/0x5c0 [ 27.027498] ? syscall_return_slowpath+0x30f/0x5c0 [ 27.032410] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 27.037749] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 27.042565] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 27.047727] RIP: 0033:0x43fcb9 [ 27.050893] RSP: 002b