[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   20.258116] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

[   21.508356] random: sshd: uninitialized urandom read (32 bytes read)
Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   21.930973] random: sshd: uninitialized urandom read (32 bytes read)
[   22.619440] random: sshd: uninitialized urandom read (32 bytes read)
[   22.779614] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.9' (ECDSA) to the list of known hosts.
[   28.331938] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   28.424368] 
[   28.426044] ======================================================
[   28.432337] WARNING: possible circular locking dependency detected
[   28.438632] 4.17.0-rc2+ #23 Not tainted
[   28.442584] ------------------------------------------------------
[   28.448884] syz-executor435/4536 is trying to acquire lock:
[   28.454566]         (ptrval) (sk_lock-AF_INET){+.+.}, at: tcp_mmap+0x1c7/0x14f0
[   28.462006] 
[   28.462006] but task is already holding lock:
[   28.467974]         (ptrval) (&mm->mmap_sem){++++}, at: vm_mmap_pgoff+0x1a1/0x2a0
[   28.475590] 
[   28.475590] which lock already depends on the new lock.
[   28.475590] 
[   28.483881] 
[   28.483881] the existing dependency chain (in reverse order) is:
[   28.491481] 
[   28.491481] -> #1 (&mm->mmap_sem){++++}:
[   28.497017]        __might_fault+0x155/0x1e0
[   28.501412]        _copy_from_iter_full+0x2fd/0xd10
[   28.506409]        tcp_sendmsg_locked+0x2f98/0x3e10
[   28.511416]        tcp_sendmsg+0x2f/0x50
[   28.515463]        inet_sendmsg+0x19f/0x690
[   28.519763]        sock_sendmsg+0xd5/0x120
[   28.523974]        sock_write_iter+0x35a/0x5a0
[   28.528538]        __vfs_write+0x64d/0x960
[   28.532747]        vfs_write+0x1f8/0x560
[   28.536783]        ksys_write+0xf9/0x250
[   28.540819]        __x64_sys_write+0x73/0xb0
[   28.545211]        do_syscall_64+0x1b1/0x800
[   28.549690]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   28.555382] 
[   28.555382] -> #0 (sk_lock-AF_INET){+.+.}:
[   28.561082]        lock_acquire+0x1dc/0x520
[   28.565392]        lock_sock_nested+0xd0/0x120
[   28.569952]        tcp_mmap+0x1c7/0x14f0
[   28.573989]        sock_mmap+0x8e/0xc0
[   28.577854]        mmap_region+0xd13/0x1820
[   28.582150]        do_mmap+0xc79/0x11d0
[   28.586100]        vm_mmap_pgoff+0x1fb/0x2a0
[   28.590483]        ksys_mmap_pgoff+0x4c9/0x640
[   28.595043]        __x64_sys_mmap+0xe9/0x1b0
[   28.599427]        do_syscall_64+0x1b1/0x800
[   28.603815]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   28.609497] 
[   28.609497] other info that might help us debug this:
[   28.609497] 
[   28.617643]  Possible unsafe locking scenario:
[   28.617643] 
[   28.623684]        CPU0                    CPU1
[   28.628324]        ----                    ----
[   28.632961]   lock(&mm->mmap_sem);
[   28.636479]                                lock(sk_lock-AF_INET);
[   28.642684]                                lock(&mm->mmap_sem);
[   28.648716]   lock(sk_lock-AF_INET);
[   28.652406] 
[   28.652406]  *** DEADLOCK ***
[   28.652406] 
[   28.658444] 1 lock held by syz-executor435/4536:
[   28.663171]  #0:         (ptrval) (&mm->mmap_sem){++++}, at: vm_mmap_pgoff+0x1a1/0x2a0
[   28.671218] 
[   28.671218] stack backtrace:
[   28.675694] CPU: 0 PID: 4536 Comm: syz-executor435 Not tainted 4.17.0-rc2+ #23
[   28.683033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   28.692371] Call Trace:
[   28.694937]  dump_stack+0x1b9/0x294
[   28.698544]  ? dump_stack_print_info.cold.2+0x52/0x52
[   28.703712]  ? print_lock+0xd1/0xd6
[   28.707318]  ? vprintk_func+0x81/0xe7
[   28.711106]  print_circular_bug.isra.36.cold.54+0x1bd/0x27d
[   28.716797]  ? save_trace+0xe0/0x290
[   28.720493]  __lock_acquire+0x343e/0x5140
[   28.724619]  ? debug_check_no_locks_freed+0x310/0x310
[   28.729783]  ? find_held_lock+0x36/0x1c0
[   28.733826]  ? kasan_check_read+0x11/0x20
[   28.737952]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   28.743120]  ? graph_lock+0x170/0x170
[   28.746899]  ? kernel_text_address+0x79/0xf0
[   28.751287]  ? __unwind_start+0x166/0x330
[   28.755415]  ? __save_stack_trace+0x7e/0xd0
[   28.759718]  lock_acquire+0x1dc/0x520
[   28.763518]  ? tcp_mmap+0x1c7/0x14f0
[   28.767214]  ? lock_release+0xa10/0xa10
[   28.771185]  ? kasan_check_read+0x11/0x20
[   28.775311]  ? do_raw_spin_unlock+0x9e/0x2e0
[   28.779709]  ? do_raw_spin_trylock+0x1b0/0x1b0
[   28.784280]  ? kasan_check_write+0x14/0x20
[   28.788491]  ? do_raw_spin_lock+0xc1/0x200
[   28.792704]  lock_sock_nested+0xd0/0x120
[   28.796745]  ? tcp_mmap+0x1c7/0x14f0
[   28.800435]  tcp_mmap+0x1c7/0x14f0
[   28.803953]  ? __lock_is_held+0xb5/0x140
[   28.807993]  ? tcp_splice_read+0xfc0/0xfc0
[   28.812208]  ? rcu_read_lock_sched_held+0x108/0x120
[   28.817205]  ? kmem_cache_alloc+0x5fa/0x760
[   28.821509]  sock_mmap+0x8e/0xc0
[   28.824853]  mmap_region+0xd13/0x1820
[   28.828631]  ? __x64_sys_brk+0x790/0x790
[   28.832672]  ? arch_get_unmapped_area+0x750/0x750
[   28.837495]  ? lock_acquire+0x1dc/0x520
[   28.841446]  ? vm_mmap_pgoff+0x1a1/0x2a0
[   28.845486]  ? cap_mmap_addr+0x52/0x130
[   28.849440]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   28.854959]  ? security_mmap_addr+0x80/0xa0
[   28.859264]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   28.864778]  ? get_unmapped_area+0x292/0x3b0
[   28.869169]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   28.874687]  do_mmap+0xc79/0x11d0
[   28.878118]  ? mmap_region+0x1820/0x1820
[   28.882155]  ? vm_mmap_pgoff+0x1a1/0x2a0
[   28.886202]  ? down_read_killable+0x1f0/0x1f0
[   28.890685]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   28.896215]  ? security_mmap_file+0x166/0x1b0
[   28.900688]  vm_mmap_pgoff+0x1fb/0x2a0
[   28.904553]  ? vma_is_stack_for_current+0xd0/0xd0
[   28.909376]  ? sock_release+0x1b0/0x1b0
[   28.913328]  ? get_unused_fd_flags+0x121/0x190
[   28.917888]  ? __alloc_fd+0x700/0x700
[   28.921669]  ksys_mmap_pgoff+0x4c9/0x640
[   28.925718]  ? find_mergeable_anon_vma+0xd0/0xd0
[   28.930452]  ? move_addr_to_kernel+0x70/0x70
[   28.934837]  ? __ia32_sys_fallocate+0xf0/0xf0
[   28.939421]  __x64_sys_mmap+0xe9/0x1b0
[   28.943288]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   28.948293]  do_syscall_64+0x1b1/0x800
[   28.952166]  ? syscall_slow_exit_work+0x4f0/0x4f0
[   28.956995]  ? syscall_return_slowpath+0x5c0/0x5c0
[   28.961906]  ? syscall_return_slowpath+0x30f/0x5c0
[   28.966814]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[   28.972176]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   28.976997]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   28.982171] RIP: 0033:0x43fcb9
[   28.985337] RSP: 002b:00007fffc569ff48 EFLAGS: 00000212 ORIG_RAX: 0000000000000009
[   28.993028] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fcb9
[   29.000278] RDX: 0000000001000000 RSI: 0000000000003000 RDI: 0000000020ee9000
[   29.007527] RBP: 00000000006ca018 R08: 0000000000000003 R09: 0000000000000000
[   29.014775] R10: 0000000000001011 R11: 0000000000000212 R12: 00000000004015e0
[   29.022026] R13: 0000000000401670 R14: 0000000000000000 R1