[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 16.773544] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c[ 16.878381] random: sshd: uninitialized urandom read (32 bytes read) . [ 17.129529] random: sshd: uninitialized urandom read (32 bytes read) [ 17.842918] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 17.995230] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.44' (ECDSA) to the list of known hosts. [ 23.459278] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 23.546928] [ 23.548567] ====================================================== [ 23.554855] WARNING: possible circular locking dependency detected [ 23.561146] 4.17.0-rc2+ #23 Not tainted [ 23.565092] ------------------------------------------------------ [ 23.571382] syz-executor463/4448 is trying to acquire lock: [ 23.577064] (ptrval) (sk_lock-AF_INET){+.+.}, at: tcp_mmap+0x1c7/0x14f0 [ 23.584497] [ 23.584497] but task is already holding lock: [ 23.590440] (ptrval) (&mm->mmap_sem){++++}, at: vm_mmap_pgoff+0x1a1/0x2a0 [ 23.598047] [ 23.598047] which lock already depends on the new lock. [ 23.598047] [ 23.606334] [ 23.606334] the existing dependency chain (in reverse order) is: [ 23.613926] [ 23.613926] -> #1 (&mm->mmap_sem){++++}: [ 23.619451] __might_fault+0x155/0x1e0 [ 23.623836] _copy_from_iter_full+0x2fd/0xd10 [ 23.628828] tcp_sendmsg_locked+0x2f98/0x3e10 [ 23.633819] tcp_sendmsg+0x2f/0x50 [ 23.637854] inet_sendmsg+0x19f/0x690 [ 23.642150] sock_sendmsg+0xd5/0x120 [ 23.646361] sock_write_iter+0x35a/0x5a0 [ 23.650915] __vfs_write+0x64d/0x960 [ 23.655122] vfs_write+0x1f8/0x560 [ 23.659155] ksys_write+0xf9/0x250 [ 23.663192] __x64_sys_write+0x73/0xb0 [ 23.667578] do_syscall_64+0x1b1/0x800 [ 23.671963] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 23.677643] [ 23.677643] -> #0 (sk_lock-AF_INET){+.+.}: [ 23.683337] lock_acquire+0x1dc/0x520 [ 23.687632] lock_sock_nested+0xd0/0x120 [ 23.692187] tcp_mmap+0x1c7/0x14f0 [ 23.696225] sock_mmap+0x8e/0xc0 [ 23.700087] mmap_region+0xd13/0x1820 [ 23.704383] do_mmap+0xc79/0x11d0 [ 23.708329] vm_mmap_pgoff+0x1fb/0x2a0 [ 23.712711] ksys_mmap_pgoff+0x4c9/0x640 [ 23.717271] __x64_sys_mmap+0xe9/0x1b0 [ 23.721657] do_syscall_64+0x1b1/0x800 [ 23.726044] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 23.731722] [ 23.731722] other info that might help us debug this: [ 23.731722] [ 23.739835] Possible unsafe locking scenario: [ 23.739835] [ 23.745865] CPU0 CPU1 [ 23.750502] ---- ---- [ 23.755143] lock(&mm->mmap_sem); [ 23.758657] lock(sk_lock-AF_INET); [ 23.764859] lock(&mm->mmap_sem); [ 23.770888] lock(sk_lock-AF_INET); [ 23.774574] [ 23.774574] *** DEADLOCK *** [ 23.774574] [ 23.780606] 1 lock held by syz-executor463/4448: [ 23.785329] #0: (ptrval) (&mm->mmap_sem){++++}, at: vm_mmap_pgoff+0x1a1/0x2a0 [ 23.793369] [ 23.793369] stack backtrace: [ 23.797841] CPU: 0 PID: 4448 Comm: syz-executor463 Not tainted 4.17.0-rc2+ #23 [ 23.805173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 23.814500] Call Trace: [ 23.817065] dump_stack+0x1b9/0x294 [ 23.820666] ? dump_stack_print_info.cold.2+0x52/0x52 [ 23.825830] ? print_lock+0xd1/0xd6 [ 23.829433] ? vprintk_func+0x81/0xe7 [ 23.833212] print_circular_bug.isra.36.cold.54+0x1bd/0x27d [ 23.838895] ? save_trace+0xe0/0x290 [ 23.842583] __lock_acquire+0x343e/0x5140 [ 23.846710] ? debug_check_no_locks_freed+0x310/0x310 [ 23.851873] ? find_held_lock+0x36/0x1c0 [ 23.855911] ? kasan_check_read+0x11/0x20 [ 23.860043] ? graph_lock+0x170/0x170 [ 23.863829] ? kernel_text_address+0x79/0xf0 [ 23.868216] ? __unwind_start+0x166/0x330 [ 23.872341] ? __save_stack_trace+0x7e/0xd0 [ 23.876639] lock_acquire+0x1dc/0x520 [ 23.880415] ? tcp_mmap+0x1c7/0x14f0 [ 23.884106] ? lock_release+0xa10/0xa10 [ 23.888056] ? kasan_check_read+0x11/0x20 [ 23.892181] ? do_raw_spin_unlock+0x9e/0x2e0 [ 23.896566] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 23.901125] ? kasan_check_write+0x14/0x20 [ 23.905337] ? do_raw_spin_lock+0xc1/0x200 [ 23.909549] lock_sock_nested+0xd0/0x120 [ 23.913587] ? tcp_mmap+0x1c7/0x14f0 [ 23.917277] tcp_mmap+0x1c7/0x14f0 [ 23.920792] ? __lock_is_held+0xb5/0x140 [ 23.925045] ? tcp_splice_read+0xfc0/0xfc0 [ 23.929260] ? rcu_read_lock_sched_held+0x108/0x120 [ 23.934254] ? kmem_cache_alloc+0x5fa/0x760 [ 23.938550] sock_mmap+0x8e/0xc0 [ 23.941891] mmap_region+0xd13/0x1820 [ 23.945666] ? __x64_sys_brk+0x790/0x790 [ 23.949704] ? arch_get_unmapped_area+0x750/0x750 [ 23.954520] ? lock_acquire+0x1dc/0x520 [ 23.958469] ? vm_mmap_pgoff+0x1a1/0x2a0 [ 23.962508] ? cap_mmap_addr+0x52/0x130 [ 23.966459] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 23.971972] ? security_mmap_addr+0x80/0xa0 [ 23.976271] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 23.981782] ? get_unmapped_area+0x292/0x3b0 [ 23.986165] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 23.991675] do_mmap+0xc79/0x11d0 [ 23.995105] ? mmap_region+0x1820/0x1820 [ 23.999137] ? vm_mmap_pgoff+0x1a1/0x2a0 [ 24.003178] ? down_read_killable+0x1f0/0x1f0 [ 24.007650] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 24.013161] ? security_mmap_file+0x166/0x1b0 [ 24.017630] vm_mmap_pgoff+0x1fb/0x2a0 [ 24.021493] ? vma_is_stack_for_current+0xd0/0xd0 [ 24.026312] ? sock_release+0x1b0/0x1b0 [ 24.030262] ? get_unused_fd_flags+0x121/0x190 [ 24.034816] ? __alloc_fd+0x700/0x700 [ 24.038591] ksys_mmap_pgoff+0x4c9/0x640 [ 24.042626] ? find_mergeable_anon_vma+0xd0/0xd0 [ 24.047354] ? move_addr_to_kernel+0x70/0x70 [ 24.051737] ? __ia32_sys_fallocate+0xf0/0xf0 [ 24.056207] __x64_sys_mmap+0xe9/0x1b0 [ 24.060069] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 24.065061] do_syscall_64+0x1b1/0x800 [ 24.068924] ? syscall_return_slowpath+0x5c0/0x5c0 [ 24.073828] ? syscall_return_slowpath+0x30f/0x5c0 [ 24.078733] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 24.084071] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 24.088889] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 24.094051] RIP: 0033:0x43fcb9 [ 24.097213] RSP: 002b:00