[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   18.583403] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   24.047582] random: sshd: uninitialized urandom read (32 bytes read)
[   24.272827] random: sshd: uninitialized urandom read (32 bytes read)
[   24.997903] random: sshd: uninitialized urandom read (32 bytes read)
[   25.163175] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.16' (ECDSA) to the list of known hosts.
[   30.745913] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   30.849707] 
[   30.851502] ======================================================
[   30.857802] WARNING: possible circular locking dependency detected
[   30.864109] 4.17.0-rc2+ #25 Not tainted
[   30.868065] ------------------------------------------------------
[   30.874361] syz-executor037/4509 is trying to acquire lock:
[   30.880049]         (ptrval) (sk_lock-AF_INET){+.+.}, at: tcp_mmap+0x1c7/0x14f0
[   30.887507] 
[   30.887507] but task is already holding lock:
[   30.893474]         (ptrval) (&mm->mmap_sem){++++}, at: vm_mmap_pgoff+0x1a1/0x2a0
[   30.901098] 
[   30.901098] which lock already depends on the new lock.
[   30.901098] 
[   30.909416] 
[   30.909416] the existing dependency chain (in reverse order) is:
[   30.917029] 
[   30.917029] -> #1 (&mm->mmap_sem){++++}:
[   30.922581]        __might_fault+0x155/0x1e0
[   30.926994]        _copy_from_iter_full+0x2fd/0xd10
[   30.932021]        tcp_sendmsg_locked+0x2f98/0x3e10
[   30.937035]        tcp_sendmsg+0x2f/0x50
[   30.941081]        inet_sendmsg+0x19f/0x690
[   30.945386]        sock_sendmsg+0xd5/0x120
[   30.949616]        sock_write_iter+0x35a/0x5a0
[   30.954188]        __vfs_write+0x64d/0x960
[   30.958418]        vfs_write+0x1f8/0x560
[   30.962468]        ksys_write+0xf9/0x250
[   30.966517]        __x64_sys_write+0x73/0xb0
[   30.970913]        do_syscall_64+0x1b1/0x800
[   30.975304]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   30.980996] 
[   30.980996] -> #0 (sk_lock-AF_INET){+.+.}:
[   30.986713]        lock_acquire+0x1dc/0x520
[   30.991036]        lock_sock_nested+0xd0/0x120
[   30.995613]        tcp_mmap+0x1c7/0x14f0
[   30.999668]        sock_mmap+0x8e/0xc0
[   31.003540]        mmap_region+0xd13/0x1820
[   31.007856]        do_mmap+0xc79/0x11d0
[   31.011825]        vm_mmap_pgoff+0x1fb/0x2a0
[   31.016227]        ksys_mmap_pgoff+0x4c9/0x640
[   31.020808]        __x64_sys_mmap+0xe9/0x1b0
[   31.025210]        do_syscall_64+0x1b1/0x800
[   31.029610]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   31.035307] 
[   31.035307] other info that might help us debug this:
[   31.035307] 
[   31.043452]  Possible unsafe locking scenario:
[   31.043452] 
[   31.049500]        CPU0                    CPU1
[   31.054163]        ----                    ----
[   31.058905]   lock(&mm->mmap_sem);
[   31.062436]                                lock(sk_lock-AF_INET);
[   31.068657]                                lock(&mm->mmap_sem);
[   31.074697]   lock(sk_lock-AF_INET);
[   31.078403] 
[   31.078403]  *** DEADLOCK ***
[   31.078403] 
[   31.084456] 1 lock held by syz-executor037/4509:
[   31.089188]  #0:         (ptrval) (&mm->mmap_sem){++++}, at: vm_mmap_pgoff+0x1a1/0x2a0
[   31.097248] 
[   31.097248] stack backtrace:
[   31.101749] CPU: 1 PID: 4509 Comm: syz-executor037 Not tainted 4.17.0-rc2+ #25
[   31.109105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.118473] Call Trace:
[   31.121081]  dump_stack+0x1b9/0x294
[   31.124713]  ? dump_stack_print_info.cold.2+0x52/0x52
[   31.129913]  ? print_lock+0xd1/0xd6
[   31.133536]  ? vprintk_func+0x81/0xe7
[   31.137345]  print_circular_bug.isra.36.cold.54+0x1bd/0x27d
[   31.143056]  ? save_trace+0xe0/0x290
[   31.146766]  __lock_acquire+0x343e/0x5140
[   31.150909]  ? debug_check_no_locks_freed+0x310/0x310
[   31.156106]  ? find_held_lock+0x36/0x1c0
[   31.160170]  ? kasan_check_read+0x11/0x20
[   31.164326]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   31.169519]  ? graph_lock+0x170/0x170
[   31.173308]  ? kernel_text_address+0x79/0xf0
[   31.177704]  ? __unwind_start+0x166/0x330
[   31.181879]  ? __save_stack_trace+0x7e/0xd0
[   31.186216]  lock_acquire+0x1dc/0x520
[   31.190015]  ? tcp_mmap+0x1c7/0x14f0
[   31.193727]  ? lock_release+0xa10/0xa10
[   31.197716]  ? kasan_check_read+0x11/0x20
[   31.201869]  ? do_raw_spin_unlock+0x9e/0x2e0
[   31.206303]  ? do_raw_spin_trylock+0x1b0/0x1b0
[   31.212726]  ? kasan_check_write+0x14/0x20
[   31.216970]  ? do_raw_spin_lock+0xc1/0x200
[   31.221213]  lock_sock_nested+0xd0/0x120
[   31.225272]  ? tcp_mmap+0x1c7/0x14f0
[   31.228986]  tcp_mmap+0x1c7/0x14f0
[   31.232533]  ? __lock_is_held+0xb5/0x140
[   31.236590]  ? tcp_splice_read+0xfc0/0xfc0
[   31.240911]  ? rcu_read_lock_sched_held+0x108/0x120
[   31.245928]  ? kmem_cache_alloc+0x5fa/0x760
[   31.250245]  sock_mmap+0x8e/0xc0
[   31.253599]  mmap_region+0xd13/0x1820
[   31.257388]  ? __x64_sys_brk+0x790/0x790
[   31.261446]  ? arch_get_unmapped_area+0x750/0x750
[   31.266284]  ? lock_acquire+0x1dc/0x520
[   31.270245]  ? vm_mmap_pgoff+0x1a1/0x2a0
[   31.274299]  ? cap_mmap_addr+0x52/0x130
[   31.278282]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   31.283809]  ? security_mmap_addr+0x80/0xa0
[   31.288129]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   31.293660]  ? get_unmapped_area+0x292/0x3b0
[   31.298071]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   31.303606]  do_mmap+0xc79/0x11d0
[   31.307053]  ? mmap_region+0x1820/0x1820
[   31.311114]  ? vm_mmap_pgoff+0x1a1/0x2a0
[   31.315183]  ? down_read_killable+0x1f0/0x1f0
[   31.319680]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   31.325233]  ? security_mmap_file+0x166/0x1b0
[   31.329723]  vm_mmap_pgoff+0x1fb/0x2a0
[   31.333616]  ? vma_is_stack_for_current+0xd0/0xd0
[   31.338451]  ? sock_release+0x1b0/0x1b0
[   31.342413]  ? get_unused_fd_flags+0x121/0x190
[   31.346994]  ? __alloc_fd+0x700/0x700
[   31.350790]  ksys_mmap_pgoff+0x4c9/0x640
[   31.354840]  ? find_mergeable_anon_vma+0xd0/0xd0
[   31.359678]  ? move_addr_to_kernel+0x70/0x70
[   31.364086]  ? __ia32_sys_fallocate+0xf0/0xf0
[   31.368597]  __x64_sys_mmap+0xe9/0x1b0
[   31.372477]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   31.377485]  do_syscall_64+0x1b1/0x800
[   31.381381]  ? syscall_return_slowpath+0x5c0/0x5c0
[   31.386300]  ? syscall_return_slowpath+0x30f/0x5c0
[   31.391223]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[   31.396579]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   31.401414]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   31.406596] RIP: 0033:0x43fcb9
[   31.409776] RSP: 002b:00007fffdda24408 EFLAGS: 00000216 ORIG_RAX: 0000000000000009
[   31.417481] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fcb9
[   31.424748] RDX: 0000080000000000 RSI: 0000000000f50000 RDI: 0000000020000000
[   31.432009] RBP: 00000000006ca018 R08: 0000000000000003 R09: 0000000000000000
[   31.439276] R10: 0000000000004011 R11: 0000000000000216 R12: 00000000004015e0
[   31.446535] R13: 0000000000401670 R14: 0000000000000000 R15: 000