[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 19.727700] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 22.874889] random: sshd: uninitialized urandom read (32 bytes read) [ 23.175014] random: sshd: uninitialized urandom read (32 bytes read) [ 23.864849] random: sshd: uninitialized urandom read (32 bytes read) [ 36.034145] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.56' (ECDSA) to the list of known hosts. [ 41.499363] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 41.592637] [ 41.594295] ====================================================== [ 41.600588] WARNING: possible circular locking dependency detected [ 41.606882] 4.17.0-rc2+ #23 Not tainted [ 41.610831] ------------------------------------------------------ [ 41.617123] syz-executor220/4529 is trying to acquire lock: [ 41.622807] (ptrval) (sk_lock-AF_INET){+.+.}, at: tcp_mmap+0x1c7/0x14f0 [ 41.630255] [ 41.630255] but task is already holding lock: [ 41.636209] (ptrval) (&mm->mmap_sem){++++}, at: vm_mmap_pgoff+0x1a1/0x2a0 [ 41.644100] [ 41.644100] which lock already depends on the new lock. [ 41.644100] [ 41.652390] [ 41.652390] the existing dependency chain (in reverse order) is: [ 41.660010] [ 41.660010] -> #1 (&mm->mmap_sem){++++}: [ 41.665538] __might_fault+0x155/0x1e0 [ 41.669927] _copy_from_iter_full+0x2fd/0xd10 [ 41.674921] tcp_sendmsg_locked+0x2f98/0x3e10 [ 41.679910] tcp_sendmsg+0x2f/0x50 [ 41.683948] inet_sendmsg+0x19f/0x690 [ 41.688257] sock_sendmsg+0xd5/0x120 [ 41.692468] sock_write_iter+0x35a/0x5a0 [ 41.697024] __vfs_write+0x64d/0x960 [ 41.701234] vfs_write+0x1f8/0x560 [ 41.705269] ksys_write+0xf9/0x250 [ 41.709924] __x64_sys_write+0x73/0xb0 [ 41.714405] do_syscall_64+0x1b1/0x800 [ 41.718793] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.724479] [ 41.724479] -> #0 (sk_lock-AF_INET){+.+.}: [ 41.730179] lock_acquire+0x1dc/0x520 [ 41.734478] lock_sock_nested+0xd0/0x120 [ 41.739039] tcp_mmap+0x1c7/0x14f0 [ 41.743090] sock_mmap+0x8e/0xc0 [ 41.746955] mmap_region+0xd13/0x1820 [ 41.751250] do_mmap+0xc79/0x11d0 [ 41.755198] vm_mmap_pgoff+0x1fb/0x2a0 [ 41.759583] ksys_mmap_pgoff+0x4c9/0x640 [ 41.764145] __x64_sys_mmap+0xe9/0x1b0 [ 41.768530] do_syscall_64+0x1b1/0x800 [ 41.772913] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.778593] [ 41.778593] other info that might help us debug this: [ 41.778593] [ 41.786722] Possible unsafe locking scenario: [ 41.786722] [ 41.792752] CPU0 CPU1 [ 41.797392] ---- ---- [ 41.802032] lock(&mm->mmap_sem); [ 41.805546] lock(sk_lock-AF_INET); [ 41.811751] lock(&mm->mmap_sem); [ 41.817783] lock(sk_lock-AF_INET); [ 41.821473] [ 41.821473] *** DEADLOCK *** [ 41.821473] [ 41.827509] 1 lock held by syz-executor220/4529: [ 41.832235] #0: (ptrval) (&mm->mmap_sem){++++}, at: vm_mmap_pgoff+0x1a1/0x2a0 [ 41.840288] [ 41.840288] stack backtrace: [ 41.844764] CPU: 0 PID: 4529 Comm: syz-executor220 Not tainted 4.17.0-rc2+ #23 [ 41.852105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.861434] Call Trace: [ 41.864001] dump_stack+0x1b9/0x294 [ 41.867604] ? dump_stack_print_info.cold.2+0x52/0x52 [ 41.872780] ? print_lock+0xd1/0xd6 [ 41.876385] ? vprintk_func+0x81/0xe7 [ 41.880163] print_circular_bug.isra.36.cold.54+0x1bd/0x27d [ 41.885847] ? save_trace+0xe0/0x290 [ 41.889537] __lock_acquire+0x343e/0x5140 [ 41.893664] ? debug_check_no_locks_freed+0x310/0x310 [ 41.898829] ? find_held_lock+0x36/0x1c0 [ 41.902873] ? kasan_check_read+0x11/0x20 [ 41.907000] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 41.912175] ? graph_lock+0x170/0x170 [ 41.915953] ? kernel_text_address+0x79/0xf0 [ 41.920341] ? __unwind_start+0x166/0x330 [ 41.924477] ? __save_stack_trace+0x7e/0xd0 [ 41.928776] lock_acquire+0x1dc/0x520 [ 41.932564] ? tcp_mmap+0x1c7/0x14f0 [ 41.936263] ? lock_release+0xa10/0xa10 [ 41.940213] ? kasan_check_read+0x11/0x20 [ 41.944338] ? do_raw_spin_unlock+0x9e/0x2e0 [ 41.948726] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 41.953284] ? kasan_check_write+0x14/0x20 [ 41.957495] ? do_raw_spin_lock+0xc1/0x200 [ 41.961708] lock_sock_nested+0xd0/0x120 [ 41.965745] ? tcp_mmap+0x1c7/0x14f0 [ 41.969434] tcp_mmap+0x1c7/0x14f0 [ 41.972958] ? __lock_is_held+0xb5/0x140 [ 41.976995] ? tcp_splice_read+0xfc0/0xfc0 [ 41.981208] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.986199] ? kmem_cache_alloc+0x5fa/0x760 [ 41.990511] sock_mmap+0x8e/0xc0 [ 41.993863] mmap_region+0xd13/0x1820 [ 41.997638] ? __x64_sys_brk+0x790/0x790 [ 42.001685] ? arch_get_unmapped_area+0x750/0x750 [ 42.006502] ? lock_acquire+0x1dc/0x520 [ 42.010448] ? vm_mmap_pgoff+0x1a1/0x2a0 [ 42.014486] ? cap_mmap_addr+0x52/0x130 [ 42.018445] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.023958] ? security_mmap_addr+0x80/0xa0 [ 42.028257] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 42.033776] ? get_unmapped_area+0x292/0x3b0 [ 42.038163] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 42.043675] do_mmap+0xc79/0x11d0 [ 42.047105] ? mmap_region+0x1820/0x1820 [ 42.051141] ? vm_mmap_pgoff+0x1a1/0x2a0 [ 42.055195] ? down_read_killable+0x1f0/0x1f0 [ 42.059695] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.065241] ? security_mmap_file+0x166/0x1b0 [ 42.069718] vm_mmap_pgoff+0x1fb/0x2a0 [ 42.073590] ? vma_is_stack_for_current+0xd0/0xd0 [ 42.078435] ? sock_release+0x1b0/0x1b0 [ 42.082408] ? get_unused_fd_flags+0x121/0x190 [ 42.086975] ? __alloc_fd+0x700/0x700 [ 42.090757] ksys_mmap_pgoff+0x4c9/0x640 [ 42.094801] ? find_mergeable_anon_vma+0xd0/0xd0 [ 42.099533] ? move_addr_to_kernel+0x70/0x70 [ 42.103918] ? __ia32_sys_fallocate+0xf0/0xf0 [ 42.108393] __x64_sys_mmap+0xe9/0x1b0 [ 42.112261] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 42.117256] do_syscall_64+0x1b1/0x800 [ 42.121124] ? syscall_return_slowpath+0x5c0/0x5c0 [ 42.126031] ? syscall_return_slowpath+0x30f/0x5c0 [ 42.130947] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 42.136288] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 42.141107] entry_SYSCALL_64_after_hwframe+0