[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 19.792122] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 21.298799] random: sshd: uninitialized urandom read (32 bytes read) [ 21.895319] random: sshd: uninitialized urandom read (32 bytes read) [ 22.743253] random: sshd: uninitialized urandom read (32 bytes read) [ 22.903014] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.12' (ECDSA) to the list of known hosts. [ 28.322202] random: sshd: uninitialized urandom read (32 bytes read) [ 28.415787] [ 28.417466] ====================================================== [ 28.423758] WARNING: possible circular locking dependency detected [ 28.430210] 4.17.0-rc2+ #20 Not tainted [ 28.434156] ------------------------------------------------------ [ 28.440452] syz-executor244/4536 is trying to acquire lock: [ 28.446135] (ptrval) (&mm->mmap_sem){++++}, at: __might_fault+0xfb/0x1e0 [ 28.453658] [ 28.453658] but task is already holding lock: [ 28.459609] (ptrval) (sk_lock-AF_INET6){+.+.}, at: sock_setsockopt+0x19c/0x1fe0 [ 28.467738] [ 28.467738] which lock already depends on the new lock. [ 28.467738] [ 28.476029] [ 28.476029] the existing dependency chain (in reverse order) is: [ 28.483627] [ 28.483627] -> #1 (sk_lock-AF_INET6){+.+.}: [ 28.489426] lock_sock_nested+0xd0/0x120 [ 28.493987] tcp_mmap+0x1c7/0x14f0 [ 28.498035] sock_mmap+0x8e/0xc0 [ 28.501901] mmap_region+0xd13/0x1820 [ 28.506199] do_mmap+0xc79/0x11d0 [ 28.510148] vm_mmap_pgoff+0x1fb/0x2a0 [ 28.514528] ksys_mmap_pgoff+0x4c9/0x640 [ 28.519085] __x64_sys_mmap+0xe9/0x1b0 [ 28.523467] do_syscall_64+0x1b1/0x800 [ 28.527856] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 28.533539] [ 28.533539] -> #0 (&mm->mmap_sem){++++}: [ 28.539063] lock_acquire+0x1dc/0x520 [ 28.543709] __might_fault+0x155/0x1e0 [ 28.548103] _copy_from_user+0x30/0x150 [ 28.552574] sock_setsockopt+0xec0/0x1fe0 [ 28.557220] __sys_setsockopt+0x2df/0x390 [ 28.561860] __x64_sys_setsockopt+0xbe/0x150 [ 28.566776] do_syscall_64+0x1b1/0x800 [ 28.571165] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 28.576849] [ 28.576849] other info that might help us debug this: [ 28.576849] [ 28.584969] Possible unsafe locking scenario: [ 28.584969] [ 28.591002] CPU0 CPU1 [ 28.595644] ---- ---- [ 28.600286] lock(sk_lock-AF_INET6); [ 28.604062] lock(&mm->mmap_sem); [ 28.610097] lock(sk_lock-AF_INET6); [ 28.616388] lock(&mm->mmap_sem); [ 28.619900] [ 28.619900] *** DEADLOCK *** [ 28.619900] [ 28.625933] 1 lock held by syz-executor244/4536: [ 28.630658] #0: (ptrval) (sk_lock-AF_INET6){+.+.}, at: sock_setsockopt+0x19c/0x1fe0 [ 28.639226] [ 28.639226] stack backtrace: [ 28.643700] CPU: 0 PID: 4536 Comm: syz-executor244 Not tainted 4.17.0-rc2+ #20 [ 28.651033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.660359] Call Trace: [ 28.662927] dump_stack+0x1b9/0x294 [ 28.666528] ? dump_stack_print_info.cold.2+0x52/0x52 [ 28.671693] ? print_lock+0xd1/0xd6 [ 28.675297] ? vprintk_func+0x81/0xe7 [ 28.679073] print_circular_bug.isra.36.cold.54+0x1bd/0x27d [ 28.684754] ? save_trace+0xe0/0x290 [ 28.688442] __lock_acquire+0x343e/0x5140 [ 28.692567] ? debug_check_no_locks_freed+0x310/0x310 [ 28.697732] ? debug_check_no_locks_freed+0x310/0x310 [ 28.702896] ? debug_check_no_locks_freed+0x310/0x310 [ 28.708063] ? pudp_huge_clear_flush+0x230/0x230 [ 28.712808] ? kasan_check_read+0x11/0x20 [ 28.716933] ? do_raw_spin_unlock+0x9e/0x2e0 [ 28.721333] ? kasan_check_write+0x14/0x20 [ 28.725603] ? do_raw_spin_lock+0xc1/0x200 [ 28.729824] ? _raw_spin_unlock+0x22/0x30 [ 28.733951] ? do_huge_pmd_anonymous_page+0x48d/0x1cc0 [ 28.739206] ? __thp_get_unmapped_area+0x180/0x180 [ 28.744111] ? graph_lock+0x170/0x170 [ 28.747886] ? graph_lock+0x170/0x170 [ 28.751659] ? graph_lock+0x170/0x170 [ 28.755436] ? debug_check_no_locks_freed+0x310/0x310 [ 28.760602] ? alloc_file+0x24/0x3e0 [ 28.764309] ? sock_alloc_file+0x1f3/0x4e0 [ 28.768521] ? __sys_socket+0x16f/0x250 [ 28.772473] ? do_syscall_64+0x1b1/0x800 [ 28.776531] lock_acquire+0x1dc/0x520 [ 28.780320] ? __might_fault+0xfb/0x1e0 [ 28.784275] ? lock_acquire+0x1dc/0x520 [ 28.788228] ? lock_release+0xa10/0xa10 [ 28.792179] ? check_same_owner+0x320/0x320 [ 28.796485] ? mark_held_locks+0xc9/0x160 [ 28.800615] ? __might_sleep+0x95/0x190 [ 28.804567] __might_fault+0x155/0x1e0 [ 28.808436] ? __might_fault+0xfb/0x1e0 [ 28.812399] _copy_from_user+0x30/0x150 [ 28.816352] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 28.821519] sock_setsockopt+0xec0/0x1fe0 [ 28.825643] ? sock_enable_timestamp+0xe0/0xe0 [ 28.830222] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 28.835745] ? __fget_light+0x2ef/0x430 [ 28.839695] ? fget_raw+0x20/0x20 [ 28.843125] ? lock_downgrade+0x8e0/0x8e0 [ 28.847248] ? handle_mm_fault+0x8c0/0xc70 [ 28.851462] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 28.856990] ? handle_mm_fault+0x55a/0xc70 [ 28.861219] ? security_socket_setsockopt+0x94/0xc0 [ 28.866295] __sys_setsockopt+0x2df/0x390 [ 28.870437] ? kernel_accept+0x310/0x310 [ 28.874491] ? mm_fault_error+0x380/0x380 [ 28.878621] ? __ia32_sys_fallocate+0xf0/0xf0 [ 28.883097] __x64_sys_setsockopt+0xbe/0x150 [ 28.887492] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 28.892494] do_syscall_64+0x1b1/0x800 [ 28.896365] ? syscall_return_slowpath+0x5c0/0x5c0 [ 28.901276] ? syscall_return_slowpath+0x30f/0x5c0 [ 28.906192] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 28.911707] ? retint_user+0x18/0x18 [ 28.915398] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 28.920216] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 28.925383] RIP: 0033:0x43fd09 [ 28.928553] RSP: 002b:00007fff6d132958 EFLAGS: 00000217 ORIG_RAX: 0000000000000036 [ 28.936243] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fd09 [ 28.943487] RDX: 000000000000000d RSI: 0000000000000001 RDI: 0000000000000004 [ 28.950733] RBP: 00000000006ca018 R08: 0000000000000008 R09: 00000000004002c8 [ 28.957984] R10: 0000000020000940 R11: 0000000000000217 R12: 0000000000401630 [ 28.965229] R13: 00000000004016