[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   20.487908] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   24.975990] random: sshd: uninitialized urandom read (32 bytes read)
[   25.470957] random: sshd: uninitialized urandom read (32 bytes read)
[   26.186504] random: sshd: uninitialized urandom read (32 bytes read)
[   26.420784] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.0' (ECDSA) to the list of known hosts.
[   31.876938] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   31.969072] 
[   31.970738] ======================================================
[   31.977045] WARNING: possible circular locking dependency detected
[   31.983340] 4.17.0-rc2+ #22 Not tainted
[   31.987287] ------------------------------------------------------
[   31.993681] syz-executor762/4537 is trying to acquire lock:
[   31.999364]         (ptrval) (&mm->mmap_sem){++++}, at: __might_fault+0xfb/0x1e0
[   32.006904] 
[   32.006904] but task is already holding lock:
[   32.012866]         (ptrval) (sk_lock-AF_INET6){+.+.}, at: do_ipv6_setsockopt.isra.9+0x576/0x4680
[   32.021907] 
[   32.021907] which lock already depends on the new lock.
[   32.021907] 
[   32.030211] 
[   32.030211] the existing dependency chain (in reverse order) is:
[   32.037807] 
[   32.037807] -> #1 (sk_lock-AF_INET6){+.+.}:
[   32.043614]        lock_sock_nested+0xd0/0x120
[   32.048179]        tcp_mmap+0x1c7/0x14f0
[   32.052229]        sock_mmap+0x8e/0xc0
[   32.056097]        mmap_region+0xd13/0x1820
[   32.060394]        do_mmap+0xc79/0x11d0
[   32.064345]        vm_mmap_pgoff+0x1fb/0x2a0
[   32.068731]        ksys_mmap_pgoff+0x4c9/0x640
[   32.073299]        __x64_sys_mmap+0xe9/0x1b0
[   32.077687]        do_syscall_64+0x1b1/0x800
[   32.082078]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   32.087778] 
[   32.087778] -> #0 (&mm->mmap_sem){++++}:
[   32.093307]        lock_acquire+0x1dc/0x520
[   32.097620]        __might_fault+0x155/0x1e0
[   32.102013]        _copy_from_user+0x30/0x150
[   32.106493]        do_ipv6_setsockopt.isra.9+0x29ab/0x4680
[   32.112093]        ipv6_setsockopt+0xbd/0x170
[   32.116567]        tcp_setsockopt+0x93/0xe0
[   32.120876]        sock_common_setsockopt+0x9a/0xe0
[   32.125871]        __sys_setsockopt+0x1bd/0x390
[   32.130532]        __x64_sys_setsockopt+0xbe/0x150
[   32.135448]        do_syscall_64+0x1b1/0x800
[   32.139842]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   32.145524] 
[   32.145524] other info that might help us debug this:
[   32.145524] 
[   32.153650]  Possible unsafe locking scenario:
[   32.153650] 
[   32.159693]        CPU0                    CPU1
[   32.164347]        ----                    ----
[   32.168996]   lock(sk_lock-AF_INET6);
[   32.172784]                                lock(&mm->mmap_sem);
[   32.178826]                                lock(sk_lock-AF_INET6);
[   32.185129]   lock(&mm->mmap_sem);
[   32.188644] 
[   32.188644]  *** DEADLOCK ***
[   32.188644] 
[   32.194691] 2 locks held by syz-executor762/4537:
[   32.199519]  #0:         (ptrval) (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20
[   32.206797]  #1:         (ptrval) (sk_lock-AF_INET6){+.+.}, at: do_ipv6_setsockopt.isra.9+0x576/0x4680
[   32.216246] 
[   32.216246] stack backtrace:
[   32.220724] CPU: 1 PID: 4537 Comm: syz-executor762 Not tainted 4.17.0-rc2+ #22
[   32.228069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   32.237400] Call Trace:
[   32.239982]  dump_stack+0x1b9/0x294
[   32.243615]  ? dump_stack_print_info.cold.2+0x52/0x52
[   32.248798]  ? print_lock+0xd1/0xd6
[   32.252408]  ? vprintk_func+0x81/0xe7
[   32.256205]  print_circular_bug.isra.36.cold.54+0x1bd/0x27d
[   32.261987]  ? save_trace+0xe0/0x290
[   32.265709]  __lock_acquire+0x343e/0x5140
[   32.269843]  ? kasan_check_read+0x11/0x20
[   32.273971]  ? debug_check_no_locks_freed+0x310/0x310
[   32.279156]  ? debug_check_no_locks_freed+0x310/0x310
[   32.284353]  ? kasan_check_write+0x14/0x20
[   32.288572]  ? __mutex_lock+0x7d9/0x17f0
[   32.292612]  ? print_usage_bug+0xc0/0xc0
[   32.296653]  ? mutex_trylock+0x2a0/0x2a0
[   32.300710]  ? __lock_acquire+0x7f5/0x5140
[   32.304933]  ? lock_downgrade+0x8e0/0x8e0
[   32.309061]  ? mark_held_locks+0xc9/0x160
[   32.313190]  ? graph_lock+0x170/0x170
[   32.316974]  ? graph_lock+0x170/0x170
[   32.320756]  lock_acquire+0x1dc/0x520
[   32.324539]  ? __might_fault+0xfb/0x1e0
[   32.328578]  ? lock_acquire+0x1dc/0x520
[   32.332540]  ? lock_release+0xa10/0xa10
[   32.336497]  ? check_same_owner+0x320/0x320
[   32.340800]  ? mark_held_locks+0xc9/0x160
[   32.345030]  ? __might_sleep+0x95/0x190
[   32.348996]  __might_fault+0x155/0x1e0
[   32.352869]  ? __might_fault+0xfb/0x1e0
[   32.356836]  _copy_from_user+0x30/0x150
[   32.360791]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   32.365962]  do_ipv6_setsockopt.isra.9+0x29ab/0x4680
[   32.371534]  ? ipv6_update_options+0x390/0x390
[   32.376118]  ? lru_cache_add+0x22c/0x450
[   32.380168]  ? graph_lock+0x170/0x170
[   32.383958]  ? __mem_cgroup_threshold+0x720/0x720
[   32.388790]  ? mark_held_locks+0xc9/0x160
[   32.392933]  ? page_add_new_anon_rmap+0x3ff/0x850
[   32.397764]  ? find_held_lock+0x36/0x1c0
[   32.401816]  ? lock_downgrade+0x8e0/0x8e0
[   32.405959]  ? kasan_check_read+0x11/0x20
[   32.410088]  ? do_raw_spin_unlock+0x9e/0x2e0
[   32.414476]  ? do_raw_spin_trylock+0x1b0/0x1b0
[   32.419046]  ? pte_val+0xf0/0xf0
[   32.422403]  ? kasan_check_write+0x14/0x20
[   32.426619]  ? do_raw_spin_lock+0xc1/0x200
[   32.430837]  ? _raw_spin_unlock+0x22/0x30
[   32.434969]  ? __handle_mm_fault+0x93a/0x4310
[   32.439444]  ? vm_insert_mixed_mkwrite+0x40/0x40
[   32.444180]  ? graph_lock+0x170/0x170
[   32.447960]  ? graph_lock+0x170/0x170
[   32.451741]  ? find_held_lock+0x36/0x1c0
[   32.455793]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   32.461313]  ? __fget_light+0x2ef/0x430
[   32.465267]  ? fget_raw+0x20/0x20
[   32.468704]  ? lock_downgrade+0x8e0/0x8e0
[   32.472846]  ? handle_mm_fault+0x8c0/0xc70
[   32.477063]  ipv6_setsockopt+0xbd/0x170
[   32.481022]  ? ipv6_setsockopt+0xbd/0x170
[   32.485168]  tcp_setsockopt+0x93/0xe0
[   32.488949]  sock_common_setsockopt+0x9a/0xe0
[   32.493423]  __sys_setsockopt+0x1bd/0x390
[   32.497559]  ? kernel_accept+0x310/0x310
[   32.501601]  ? mm_fault_error+0x380/0x380
[   32.505743]  ? __ia32_sys_fallocate+0xf0/0xf0
[   32.510217]  __x64_sys_setsockopt+0xbe/0x150
[   32.514605]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   32.519612]  do_syscall_64+0x1b1/0x800
[   32.523479]  ? syscall_slow_exit_work+0x4f0/0x4f0
[   32.528307]  ? syscall_return_slowpath+0x5c0/0x5c0
[   32.533221]  ? syscall_return_slowpath+0x30f/0x5c0
[   32.538143]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   32.543660]  ? retint_user+0x18/0x18
[   32.547353]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   32.552187]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   32.557353] RIP: 0033:0x43fdc9
[   32.560519] RSP: 002b:00007ffdde7387f8 EFLAGS: 00000217 ORIG_RAX: 0000000000000036
[   32.568204] RAX: ffffffffffffffda RB