[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 19.986224] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 23.473839] random: sshd: uninitialized urandom read (32 bytes read) [ 23.714410] random: sshd: uninitialized urandom read (32 bytes read) [ 24.479152] random: sshd: uninitialized urandom read (32 bytes read) [ 24.639508] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.24' (ECDSA) to the list of known hosts. [ 30.116398] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 30.220677] [ 30.222370] ====================================================== [ 30.228663] WARNING: possible circular locking dependency detected [ 30.234966] 4.17.0-rc6+ #25 Not tainted [ 30.238926] ------------------------------------------------------ [ 30.245221] syz-executor800/4527 is trying to acquire lock: [ 30.250904] (ptrval) (&htab->buckets[i].lock){+...}, at: bpf_tcp_close+0x822/0x10b0 [ 30.259393] [ 30.259393] but task is already holding lock: [ 30.265342] (ptrval) (clock-AF_INET6){++..}, at: bpf_tcp_close+0x241/0x10b0 [ 30.273124] [ 30.273124] which lock already depends on the new lock. [ 30.273124] [ 30.281421] [ 30.281421] the existing dependency chain (in reverse order) is: [ 30.289030] [ 30.289030] -> #1 (clock-AF_INET6){++..}: [ 30.294681] _raw_write_lock_bh+0x31/0x40 [ 30.299342] sock_hash_delete_elem+0x7c6/0xaf0 [ 30.304427] map_delete_elem+0x32e/0x4e0 [ 30.308987] __x64_sys_bpf+0x342/0x510 [ 30.313391] do_syscall_64+0x1b1/0x800 [ 30.317778] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 30.323471] [ 30.323471] -> #0 (&htab->buckets[i].lock){+...}: [ 30.329791] lock_acquire+0x1dc/0x520 [ 30.334106] _raw_spin_lock_bh+0x31/0x40 [ 30.338696] bpf_tcp_close+0x822/0x10b0 [ 30.343189] inet_release+0x104/0x1f0 [ 30.347580] inet6_release+0x50/0x70 [ 30.351792] sock_release+0x96/0x1b0 [ 30.356014] sock_close+0x16/0x20 [ 30.359975] __fput+0x34d/0x890 [ 30.363752] ____fput+0x15/0x20 [ 30.367530] task_work_run+0x1e4/0x290 [ 30.371912] do_exit+0x1aee/0x2730 [ 30.375954] do_group_exit+0x16f/0x430 [ 30.380340] get_signal+0x886/0x1960 [ 30.384553] do_signal+0x98/0x2040 [ 30.388600] exit_to_usermode_loop+0x28a/0x310 [ 30.393696] do_syscall_64+0x6ac/0x800 [ 30.398089] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 30.403772] [ 30.403772] other info that might help us debug this: [ 30.403772] [ 30.411889] Possible unsafe locking scenario: [ 30.411889] [ 30.417921] CPU0 CPU1 [ 30.422560] ---- ---- [ 30.427200] lock(clock-AF_INET6); [ 30.430805] lock(&htab->buckets[i].lock); [ 30.437642] lock(clock-AF_INET6); [ 30.443775] lock(&htab->buckets[i].lock); [ 30.448077] [ 30.448077] *** DEADLOCK *** [ 30.448077] [ 30.454116] 2 locks held by syz-executor800/4527: [ 30.458930] #0: (ptrval) (rcu_read_lock){....}, at: bpf_tcp_close+0x0/0x10b0 [ 30.466895] #1: (ptrval) (clock-AF_INET6){++..}, at: bpf_tcp_close+0x241/0x10b0 [ 30.475113] [ 30.475113] stack backtrace: [ 30.479595] CPU: 0 PID: 4527 Comm: syz-executor800 Not tainted 4.17.0-rc6+ #25 [ 30.486932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.496265] Call Trace: [ 30.498843] dump_stack+0x1b9/0x294 [ 30.503407] ? dump_stack_print_info.cold.2+0x52/0x52 [ 30.508579] ? print_lock+0xd1/0xd6 [ 30.512196] ? vprintk_func+0x81/0xe7 [ 30.515978] print_circular_bug.isra.36.cold.54+0x1bd/0x27d [ 30.521689] ? save_trace+0xe0/0x290 [ 30.525386] __lock_acquire+0x343e/0x5140 [ 30.529517] ? __lock_acquire+0x7f5/0x5140 [ 30.533734] ? debug_check_no_locks_freed+0x310/0x310 [ 30.538901] ? debug_check_no_locks_freed+0x310/0x310 [ 30.544084] ? lock_downgrade+0x8e0/0x8e0 [ 30.548213] ? __lock_acquire+0x7f5/0x5140 [ 30.552429] ? kasan_check_read+0x11/0x20 [ 30.556568] ? do_raw_spin_unlock+0x9e/0x2e0 [ 30.561176] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 30.565740] ? debug_check_no_locks_freed+0x310/0x310 [ 30.570911] ? depot_save_stack+0x26b/0x450 [ 30.575220] ? save_stack+0xa9/0xd0 [ 30.578826] ? save_stack+0x43/0xd0 [ 30.582438] ? __kasan_slab_free+0x11a/0x170 [ 30.586909] ? kasan_slab_free+0xe/0x10 [ 30.590863] ? kmem_cache_free+0x86/0x2d0 [ 30.594990] ? dentry_free+0xe9/0x170 [ 30.598771] ? __dentry_kill+0x51f/0x770 [ 30.602823] ? __fput+0x552/0x890 [ 30.606255] ? ____fput+0x15/0x20 [ 30.609689] ? task_work_run+0x1e4/0x290 [ 30.613750] ? do_exit+0x1aee/0x2730 [ 30.617545] ? do_group_exit+0x16f/0x430 [ 30.621593] ? get_signal+0x886/0x1960 [ 30.625470] ? do_signal+0x98/0x2040 [ 30.629170] lock_acquire+0x1dc/0x520 [ 30.632959] ? bpf_tcp_close+0x822/0x10b0 [ 30.637091] ? sock_hash_free+0x700/0x700 [ 30.641225] ? lock_release+0xa10/0xa10 [ 30.645625] ? kasan_check_write+0x14/0x20 [ 30.649850] _raw_spin_lock_bh+0x31/0x40 [ 30.653905] ? bpf_tcp_close+0x822/0x10b0 [ 30.658040] bpf_tcp_close+0x822/0x10b0 [ 30.662004] ? tcp_check_oom+0x520/0x520 [ 30.666136] ? lock_downgrade+0x8e0/0x8e0 [ 30.670264] ? sock_hash_free+0x700/0x700 [ 30.674394] ? kasan_check_read+0x11/0x20 [ 30.678521] ? rcu_is_watching+0x85/0x140 [ 30.682661] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 30.687852] ? kasan_check_read+0x11/0x20 [ 30.692004] ? rcu_is_watching+0x85/0x140 [ 30.696142] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 30.701658] ? ipv6_sock_ac_close+0x34e/0x480 [ 30.706134] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 30.711656] ? ipv6_sock_mc_close+0x161/0x1c0 [ 30.716131] ? ip_mc_drop_socket+0x20f/0x270 [ 30.720523] inet_release+0x104/0x1f0 [ 30.724317] inet6_release+0x50/0x70 [ 30.728011] sock_release+0x96/0x1b0 [ 30.731709] ? sock_alloc_file+0x4e0/0x4e0 [ 30.735924] sock_close+0x16/0x20 [ 30.739354] __fput+0x34d/0x890 [ 30.742617] ? fput+0x1a0/0x1a0 [ 30.745876] ? check_same_owner+0x320/0x320 [ 30.750178] ? _raw_spin_unlock_irq+0x27/0x70 [ 30.754658] ____fput+0x15/0x20 [ 30.757925] task_work_run+0x1e4/0x290 [ 30.761801] ? task_work_cancel+0x240/0x240 [ 30.766109] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 30.771630] ? switch_task_namespaces+0xa2/0xd0 [ 30.776283] do_exit+0x1aee/0x2730 [ 30.779806] ? plist_add+0x770/0x770 [ 30.783517] ? mm_update_next_owner+0x980/0x980 [ 30.788171] ? print_usage_bug+0xc0/0xc0 [ 30.792212] ? graph_lock+0x170/0x170 [ 30.795997] ? do_raw_spin_unlock+0x9e/0x2e0 [ 30.800393] ? rcu_note_context_switch+0x710/0x710 [ 30.805306] ? lock_acquire+0x1dc/0x520 [ 30.809260] ? __might_sleep+0x95/0x190 [ 30.813211] ? __lock_acquire+0x7f5/0x5140 [ 30.817426] ? debug_check_no_locks_freed+0x310/0x310 [ 30.822606] ? do_raw_spin_unlock+0x9e/0x2e0 [ 30.827019] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 30.831589] ? kasan_check_write+0x14/0x20 [ 30.835809] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 30.840985] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 30.846519] ? drop_futex_key_refs.isra.13+0x6d/0xe0 [ 30.851610] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 30.857126] ? futex_wait+0x5c1/0x9f0 [ 30.860915] ? futex_wait_setup+0x400/0x400 [ 30.865219] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 30.870390] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 30.875906] ? drop_futex_key_refs.isra.13+0x6d/0xe0 [ 30.880986] ? futex_wake+0x2f6/0x750 [ 30.884768] ? graph_lock+0x170/0x170 [ 30.888573] ? memset+0x31/0x40 [ 30.891836] ? find_held_lock+0x36/0x1c0 [ 30.895893] ? lock_downgrade+0x8e0/0x8e0 [ 30.900033] do_group_exit+0x16f/0x430 [ 30.903905] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 30.908469] ? __ia32_sys_exit+0x50/0x50 [ 30.912519] ? _raw_spin_unlock_irq+0x27/0x70 [ 30.916998] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 30.922004] get_signal+0x886/0x1960 [ 30.925711] ? ptrace_notify+0x130/0x130 [ 30.929769] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 30.935317] ? expand_files.part.8+0x9a0/0x9a0 [ 30.939875] ? graph_lock+0x170/0x170 [ 30.943681] ? reverse_path_check_proc.cold.21+0x1f/0x1f [ 30.949118] ? get_unused_fd_flags+0x121/0x190 [ 30.953680] ? __alloc_fd+0x700/0x700 [ 30.957466] do_signal+0x98/0x2040 [ 30.960991] ? __fget_light+0x2ef/0x430 [ 30.964954] ? fget_raw+0x20/0x20 [ 30.968386] ? setup_sigcontext+0x7d0/0x7d0 [ 30.972686] ? lock_release+0xa10/0xa10 [ 30.976641] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 30.982158] ? cap_capable+0x1f9/0x260 [ 30.986037] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 30.991561] ? exit_to_usermode_loop+0x87/0x310 [ 30.996210] exit_to_usermode_loop+0x28a/0x310 [ 31.000774] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 31.005704] ? _raw_spin_unlock_irq+0x27/0x70 [ 31.010180] ? do_syscall_64+0x92/0x800 [ 31.014152] do_syscall_64+0x6ac/0x800 [ 31.018033] ? syscall_return_slowpath+0x5c0/0x5c0 [ 31.022947] ? syscall_return_slowpath+0x30f/0x5c0 [ 31.027858] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 31.033203] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 31.038036] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 31.043210] RIP: 0033:0x445709 [ 31.046379] RSP: 002b:00007f36c605ddb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 31.054074] RAX: fffffffffffffe00 RBX: 00000000006dac3c RCX: 0000000000445709 [ 31.061325] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000006dac3c [ 31.068661] RBP: 00000000006dac38 R08: 0000000000000000 R09: 000