Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 10.429293] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 14.689569] random: sshd: uninitialized urandom read (32 bytes read) [ 14.714609] random: crng init done Warning: Permanently added '10.128.10.19' (ECDSA) to the list of known hosts. executing program [ 21.439191] [ 21.440851] ====================================================== [ 21.447139] [ INFO: possible circular locking dependency detected ] [ 21.453515] 4.9.125+ #37 Not tainted [ 21.457199] ------------------------------------------------------- [ 21.463572] syz-executor633/2049 is trying to acquire lock: [ 21.469249] (&sb->s_type->i_mutex_key#11){++++++}, at: [] shmem_fallocate+0x13c/0xb10 [ 21.479324] but task is already holding lock: [ 21.483960] (ashmem_mutex){+.+.+.}, at: [] ashmem_shrink_scan+0x55/0x3a0 [ 21.492777] which lock already depends on the new lock. [ 21.492777] [ 21.499761] [ 21.499761] the existing dependency chain (in reverse order) is: [ 21.507351] -> #2 (ashmem_mutex){+.+.+.}: [ 21.512118] lock_acquire+0x130/0x3e0 [ 21.516416] mutex_lock_nested+0xc0/0x870 [ 21.521056] ashmem_mmap+0x53/0x3f0 [ 21.525178] mmap_region+0x80c/0xf90 [ 21.529386] do_mmap+0x53d/0xbb0 [ 21.533247] vm_mmap_pgoff+0x168/0x1b0 [ 21.537628] SyS_mmap_pgoff+0xfe/0x1b0 [ 21.542008] SyS_mmap+0x16/0x20 [ 21.545782] do_syscall_64+0x19f/0x480 [ 21.550167] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 21.555761] -> #1 (&mm->mmap_sem){++++++}: [ 21.560626] lock_acquire+0x130/0x3e0 [ 21.565033] __might_fault+0x14a/0x1d0 [ 21.569416] filldir+0x192/0x350 [ 21.573278] dcache_readdir+0x130/0x5a0 [ 21.577744] iterate_dir+0x1ac/0x600 [ 21.581953] SyS_getdents+0x146/0x2a0 [ 21.586247] do_syscall_64+0x19f/0x480 [ 21.590628] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 21.596220] -> #0 (&sb->s_type->i_mutex_key#11){++++++}: [ 21.602406] __lock_acquire+0x3189/0x4a10 [ 21.607050] lock_acquire+0x130/0x3e0 [ 21.611349] down_write+0x41/0xa0 [ 21.615297] shmem_fallocate+0x13c/0xb10 [ 21.619858] ashmem_shrink_scan+0x1bd/0x3a0 [ 21.624675] ashmem_ioctl+0x2c3/0xf00 [ 21.628975] do_vfs_ioctl+0x1ac/0x11a0 [ 21.633363] SyS_ioctl+0x8f/0xc0 [ 21.637221] do_syscall_64+0x19f/0x480 [ 21.641616] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 21.647211] [ 21.647211] other info that might help us debug this: [ 21.647211] [ 21.655332] Chain exists of: &sb->s_type->i_mutex_key#11 --> &mm->mmap_sem --> ashmem_mutex [ 21.665067] Possible unsafe locking scenario: [ 21.665067] [ 21.671093] CPU0 CPU1 [ 21.675731] ---- ---- [ 21.680373] lock(ashmem_mutex); [ 21.684053] lock(&mm->mmap_sem); [ 21.690325] lock(ashmem_mutex); [ 21.696511] lock(&sb->s_type->i_mutex_key#11); [ 21.701599] [ 21.701599] *** DEADLOCK *** [ 21.701599] [ 21.707629] 1 lock held by syz-executor633/2049: [ 21.712492] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_shrink_scan+0x55/0x3a0 [ 21.721885] [ 21.721885] stack backtrace: [ 21.726357] CPU: 0 PID: 2049 Comm: syz-executor633 Not tainted 4.9.125+ #37 [ 21.733431] ffff8801ceb9f638 ffffffff81af0ae9 ffffffff83aa14e0 ffffffff83abf930 [ 21.741432] ffffffff83aaa600 ffff8801cece5010 ffff8801cece4740 ffff8801ceb9f680 [ 21.749426] ffffffff813e70fd 0000000000000001 00000000cece4ff0 0000000000000001 [ 21.757495] Call Trace: [ 21.760064] [] dump_stack+0xc1/0x128 [ 21.765409] [] print_circular_bug.cold.36+0x2f7/0x432 [ 21.772231] [] __lock_acquire+0x3189/0x4a10 [ 21.778177] [] ? trace_hardirqs_on+0x10/0x10 [ 21.784211] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 21.791115] [] lock_acquire+0x130/0x3e0 [ 21.796716] [] ? shmem_fallocate+0x13c/0xb10 [ 21.802750] [] down_write+0x41/0xa0 [ 21.808167] [] ? shmem_fallocate+0x13c/0xb10 [ 21.814203] [] shmem_fallocate+0x13c/0xb10 [ 21.820211] [] ? avc_has_perm_noaudit+0x197/0x2f0 [ 21.826682] [] ? avc_has_perm_noaudit+0x90/0x2f0 [ 21.833170] [] ? shmem_setattr+0x790/0x790 [ 21.839049] [] ? trace_hardirqs_on+0x10/0x10 [ 21.845081] [] ? cred_has_capability+0x14e/0x2e0 [ 21.851567] [] ? selinux_cred_prepare+0xa0/0xa0 [ 21.857866] [] ? mark_held_locks+0xc7/0x130 [ 21.863815] [] ? mutex_trylock+0x258/0x3e0 [ 21.869689] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 21.876504] [] ? trace_hardirqs_on+0xd/0x10 [ 21.882451] [] ? ashmem_shrink_scan+0x55/0x3a0 [ 21.888656] [] ashmem_shrink_scan+0x1bd/0x3a0 [ 21.894776] [] ashmem_ioctl+0x2c3/0xf00 [ 21.900380] [] ? ashmem_shrink_scan+0x3a0/0x3a0 [ 21.906678] [] ? __this_cpu_preempt_check+0x1c/0x20 [ 21.913327] [] ? __might_sleep+0x95/0x1a0 [ 21.919110] [] ? ashmem_shrink_scan+0x3a0/0x3a0 [ 21.925410] [] do_vfs_ioctl+0x1ac/0x11a0 [ 21.931095] [] ? ioctl_preallocate+0x220/0x220 [ 21.937303] [] ? selinux_p