[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 15.999544] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.950605] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available) [ 21.272695] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 22.245106] random: sshd: uninitialized urandom read (32 bytes read, 118 bits of entropy available) [ 22.402172] random: sshd: uninitialized urandom read (32 bytes read, 121 bits of entropy available) Warning: Permanently added '10.128.15.194' (ECDSA) to the list of known hosts. [ 27.751691] random: nonblocking pool is initialized executing program [ 27.867510] [ 27.869153] ====================================================== [ 27.875449] [ INFO: possible circular locking dependency detected ] [ 27.881838] 4.4.112-gca0ebb4 #22 Not tainted [ 27.886217] ------------------------------------------------------- [ 27.892591] syzkaller648687/3312 is trying to acquire lock: [ 27.898268] (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [] shmem_file_llseek+0xf1/0x240 [ 27.908586] [ 27.908586] but task is already holding lock: [ 27.914525] (ashmem_mutex){+.+.+.}, at: [] ashmem_llseek+0x56/0x1f0 [ 27.923033] [ 27.923033] which lock already depends on the new lock. [ 27.923033] [ 27.931326] [ 27.931326] the existing dependency chain (in reverse order) is: [ 27.938919] -> #2 (ashmem_mutex){+.+.+.}: [ 27.943685] [] lock_acquire+0x15e/0x460 [ 27.949925] [] mutex_lock_nested+0xbb/0x850 [ 27.956513] [] ashmem_mmap+0x53/0x400 [ 27.962582] [] mmap_region+0x94f/0x1250 [ 27.968817] [] do_mmap+0x4fd/0x9d0 [ 27.974627] [] vm_mmap_pgoff+0x16e/0x1c0 [ 27.980953] [] SyS_mmap_pgoff+0x33f/0x560 [ 27.987364] [] do_fast_syscall_32+0x314/0x890 [ 27.994124] [] sysenter_flags_fixed+0xd/0x17 [ 28.000804] -> #1 (&mm->mmap_sem){++++++}: [ 28.005667] [] lock_acquire+0x15e/0x460 [ 28.011903] [] __might_fault+0x14a/0x1d0 [ 28.018225] [] filldir+0x162/0x2d0 [ 28.024023] [] dcache_readdir+0x11e/0x7b0 [ 28.030432] [] iterate_dir+0x1c8/0x420 [ 28.036587] [] SyS_getdents+0x14a/0x270 [ 28.042826] [] entry_SYSCALL_64_fastpath+0x16/0x92 [ 28.050025] -> #0 (&sb->s_type->i_mutex_key#10){+.+.+.}: [ 28.056214] [] __lock_acquire+0x371f/0x4b50 [ 28.062799] [] lock_acquire+0x15e/0x460 [ 28.069031] [] mutex_lock_nested+0xbb/0x850 [ 28.075790] [] shmem_file_llseek+0xf1/0x240 [ 28.082375] [] vfs_llseek+0xa2/0xd0 [ 28.088271] [] ashmem_llseek+0xe7/0x1f0 [ 28.094514] [] compat_SyS_lseek+0xeb/0x170 [ 28.101015] [] do_fast_syscall_32+0x314/0x890 [ 28.107774] [] sysenter_flags_fixed+0xd/0x17 [ 28.114444] [ 28.114444] other info that might help us debug this: [ 28.114444] [ 28.122555] Chain exists of: &sb->s_type->i_mutex_key#10 --> &mm->mmap_sem --> ashmem_mutex [ 28.132306] Possible unsafe locking scenario: [ 28.132306] [ 28.138338] CPU0 CPU1 [ 28.142979] ---- ---- [ 28.147618] lock(ashmem_mutex); [ 28.151277] lock(&mm->mmap_sem); [ 28.157540] lock(ashmem_mutex); [ 28.163719] lock(&sb->s_type->i_mutex_key#10); [ 28.168797] [ 28.168797] *** DEADLOCK *** [ 28.168797] [ 28.174830] 1 lock held by syzkaller648687/3312: [ 28.179552] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_llseek+0x56/0x1f0 [ 28.188627] [ 28.188627] stack backtrace: [ 28.193096] CPU: 0 PID: 3312 Comm: syzkaller648687 Not tainted 4.4.112-gca0ebb4 #22 [ 28.200874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.210198] 0000000000000000 f3ee03b3c730444f ffff8801d1f4fa58 ffffffff81d056fd [ 28.218184] ffffffff8519e520 ffffffff851a8060 ffffffff851bc970 ffff8800b55de798 [ 28.226165] ffff8800b55ddf00 ffff8801d1f4faa0 ffffffff81232b91 ffff8800b55de798 [ 28.234145] Call Trace: [ 28.236707] [] dump_stack+0xc1/0x124 [ 28.242044] [] print_circular_bug+0x271/0x310 [ 28.248160] [] __lock_acquire+0x371f/0x4b50 [ 28.254101] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 28.261086] [] ? __lock_is_held+0xa1/0xf0 [ 28.266853] [] lock_acquire+0x15e/0x460 [ 28.272450] [] ? shmem_file_llseek+0xf1/0x240 [ 28.278569] [] ? shmem_file_llseek+0xf1/0x240 [ 28.284685] [] mutex_lock_nested+0xbb/0x850 [ 28.290627] [] ? shmem_file_llseek+0xf1/0x240 [ 28.296744] [] ? mutex_lock_nested+0x5d4/0x850 [ 28.302950] [] ? __ww_mutex_lock+0x14f0/0x14f0 [ 28.309153] [] ? mutex_lock_nested+0x560/0x850 [ 28.315357] [] ? ashmem_llseek+0x56/0x1f0 [ 28.321124] [] shmem_file_llseek+0xf1/0x240 [ 28.327066] [] ? shmem_mmap+0x90/0x90 [ 28.332487] [] vfs_llseek+0xa2/0xd0 [ 28.337738] [] ashmem_llseek+0xe7/0x1f0 [ 28.343334] [] ? ashmem_read+0x200/0x200 [ 28.349018] [] compat_SyS_lseek+0xeb/0x170 [ 28.354875] [] ? SyS_lseek+0x170/0x170 [ 28.360385] [] do_fast_syscall_32+0x314/0x890 [ 28.366504] [] sy