[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 13.076887] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 19.883411] random: sshd: uninitialized urandom read (32 bytes read) [ 20.340424] random: sshd: uninitialized urandom read (32 bytes read) [ 20.813288] random: sshd: uninitialized urandom read (32 bytes read) [ 20.961496] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.35' (ECDSA) to the list of known hosts. [ 26.506821] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 26.594890] [ 26.596548] ====================================================== [ 26.602904] WARNING: possible circular locking dependency detected [ 26.609196] 4.14.67+ #1 Not tainted [ 26.612807] ------------------------------------------------------ [ 26.619100] syz-executor947/1975 is trying to acquire lock: [ 26.624779] (&sb->s_type->i_mutex_key#11){++++}, at: [] shmem_fallocate+0x149/0xb20 [ 26.634209] [ 26.634209] but task is already holding lock: [ 26.640152] (ashmem_mutex){+.+.}, at: [] ashmem_shrink_scan+0x52/0x4e0 [ 26.648449] [ 26.648449] which lock already depends on the new lock. [ 26.648449] [ 26.656740] [ 26.656740] the existing dependency chain (in reverse order) is: [ 26.664331] [ 26.664331] -> #2 (ashmem_mutex){+.+.}: [ 26.669767] __mutex_lock+0xf5/0x1480 [ 26.674067] ashmem_mmap+0x4c/0x3b0 [ 26.678191] mmap_region+0x836/0xfb0 [ 26.682401] do_mmap+0x551/0xb80 [ 26.686333] vm_mmap_pgoff+0x180/0x1d0 [ 26.690720] SyS_mmap_pgoff+0xf8/0x1a0 [ 26.695103] do_syscall_64+0x19b/0x4b0 [ 26.699485] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 26.705162] [ 26.705162] -> #1 (&mm->mmap_sem){++++}: [ 26.710679] __might_fault+0x137/0x1b0 [ 26.715109] _copy_to_user+0x27/0xc0 [ 26.719329] filldir+0x192/0x340 [ 26.723195] dcache_readdir+0x12f/0x5d0 [ 26.727776] iterate_dir+0x19f/0x5e0 [ 26.731988] SyS_getdents+0x146/0x270 [ 26.736282] do_syscall_64+0x19b/0x4b0 [ 26.740775] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 26.746455] [ 26.746455] -> #0 (&sb->s_type->i_mutex_key#11){++++}: [ 26.753192] lock_acquire+0x10f/0x380 [ 26.757486] down_write+0x34/0x90 [ 26.761435] shmem_fallocate+0x149/0xb20 [ 26.765988] ashmem_shrink_scan+0x1b6/0x4e0 [ 26.770801] ashmem_ioctl+0x2cc/0xe20 [ 26.775181] do_vfs_ioctl+0x1a0/0x1030 [ 26.779641] SyS_ioctl+0x7e/0xb0 [ 26.783517] do_syscall_64+0x19b/0x4b0 [ 26.787898] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 26.793576] [ 26.793576] other info that might help us debug this: [ 26.793576] [ 26.801754] Chain exists of: [ 26.801754] &sb->s_type->i_mutex_key#11 --> &mm->mmap_sem --> ashmem_mutex [ 26.801754] [ 26.813271] Possible unsafe locking scenario: [ 26.813271] [ 26.819303] CPU0 CPU1 [ 26.823944] ---- ---- [ 26.828586] lock(ashmem_mutex); [ 26.832014] lock(&mm->mmap_sem); [ 26.838044] lock(ashmem_mutex); [ 26.843988] lock(&sb->s_type->i_mutex_key#11); [ 26.848715] [ 26.848715] *** DEADLOCK *** [ 26.848715] [ 26.854747] 1 lock held by syz-executor947/1975: [ 26.859470] #0: (ashmem_mutex){+.+.}, at: [] ashmem_shrink_scan+0x52/0x4e0 [ 26.868199] [ 26.868199] stack backtrace: [ 26.872885] CPU: 0 PID: 1975 Comm: syz-executor947 Not tainted 4.14.67+ #1 [ 26.879867] Call Trace: [ 26.882436] dump_stack+0xb9/0x11b [ 26.885962] print_circular_bug.isra.18.cold.43+0x2d3/0x40c [ 26.891660] ? save_trace+0xd6/0x250 [ 26.895350] __lock_acquire+0x2ff9/0x4320 [ 26.899471] ? trace_hardirqs_on+0x10/0x10 [ 26.903682] ? __lock_acquire+0x619/0x4320 [ 26.907889] ? lock_downgrade+0x560/0x560 [ 26.912008] ? lock_acquire+0x10f/0x380 [ 26.915958] ? trace_hardirqs_on+0x10/0x10 [ 26.920266] ? depot_save_stack+0x20a/0x428 [ 26.924674] lock_acquire+0x10f/0x380 [ 26.928453] ? shmem_fallocate+0x149/0xb20 [ 26.932670] down_write+0x34/0x90 [ 26.936228] ? shmem_fallocate+0x149/0xb20 [ 26.940547] shmem_fallocate+0x149/0xb20 [ 26.944586] ? avc_has_perm_noaudit+0x17c/0x300 [ 26.949231] ? shmem_setattr+0x790/0x790 [ 26.953269] ? avc_has_perm_noaudit+0x1a3/0x300 [ 26.957927] ? avc_has_extended_perms+0xd50/0xd50 [ 26.962750] ? new_slab+0x25f/0x470 [ 26.966352] ? lock_acquire+0x10f/0x380 [ 26.970304] ? ashmem_shrink_scan+0x52/0x4e0 [ 26.974689] ? mutex_trylock+0x15c/0x1a0 [ 26.978737] ashmem_shrink_scan+0x1b6/0x4e0 [ 26.983032] ashmem_ioctl+0x2cc/0xe20 [ 26.986808] ? ashmem_shrink_scan+0x4e0/0x4e0 [ 26.991393] ? __lru_cache_add+0x174/0x250 [ 26.995603] ? __handle_mm_fault+0x657/0x23a0 [ 27.000073] ? ashmem_shrink_scan+0x4e0/0x4e0 [ 27.004665] do_vfs_ioctl+0x1a0/0x1030 [ 27.008533] ? ioctl_preallocate+0x1d0/0x1d0 [ 27.012917] ? selinux_parse_skb.constprop.42+0x1a90/0x1a90 [ 27.018636] ? __do_page_fault+0x485/0xb60 [ 27.022867] ? lock_downgrade+0x4fb/0x560 [ 27.026989] ? security_file_ioctl+0x7c/0xb0 [ 27.031376] SyS_ioctl+0x7e/0xb0 [ 27.034717] ? do_vfs_ioctl+0x1030/0x1030 [ 27.038910] do_syscall_64+0x19b/0x4b0 [ 27.042783] entry_SYSCALL_64_after_hwframe+0