[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 16.282357] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available) [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 21.140607] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 21.478670] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 22.321349] random: sshd: uninitialized urandom read (32 bytes read, 104 bits of entropy available) [ 22.497236] random: sshd: uninitialized urandom read (32 bytes read, 109 bits of entropy available) Warning: Permanently added '10.128.0.32' (ECDSA) to the list of known hosts. [ 27.868166] random: sshd: uninitialized urandom read (32 bytes read, 117 bits of entropy available) executing program [ 27.964612] [ 27.966248] ====================================================== [ 27.972532] [ INFO: possible circular locking dependency detected ] [ 27.978909] 4.4.112-g5f6325b #28 Not tainted [ 27.983281] ------------------------------------------------------- [ 27.989652] syzkaller755443/3314 is trying to acquire lock: [ 27.995328] (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [] shmem_file_llseek+0xf1/0x240 [ 28.005588] [ 28.005588] but task is already holding lock: [ 28.011528] (ashmem_mutex){+.+.+.}, at: [] ashmem_llseek+0x56/0x1f0 [ 28.020022] [ 28.020022] which lock already depends on the new lock. [ 28.020022] [ 28.028304] [ 28.028304] the existing dependency chain (in reverse order) is: [ 28.035890] -> #2 (ashmem_mutex){+.+.+.}: [ 28.040638] [] lock_acquire+0x15e/0x460 [ 28.046866] [] mutex_lock_nested+0xbb/0x850 [ 28.053442] [] ashmem_mmap+0x53/0x400 [ 28.059494] [] mmap_region+0x94f/0x1250 [ 28.065723] [] do_mmap+0x4fd/0x9d0 [ 28.071530] [] vm_mmap_pgoff+0x16e/0x1c0 [ 28.077873] [] SyS_mmap_pgoff+0x33f/0x560 [ 28.084279] [] SyS_mmap+0x16/0x20 [ 28.089990] [] entry_SYSCALL_64_fastpath+0x16/0x92 [ 28.097177] -> #1 (&mm->mmap_sem){++++++}: [ 28.102010] [] lock_acquire+0x15e/0x460 [ 28.108243] [] __might_fault+0x14a/0x1d0 [ 28.114560] [] filldir+0x162/0x2d0 [ 28.120369] [] dcache_readdir+0x11e/0x7b0 [ 28.126774] [] iterate_dir+0x1c8/0x420 [ 28.132919] [] SyS_getdents+0x14a/0x270 [ 28.139149] [] entry_SYSCALL_64_fastpath+0x16/0x92 [ 28.146336] -> #0 (&sb->s_type->i_mutex_key#10){+.+.+.}: [ 28.152511] [] __lock_acquire+0x371f/0x4b50 [ 28.159107] [] lock_acquire+0x15e/0x460 [ 28.165335] [] mutex_lock_nested+0xbb/0x850 [ 28.171916] [] shmem_file_llseek+0xf1/0x240 [ 28.178499] [] vfs_llseek+0xa2/0xd0 [ 28.184387] [] ashmem_llseek+0xe7/0x1f0 [ 28.190633] [] SyS_lseek+0xeb/0x170 [ 28.196519] [] entry_SYSCALL_64_fastpath+0x16/0x92 [ 28.203706] [ 28.203706] other info that might help us debug this: [ 28.203706] [ 28.211815] Chain exists of: &sb->s_type->i_mutex_key#10 --> &mm->mmap_sem --> ashmem_mutex [ 28.221517] Possible unsafe locking scenario: [ 28.221517] [ 28.227554] CPU0 CPU1 [ 28.232189] ---- ---- [ 28.236819] lock(ashmem_mutex); [ 28.240473] lock(&mm->mmap_sem); [ 28.246730] lock(ashmem_mutex); [ 28.252912] lock(&sb->s_type->i_mutex_key#10); [ 28.257978] [ 28.257978] *** DEADLOCK *** [ 28.257978] [ 28.264012] 1 lock held by syzkaller755443/3314: [ 28.268730] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_llseek+0x56/0x1f0 [ 28.277860] [ 28.277860] stack backtrace: [ 28.282327] CPU: 1 PID: 3314 Comm: syzkaller755443 Not tainted 4.4.112-g5f6325b #28 [ 28.290088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.299411] 0000000000000000 2990ecd32d2472bd ffff8801d3e87ad8 ffffffff81d0579d [ 28.307382] ffffffff8519e370 ffffffff851a8210 ffffffff851bc610 ffff8801d2324fd8 [ 28.315347] ffff8801d2324740 ffff8801d3e87b20 ffffffff81232c31 ffff8801d2324fd8 [ 28.323327] Call Trace: [ 28.325885] [] dump_stack+0xc1/0x124 [ 28.331230] [] print_circular_bug+0x271/0x310 [ 28.337349] [] __lock_acquire+0x371f/0x4b50 [ 28.343292] [] ? perf_event_mmap+0x93/0x910 [ 28.349233] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 28.356840] [] ? vma_link+0xe4/0x170 [ 28.362171] [] ? __lock_is_held+0xa1/0xf0 [ 28.367937] [] lock_acquire+0x15e/0x460 [ 28.373533] [] ? shmem_file_llseek+0xf1/0x240 [ 28.379646] [] ? shmem_file_llseek+0xf1/0x240 [ 28.385762] [] mutex_lock_nested+0xbb/0x850 [ 28.391710] [] ? shmem_file_llseek+0xf1/0x240 [ 28.397823] [] ? mutex_lock_nested+0x5d4/0x850 [ 28.404024] [] ? __ww_mutex_lock+0x14f0/0x14f0 [ 28.410224] [] ? mutex_lock_nested+0x560/0x850 [