[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 16.586628] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available) [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 21.492026] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 22.082091] random: sshd: uninitialized urandom read (32 bytes read, 38 bits of entropy available) [ 23.032812] random: sshd: uninitialized urandom read (32 bytes read, 112 bits of entropy available) [ 23.198419] random: sshd: uninitialized urandom read (32 bytes read, 116 bits of entropy available) Warning: Permanently added '10.128.15.206' (ECDSA) to the list of known hosts. [ 28.566290] random: sshd: uninitialized urandom read (32 bytes read, 123 bits of entropy available) executing program [ 28.661753] [ 28.663398] ====================================================== [ 28.669680] [ INFO: possible circular locking dependency detected ] [ 28.676056] 4.4.113-ge70c132 #27 Not tainted [ 28.680429] ------------------------------------------------------- [ 28.686800] syzkaller885830/3313 is trying to acquire lock: [ 28.692477] (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [] shmem_file_llseek+0xf1/0x240 [ 28.702756] [ 28.702756] but task is already holding lock: [ 28.708696] (ashmem_mutex){+.+.+.}, at: [] ashmem_llseek+0x56/0x1f0 [ 28.717192] [ 28.717192] which lock already depends on the new lock. [ 28.717192] [ 28.725475] [ 28.725475] the existing dependency chain (in reverse order) is: [ 28.733073] -> #2 (ashmem_mutex){+.+.+.}: [ 28.737854] [] lock_acquire+0x15e/0x460 [ 28.744085] [] mutex_lock_nested+0xbb/0x850 [ 28.750665] [] ashmem_mmap+0x53/0x400 [ 28.756722] [] mmap_region+0x94f/0x1250 [ 28.762965] [] do_mmap+0x4fd/0x9d0 [ 28.768765] [] vm_mmap_pgoff+0x16e/0x1c0 [ 28.775082] [] SyS_mmap_pgoff+0x33f/0x560 [ 28.781492] [] do_fast_syscall_32+0x314/0x890 [ 28.788252] [] sysenter_flags_fixed+0xd/0x17 [ 28.794919] -> #1 (&mm->mmap_sem){++++++}: [ 28.799773] [] lock_acquire+0x15e/0x460 [ 28.806004] [] __might_fault+0x14a/0x1d0 [ 28.812323] [] filldir+0x162/0x2d0 [ 28.818119] [] dcache_readdir+0x11e/0x7b0 [ 28.824528] [] iterate_dir+0x1c8/0x420 [ 28.830676] [] SyS_getdents+0x14a/0x270 [ 28.836914] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 28.844117] -> #0 (&sb->s_type->i_mutex_key#10){+.+.+.}: [ 28.850291] [] __lock_acquire+0x371f/0x4b50 [ 28.856883] [] lock_acquire+0x15e/0x460 [ 28.863109] [] mutex_lock_nested+0xbb/0x850 [ 28.869688] [] shmem_file_llseek+0xf1/0x240 [ 28.876282] [] vfs_llseek+0xa2/0xd0 [ 28.882182] [] ashmem_llseek+0xe7/0x1f0 [ 28.888423] [] compat_SyS_lseek+0xeb/0x170 [ 28.894912] [] do_fast_syscall_32+0x314/0x890 [ 28.901662] [] sysenter_flags_fixed+0xd/0x17 [ 28.908346] [ 28.908346] other info that might help us debug this: [ 28.908346] [ 28.916455] Chain exists of: &sb->s_type->i_mutex_key#10 --> &mm->mmap_sem --> ashmem_mutex [ 28.926158] Possible unsafe locking scenario: [ 28.926158] [ 28.932183] CPU0 CPU1 [ 28.936819] ---- ---- [ 28.941451] lock(ashmem_mutex); [ 28.945124] lock(&mm->mmap_sem); [ 28.951396] lock(ashmem_mutex); [ 28.957566] lock(&sb->s_type->i_mutex_key#10); [ 28.962638] [ 28.962638] *** DEADLOCK *** [ 28.962638] [ 28.968665] 1 lock held by syzkaller885830/3313: [ 28.973386] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_llseek+0x56/0x1f0 [ 28.982443] [ 28.982443] stack backtrace: [ 28.986911] CPU: 0 PID: 3313 Comm: syzkaller885830 Not tainted 4.4.113-ge70c132 #27 [ 28.994682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.004007] 0000000000000000 f567d1bab61a0a9c ffff8801d1b6fa58 ffffffff81d0278d [ 29.011994] ffffffff851a0560 ffffffff851aa250 ffffffff851beb60 ffff8800b5168898 [ 29.019963] ffff8800b5168000 ffff8801d1b6faa0 ffffffff81232b51 ffff8800b5168898 [ 29.027934] Call Trace: [ 29.030493] [] dump_stack+0xc1/0x124 [ 29.035827] [] print_circular_bug+0x271/0x310 [ 29.041942] [] __lock_acquire+0x371f/0x4b50 [ 29.047894] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 29.054877] [] ? __lock_is_held+0xa1/0xf0 [ 29.060645] [] lock_acquire+0x15e/0x460 [ 29.066241] [] ? shmem_file_llseek+0xf1/0x240 [ 29.072366] [] ? shmem_file_llseek+0xf1/0x240 [ 29.078502] [] mutex_lock_nested+0xbb/0x850 [ 29.084445] [] ? shmem_file_llseek+0xf1/0x240 [ 29.090561] [] ? mutex_lock_nested+0x5d4/0x850 [ 29.096763] [] ? __ww_mutex_lock+0x14f0/0x14f0 [ 29.102966] [] ? mutex_lock_nested+0x560/0x850 [ 29.109170] [] ? ashmem_llseek+0x56/0x1f0 [ 29.114937] [] shmem_file_llseek+0xf1/0x240 [ 29.120880] [] ? shmem_mmap+0x90/0x90 [ 29.126302] [] vfs_llseek+0xa2/0xd0 [ 29.131557] [] ashmem_llseek+0xe7/0x1f0 [ 29.137154] [] ? ashmem_read+0x200/0x200 [ 29.142834] [] compat_SyS_lseek+0xeb/0x170 [ 29.148689] [] ? SyS_lseek+0x170/0x170 [ 29.154198] [] do_fast_syscall_32+0x314/0x890 [ 29.160316] [] sysent