Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 9.719011] random: sshd: uninitialized urandom read (32 bytes read) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 22.207312] random: sshd: uninitialized urandom read (32 bytes read) [ 22.343497] random: crng init done Warning: Permanently added '10.128.15.228' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 29.390002] [ 29.391687] ====================================================== [ 29.397995] [ INFO: possible circular locking dependency detected ] [ 29.404393] 4.9.148+ #2 Not tainted [ 29.408008] ------------------------------------------------------- [ 29.414407] syz-executor304/2092 is trying to acquire lock: [ 29.420108] (&mm->mmap_sem){++++++}, at: [] __do_page_fault+0x7bd/0xa60 [ 29.428913] but task is already holding lock: executing program [ 29.433578] (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [] generic_file_write_iter+0x9a/0x630 [ 29.444345] which lock already depends on the new lock. [ 29.444345] [ 29.451356] [ 29.451356] the existing dependency chain (in reverse order) is: [ 29.458972] -> #2 (&sb->s_type->i_mutex_key#10){+.+.+.}: [ 29.465297] lock_acquire+0x133/0x3d0 [ 29.469612] down_write+0x41/0xa0 [ 29.473589] shmem_fallocate+0x143/0xab0 [ 29.478166] ashmem_shrink_scan+0x1c3/0x4c0 [ 29.483001] ashmem_ioctl+0x29b/0xdd0 [ 29.487317] do_vfs_ioctl+0xb87/0x11d0 [ 29.491725] SyS_ioctl+0x8f/0xc0 [ 29.495608] do_syscall_64+0x1ad/0x570 [ 29.500016] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 29.505637] -> #1 (ashmem_mutex){+.+.+.}: [ 29.510496] lock_acquire+0x133/0x3d0 [ 29.514819] mutex_lock_nested+0xc7/0x920 [ 29.519476] ashmem_mmap+0x53/0x470 [ 29.523615] mmap_region+0x7e7/0xfa0 [ 29.527851] do_mmap+0x539/0xbc0 [ 29.531727] vm_mmap_pgoff+0x179/0x1c0 [ 29.536131] SyS_mmap_pgoff+0xfa/0x1b0 executing program executing program [ 29.540530] SyS_mmap+0x16/0x20 [ 29.544331] do_syscall_64+0x1ad/0x570 [ 29.548734] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 29.554346] -> #0 (&mm->mmap_sem){++++++}: [ 29.559281] __lock_acquire+0x2d10/0x4350 [ 29.563947] lock_acquire+0x133/0x3d0 [ 29.568263] down_read+0x44/0xb0 [ 29.572148] __do_page_fault+0x7bd/0xa60 [ 29.576751] do_page_fault+0x28/0x30 [ 29.580983] page_fault+0x25/0x30 [ 29.584952] generic_perform_write+0x1b6/0x500 [ 29.590053] __generic_file_write_iter+0x340/0x530 [ 29.595528] generic_file_write_iter+0x38a/0x630 [ 29.600821] __vfs_write+0x3c1/0x560 [ 29.605103] vfs_write+0x185/0x520 [ 29.609238] SyS_write+0xdc/0x1c0 [ 29.613270] do_syscall_64+0x1ad/0x570 [ 29.617759] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 29.623401] [ 29.623401] other info that might help us debug this: [ 29.623401] [ 29.631540] Chain exists of: &mm->mmap_sem --> ashmem_mutex --> &sb->s_type->i_mutex_key#10 executing program executing program executing program [ 29.641376] Possible unsafe locking scenario: [ 29.641376] [ 29.647419] CPU0 CPU1 [ 29.652073] ---- ---- [ 29.656731] lock(&sb->s_type->i_mutex_key#10); [ 29.661938] lock(ashmem_mutex); [ 29.668164] lock(&sb->s_type->i_mutex_key#10); [ 29.675832] lock(&mm->mmap_sem); [ 29.679625] [ 29.679625] *** DEADLOCK *** [ 29.679625] [ 29.685677] 2 locks held by syz-executor304/2092: executing program [ 29.690508] #0: (sb_writers#6){.+.+.+}, at: [] vfs_write+0x3e9/0x520 [ 29.699469] #1: (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [] generic_file_write_iter+0x9a/0x630 [ 29.711070] [ 29.711070] stack backtrace: [ 29.715564] CPU: 1 PID: 2092 Comm: syz-executor304 Not tainted 4.9.148+ #2 [ 29.722593] ffff8801cec9f5d8 ffffffff81b44d01 ffffffff83cab180 ffffffff83cb4960 [ 29.730773] ffffffff83cc8850 ffffffff8424cd80 ffff8801c5298000 ffff8801cec9f630 executing program [ 29.738931] ffffffff813ff0a8 dffffc0000000000 ffffffff84025780 ffff8801c5298900 [ 29.746995] Call Trace: [ 29.749582] [] dump_stack+0xc1/0x120 [ 29.754954] [] print_circular_bug.cold+0x2f6/0x454 [ 29.761535] [] __lock_acquire+0x2d10/0x4350 [ 29.767500] [] ? kasan_unpoison_shadow+0x35/0x50 [ 29.773910] [] ? kasan_alloc_pages+0x38/0x40 [ 29.779971] [] ? trace_hardirqs_on+0x10/0x10 executing program [ 29.786027] [] ? rcu_read_lock_sched_held+0x10b/0x130 [ 29.792868] [] lock_acquire+0x133/0x3d0 [ 29.798493] [] ? __do_page_fault+0x7bd/0xa60 [ 29.804551] [] down_read+0x44/0xb0 [ 29.809737] [] ? __do_page_fault+0x7bd/0xa60 [ 29.815788] [] __do_page_fault+0x7bd/0xa60 [ 29.821665] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 29.828420] [] ? bad_area_access_error+0x3d0/0x3d0 [ 29.834992] [] ? mark_held_locks+0xb1/0x100 executing program executing program executing program executing program [ 29.840965] [] ? shmem_getpage_gfp+0x9dd/0x1b00 [ 29.847280] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 29.853942] [] do_page_fault+0x28/0x30 [ 29.859555] [] page_fault+0x25/0x30 [ 29.859570] [] ? iov_iter_fault_in_readable+0x300/0x3d0 [ 29.859628] [] ? iov_iter_fault_in_readable+0x30d/0x3d0 executing program [ 29.859637] [] ? iov_iter_fault_in_readable+0x300/0x3d0 [ 29.859642] [] ? iov_iter_init+0x1d0/0x1d0 executing program executing program executing program executing program [ 29.859649] [] generic_perform_write+0x1b6/0x500 [ 29.859654] [] ? filemap_page_mkwrite+0x280/0x280 executing program executing program [ 29.859660] [] ? current_time+0xd0/0xd0 [ 29.859665] [] __generic_file_write_iter+0x340/0x530 executing program executing program [ 29.859670] [] generic_file_write_iter+0x38a/0x630 [ 29.859675] [] __vfs_write+0x3c1/0x560 [ 29.859681] [] ? bpf_fd_pass+0x270/0x270 executing program executing program executing program [ 29.859685] [] ? __vfs_read+0x550/0x550 [ 29.859692] [] ? rcu_read_lock_sched_held+0x10b/0x130 [ 29.859696] [] ? rcu_sync_lockdep_assert+0x73/0xb0 executing program executing program [ 29.859704] [] ? __sb_start_write+0x161/0x310 [ 29.859709] [] vfs_write+0x185/0x520 executing program [ 29.859714] [] SyS_write+0xdc/0x1c0 [ 29.859720] [] ? SyS_read+0x1c0/0x1c0 [ 29.859726] [] ? do_syscall_64+0x4a/0x570 [ 29.859731] [] ? SyS_read+0x1c0/0x1c0 executing program executing program executing program [ 29.859737] [] do_syscall_64+0x1ad/0x570 [ 29.859744] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program