[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m[ 16.124499] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available) 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 22.167028] random: sshd: uninitialized urandom read (32 bytes read, 38 bits of entropy available) [ 22.617348] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available) [ 23.411609] random: sshd: uninitialized urandom read (32 bytes read, 88 bits of entropy available) [ 23.587262] random: sshd: uninitialized urandom read (32 bytes read, 93 bits of entropy available) Warning: Permanently added '10.128.15.199' (ECDSA) to the list of known hosts. [ 28.948724] random: sshd: uninitialized urandom read (32 bytes read, 101 bits of entropy available) executing program [ 29.045907] [ 29.047550] ====================================================== [ 29.053834] [ INFO: possible circular locking dependency detected ] [ 29.060206] 4.4.112-g3fc4284 #32 Not tainted [ 29.064579] ------------------------------------------------------- [ 29.070949] syzkaller105302/3313 is trying to acquire lock: [ 29.076625] (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [] shmem_file_llseek+0xf1/0x240 [ 29.086895] [ 29.086895] but task is already holding lock: [ 29.092832] (ashmem_mutex){+.+.+.}, at: [] ashmem_llseek+0x56/0x1f0 [ 29.101337] [ 29.101337] which lock already depends on the new lock. [ 29.101337] [ 29.109619] [ 29.109619] the existing dependency chain (in reverse order) is: [ 29.117207] -> #2 (ashmem_mutex){+.+.+.}: [ 29.121955] [] lock_acquire+0x15e/0x460 [ 29.128193] [] mutex_lock_nested+0xbb/0x850 [ 29.134773] [] ashmem_mmap+0x53/0x400 [ 29.140829] [] mmap_region+0x94f/0x1250 [ 29.147062] [] do_mmap+0x4fd/0x9d0 [ 29.152859] [] vm_mmap_pgoff+0x16e/0x1c0 [ 29.159188] [] SyS_mmap_pgoff+0x33f/0x560 [ 29.165601] [] SyS_mmap+0x16/0x20 [ 29.171314] [] entry_SYSCALL_64_fastpath+0x16/0x92 [ 29.178505] -> #1 (&mm->mmap_sem){++++++}: [ 29.183343] [] lock_acquire+0x15e/0x460 [ 29.189578] [] __might_fault+0x14a/0x1d0 [ 29.195894] [] filldir+0x162/0x2d0 [ 29.201692] [] dcache_readdir+0x11e/0x7b0 [ 29.208103] [] iterate_dir+0x1c8/0x420 [ 29.214247] [] SyS_getdents+0x14a/0x270 [ 29.220485] [] entry_SYSCALL_64_fastpath+0x16/0x92 [ 29.227672] -> #0 (&sb->s_type->i_mutex_key#10){+.+.+.}: [ 29.233864] [] __lock_acquire+0x371f/0x4b50 [ 29.240443] [] lock_acquire+0x15e/0x460 [ 29.246672] [] mutex_lock_nested+0xbb/0x850 [ 29.253255] [] shmem_file_llseek+0xf1/0x240 [ 29.259833] [] vfs_llseek+0xa2/0xd0 [ 29.265717] [] ashmem_llseek+0xe7/0x1f0 [ 29.271946] [] SyS_lseek+0xeb/0x170 [ 29.277828] [] entry_SYSCALL_64_fastpath+0x16/0x92 [ 29.285011] [ 29.285011] other info that might help us debug this: [ 29.285011] [ 29.293122] Chain exists of: &sb->s_type->i_mutex_key#10 --> &mm->mmap_sem --> ashmem_mutex [ 29.302825] Possible unsafe locking scenario: [ 29.302825] [ 29.308852] CPU0 CPU1 [ 29.313492] ---- ---- [ 29.318144] lock(ashmem_mutex); [ 29.321816] lock(&mm->mmap_sem); [ 29.328079] lock(ashmem_mutex); [ 29.334254] lock(&sb->s_type->i_mutex_key#10); [ 29.339338] [ 29.339338] *** DEADLOCK *** [ 29.339338] [ 29.345368] 1 lock held by syzkaller105302/3313: [ 29.350092] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_llseek+0x56/0x1f0 [ 29.359146] [ 29.359146] stack backtrace: [ 29.363609] CPU: 0 PID: 3313 Comm: syzkaller105302 Not tainted 4.4.112-g3fc4284 #32 [ 29.371368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.380692] 0000000000000000 e5bc972d6cacaa8b ffff8800b46a7ad8 ffffffff81d054ed [ 29.388666] ffffffff8519e520 ffffffff851a8210 ffffffff851bcb20 ffff8801d1048898 [ 29.396638] ffff8801d1048000 ffff8800b46a7b20 ffffffff81232b91 ffff8801d1048898 [ 29.404608] Call Trace: [ 29.407171] [] dump_stack+0xc1/0x124 [ 29.412505] [] print_circular_bug+0x271/0x310 [ 29.418635] [] __lock_acquire+0x371f/0x4b50 [ 29.424578] [] ? perf_event_mmap+0x93/0x910 [ 29.430517] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 29.437501] [] ? vma_link+0xe4/0x170 [ 29.442833] [] ? __lock_is_held+0xa1/0xf0 [ 29.448599] [] lock_acquire+0x15e/0x460 [ 29.454194] [] ? shmem_file_llseek+0xf1/0x240 [ 29.460309] [] ? shmem_file_llseek+0xf1/0x240 [ 29.466430] [] mutex_lock_nested+0xbb/0x850 [ 29.472378] [] ? shmem_file_llseek+0xf1/0x240 [ 29.478494] [] ? mutex_lock_nested+0x5d4/0x850 [ 29.484706] [] ? __ww_mutex_lock+0x14f0/0x14f0 [ 29.490907] [] ? mutex_lock_nested+0x560/0x850 [ 29.49