[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 16.303510] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available) [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 17.880851] random: sshd: uninitialized urandom read (32 bytes read, 35 bits of entropy available) [ 18.144921] random: sshd: uninitialized urandom read (32 bytes read, 35 bits of entropy available) [ 19.094931] random: sshd: uninitialized urandom read (32 bytes read, 116 bits of entropy available) [ 19.253070] random: sshd: uninitialized urandom read (32 bytes read, 120 bits of entropy available) Warning: Permanently added '10.128.15.204' (ECDSA) to the list of known hosts. [ 24.611854] random: sshd: uninitialized urandom read (32 bytes read, 128 bits of entropy available) executing program [ 24.703485] [ 24.705119] ====================================================== [ 24.711399] [ INFO: possible circular locking dependency detected ] [ 24.717770] 4.4.112-g3fc4284 #25 Not tainted [ 24.722141] ------------------------------------------------------- [ 24.728507] syzkaller721489/3310 is trying to acquire lock: [ 24.734180] (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [] shmem_file_llseek+0xf1/0x240 [ 24.744428] [ 24.744428] but task is already holding lock: [ 24.750364] (ashmem_mutex){+.+.+.}, at: [] ashmem_llseek+0x56/0x1f0 [ 24.758843] [ 24.758843] which lock already depends on the new lock. [ 24.758843] [ 24.767121] [ 24.767121] the existing dependency chain (in reverse order) is: [ 24.774706] -> #2 (ashmem_mutex){+.+.+.}: [ 24.779451] [] lock_acquire+0x15e/0x460 [ 24.785676] [] mutex_lock_nested+0xbb/0x850 [ 24.792251] [] ashmem_mmap+0x53/0x400 [ 24.798298] [] mmap_region+0x94f/0x1250 [ 24.804523] [] do_mmap+0x4fd/0x9d0 [ 24.810316] [] vm_mmap_pgoff+0x16e/0x1c0 [ 24.816629] [] SyS_mmap_pgoff+0x33f/0x560 [ 24.823030] [] do_fast_syscall_32+0x314/0x890 [ 24.829774] [] sysenter_flags_fixed+0xd/0x17 [ 24.836439] -> #1 (&mm->mmap_sem){++++++}: [ 24.841270] [] lock_acquire+0x15e/0x460 [ 24.847492] [] __might_fault+0x14a/0x1d0 [ 24.853801] [] filldir+0x162/0x2d0 [ 24.859591] [] dcache_readdir+0x11e/0x7b0 [ 24.865996] [] iterate_dir+0x1c8/0x420 [ 24.872135] [] SyS_getdents+0x14a/0x270 [ 24.878361] [] entry_SYSCALL_64_fastpath+0x16/0x92 [ 24.885546] -> #0 (&sb->s_type->i_mutex_key#10){+.+.+.}: [ 24.891709] [] __lock_acquire+0x371f/0x4b50 [ 24.898279] [] lock_acquire+0x15e/0x460 [ 24.904502] [] mutex_lock_nested+0xbb/0x850 [ 24.911074] [] shmem_file_llseek+0xf1/0x240 [ 24.917646] [] vfs_llseek+0xa2/0xd0 [ 24.923525] [] ashmem_llseek+0xe7/0x1f0 [ 24.929747] [] compat_SyS_lseek+0xeb/0x170 [ 24.936233] [] do_fast_syscall_32+0x314/0x890 [ 24.942978] [] sysenter_flags_fixed+0xd/0x17 [ 24.949634] [ 24.949634] other info that might help us debug this: [ 24.949634] [ 24.957741] Chain exists of: &sb->s_type->i_mutex_key#10 --> &mm->mmap_sem --> ashmem_mutex [ 24.967425] Possible unsafe locking scenario: [ 24.967425] [ 24.973449] CPU0 CPU1 [ 24.978079] ---- ---- [ 24.982717] lock(ashmem_mutex); [ 24.986363] lock(&mm->mmap_sem); [ 24.992612] lock(ashmem_mutex); [ 24.998775] lock(&sb->s_type->i_mutex_key#10); [ 25.003836] [ 25.003836] *** DEADLOCK *** [ 25.003836] [ 25.009859] 1 lock held by syzkaller721489/3310: [ 25.014577] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_llseek+0x56/0x1f0 [ 25.023627] [ 25.023627] stack backtrace: [ 25.028094] CPU: 0 PID: 3310 Comm: syzkaller721489 Not tainted 4.4.112-g3fc4284 #25 [ 25.035853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.045177] 0000000000000000 a92e3129f30b570e ffff8801d0aafa58 ffffffff81d054ed [ 25.053145] ffffffff8519e1c0 ffffffff851a7eb0 ffffffff851bc2b0 ffff8801d194cfd8 [ 25.061103] ffff8801d194c740 ffff8801d0aafaa0 ffffffff81232b91 ffff8801d194cfd8 [ 25.069064] Call Trace: [ 25.071622] [] dump_stack+0xc1/0x124 [ 25.076952] [] print_circular_bug+0x271/0x310 [ 25.083063] [] __lock_acquire+0x371f/0x4b50 [ 25.089003] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 25.095980] [] ? __lock_is_held+0xa1/0xf0 [ 25.101742] [] lock_acquire+0x15e/0x460 [ 25.107335] [] ? shmem_file_llseek+0xf1/0x240 [ 25.113446] [] ? shmem_file_llseek+0xf1/0x240 [ 25.119557] [] mutex_lock_nested+0xbb/0x850 [ 25.125495] [] ? shmem_file_llseek+0xf1/0x240 [ 25.131607] [] ? mutex_lock_nested+0x5d4/0x850 [ 25.137807] [] ? __ww_mutex_lock+0x14f0/0x14f0 [ 25.144004] [] ? mutex_lock_nested+0x560/0x850 [ 25.150202] [] ? ashmem_llseek+0x56/0x1f0 [ 25.155966] [] shmem_file_llseek+0xf1/0x240 [ 25.161899] [] ? shmem_mmap+0x90/0x90 [ 25.167315] [] vfs_llseek+0xa2/0xd0 [ 25.172554] [] ashmem_llseek+0xe7/0x1f0 [ 25.178143] [] ? ashmem_read+0x200/0x200 [ 25.183821] [] compat_SyS_lseek+0xeb/0x170 [ 25.189673] [] ? SyS_lseek+0x170/0x170 [ 25.195183] [] do_fast_syscall_32+0x314/0x890 [ 25.201297] [] sysenter_flags_