[....] Starting OpenBSD Secure Shell server: sshd[ 24.097402] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 28.893422] random: sshd: uninitialized urandom read (32 bytes read, 44 bits of entropy available) [ 29.328587] random: sshd: uninitialized urandom read (32 bytes read, 44 bits of entropy available) [ 30.304066] random: sshd: uninitialized urandom read (32 bytes read, 124 bits of entropy available) [ 30.471573] random: sshd: uninitialized urandom read (32 bytes read, 128 bits of entropy available) [ 30.578309] random: nonblocking pool is initialized Warning: Permanently added '10.128.15.202' (ECDSA) to the list of known hosts. executing program [ 35.983280] [ 35.984948] ====================================================== [ 35.991231] [ INFO: possible circular locking dependency detected ] [ 35.997612] 4.4.114-ga81d322 #4 Not tainted [ 36.001900] ------------------------------------------------------- [ 36.008272] syzkaller112059/4055 is trying to acquire lock: [ 36.013946] (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [] shmem_file_llseek+0xf1/0x240 [ 36.024214] [ 36.024214] but task is already holding lock: [ 36.030151] (ashmem_mutex){+.+.+.}, at: [] ashmem_llseek+0x56/0x1f0 [ 36.038651] [ 36.038651] which lock already depends on the new lock. [ 36.038651] [ 36.046935] [ 36.046935] the existing dependency chain (in reverse order) is: [ 36.054534] -> #2 (ashmem_mutex){+.+.+.}: [ 36.059298] [] lock_acquire+0x15e/0x460 [ 36.065540] [] mutex_lock_nested+0xbb/0x850 [ 36.072126] [] ashmem_mmap+0x53/0x400 [ 36.078182] [] mmap_region+0x94f/0x1250 [ 36.084416] [] do_mmap+0x4fd/0x9d0 [ 36.090214] [] vm_mmap_pgoff+0x16e/0x1c0 [ 36.096561] [] SyS_mmap_pgoff+0x33f/0x560 [ 36.102974] [] do_fast_syscall_32+0x314/0x890 [ 36.109726] [] sysenter_flags_fixed+0xd/0x17 [ 36.116393] -> #1 (&mm->mmap_sem){++++++}: [ 36.121262] [] lock_acquire+0x15e/0x460 [ 36.127494] [] __might_fault+0x14a/0x1d0 [ 36.133831] [] filldir+0x162/0x2d0 [ 36.139638] [] dcache_readdir+0x11e/0x7b0 [ 36.146050] [] iterate_dir+0x1c8/0x420 [ 36.152193] [] SyS_getdents+0x14a/0x270 [ 36.158432] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 36.165626] -> #0 (&sb->s_type->i_mutex_key#10){+.+.+.}: [ 36.171809] [] __lock_acquire+0x371f/0x4b50 [ 36.178415] [] lock_acquire+0x15e/0x460 [ 36.184672] [] mutex_lock_nested+0xbb/0x850 [ 36.191261] [] shmem_file_llseek+0xf1/0x240 [ 36.197841] [] vfs_llseek+0xa2/0xd0 [ 36.203748] [] ashmem_llseek+0xe7/0x1f0 [ 36.209999] [] compat_SyS_lseek+0xeb/0x170 [ 36.216517] [] do_fast_syscall_32+0x314/0x890 [ 36.223271] [] sysenter_flags_fixed+0xd/0x17 [ 36.229949] [ 36.229949] other info that might help us debug this: [ 36.229949] [ 36.238067] Chain exists of: &sb->s_type->i_mutex_key#10 --> &mm->mmap_sem --> ashmem_mutex [ 36.247809] Possible unsafe locking scenario: [ 36.247809] [ 36.253834] CPU0 CPU1 [ 36.258468] ---- ---- [ 36.263112] lock(ashmem_mutex); [ 36.266769] lock(&mm->mmap_sem); [ 36.273037] lock(ashmem_mutex); [ 36.279228] lock(&sb->s_type->i_mutex_key#10); [ 36.284333] [ 36.284333] *** DEADLOCK *** [ 36.284333] [ 36.290372] 1 lock held by syzkaller112059/4055: [ 36.295095] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_llseek+0x56/0x1f0 [ 36.304165] [ 36.304165] stack backtrace: [ 36.308643] CPU: 0 PID: 4055 Comm: syzkaller112059 Not tainted 4.4.114-ga81d322 #4 [ 36.316319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.325643] 0000000000000000 655b6ff202562119 ffff8800b953fa58 ffffffff81d0394d [ 36.333607] ffffffff851a0240 ffffffff851a9d80 ffffffff851bf260 ffff8801d7ffb8f8 [ 36.341585] ffff8801d7ffb000 ffff8800b953faa0 ffffffff81233b91 ffff8801d7ffb8f8 [ 36.349571] Call Trace: [ 36.352130] [] dump_stack+0xc1/0x124 [ 36.357464] [] print_circular_bug+0x271/0x310 [ 36.363577] [] __lock_acquire+0x371f/0x4b50 [ 36.369518] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 36.376510] [] ? __lock_is_held+0xa1/0xf0 [ 36.382278] [] lock_acquire+0x15e/0x460 [ 36.387874] [] ? shmem_file_llseek+0xf1/0x240 [ 36.393998] [] ? shmem_file_llseek+0xf1/0x240 [ 36.400122] [] mutex_lock_nested+0xbb/0x850 [ 36.406061] [] ? shmem_file_llseek+0xf1/0x240 [ 36.412179] [] ? mutex_lock_nested+0x5d4/0x850 [ 36.418385] [] ? __ww_mutex_lock+0x14f0/0x14f0 [ 36.424595] [] ? mutex_lock_nested+0x560/0x850 [ 36.430798] [] ? ashmem_llseek+0x56/0x1f0 [ 36.436567] [] shmem_file_llseek+0xf1/0x240 [ 36.442510] [] ? shmem_mmap+0x90/0x90 [ 36.447930] [] vfs_llseek+0xa2/0xd0 [ 36.453176] [] ashmem_llseek+0xe7/0x1f0 [ 36.458777] [] ? ashmem_read+0x200/0x200 [ 36.464458] [] compat_SyS_lseek+0xeb/0x170 [ 36.470317] [] ? SyS_lseek+0x170/0x170 [ 36.475826] [] do_fast_syscall_32+0x314/0x890 [ 36.481950] [] syse