[....] Starting OpenBSD Secure Shell server: sshd[ 24.097402] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 28.893422] random: sshd: uninitialized urandom read (32 bytes read, 44 bits of entropy available)
[ 29.328587] random: sshd: uninitialized urandom read (32 bytes read, 44 bits of entropy available)
[ 30.304066] random: sshd: uninitialized urandom read (32 bytes read, 124 bits of entropy available)
[ 30.471573] random: sshd: uninitialized urandom read (32 bytes read, 128 bits of entropy available)
[ 30.578309] random: nonblocking pool is initialized
Warning: Permanently added '10.128.15.202' (ECDSA) to the list of known hosts.
executing program
[ 35.983280]
[ 35.984948] ======================================================
[ 35.991231] [ INFO: possible circular locking dependency detected ]
[ 35.997612] 4.4.114-ga81d322 #4 Not tainted
[ 36.001900] -------------------------------------------------------
[ 36.008272] syzkaller112059/4055 is trying to acquire lock:
[ 36.013946] (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [<ffffffff81463491>] shmem_file_llseek+0xf1/0x240
[ 36.024214]
[ 36.024214] but task is already holding lock:
[ 36.030151] (ashmem_mutex){+.+.+.}, at: [<ffffffff82c61a56>] ashmem_llseek+0x56/0x1f0
[ 36.038651]
[ 36.038651] which lock already depends on the new lock.
[ 36.038651]
[ 36.046935]
[ 36.046935] the existing dependency chain (in reverse order) is:
[ 36.054534]
-> #2 (ashmem_mutex){+.+.+.}:
[ 36.059298] [<ffffffff8123d7be>] lock_acquire+0x15e/0x460
[ 36.065540] [<ffffffff8376a92b>] mutex_lock_nested+0xbb/0x850
[ 36.072126] [<ffffffff82c60ea3>] ashmem_mmap+0x53/0x400
[ 36.078182] [<ffffffff814b0edf>] mmap_region+0x94f/0x1250
[ 36.084416] [<ffffffff814b1cdd>] do_mmap+0x4fd/0x9d0
[ 36.090214] [<ffffffff8147015e>] vm_mmap_pgoff+0x16e/0x1c0
[ 36.096561] [<ffffffff814afeaf>] SyS_mmap_pgoff+0x33f/0x560
[ 36.102974] [<ffffffff81006d74>] do_fast_syscall_32+0x314/0x890
[ 36.109726] [<ffffffff8377586a>] sysenter_flags_fixed+0xd/0x17
[ 36.116393]
-> #1 (&mm->mmap_sem){++++++}:
[ 36.121262] [<ffffffff8123d7be>] lock_acquire+0x15e/0x460
[ 36.127494] [<ffffffff8149577a>] __might_fault+0x14a/0x1d0
[ 36.133831] [<ffffffff8155a7e2>] filldir+0x162/0x2d0
[ 36.139638] [<ffffffff81597e2e>] dcache_readdir+0x11e/0x7b0
[ 36.146050] [<ffffffff8155a428>] iterate_dir+0x1c8/0x420
[ 36.152193] [<ffffffff8155b11a>] SyS_getdents+0x14a/0x270
[ 36.158432] [<ffffffff83773edf>] entry_SYSCALL_64_fastpath+0x1c/0x98
[ 36.165626]
-> #0 (&sb->s_type->i_mutex_key#10){+.+.+.}:
[ 36.171809] [<ffffffff8123ab1f>] __lock_acquire+0x371f/0x4b50
[ 36.178415] [<ffffffff8123d7be>] lock_acquire+0x15e/0x460
[ 36.184672] [<ffffffff8376a92b>] mutex_lock_nested+0xbb/0x850
[ 36.191261] [<ffffffff81463491>] shmem_file_llseek+0xf1/0x240
[ 36.197841] [<ffffffff8151c642>] vfs_llseek+0xa2/0xd0
[ 36.203748] [<ffffffff82c61ae7>] ashmem_llseek+0xe7/0x1f0
[ 36.209999] [<ffffffff8151e5bb>] compat_SyS_lseek+0xeb/0x170
[ 36.216517] [<ffffffff81006d74>] do_fast_syscall_32+0x314/0x890
[ 36.223271] [<ffffffff8377586a>] sysenter_flags_fixed+0xd/0x17
[ 36.229949]
[ 36.229949] other info that might help us debug this:
[ 36.229949]
[ 36.238067] Chain exists of:
&sb->s_type->i_mutex_key#10 --> &mm->mmap_sem --> ashmem_mutex
[ 36.247809] Possible unsafe locking scenario:
[ 36.247809]
[ 36.253834] CPU0 CPU1
[ 36.258468] ---- ----
[ 36.263112] lock(ashmem_mutex);
[ 36.266769] lock(&mm->mmap_sem);
[ 36.273037] lock(ashmem_mutex);
[ 36.279228] lock(&sb->s_type->i_mutex_key#10);
[ 36.284333]
[ 36.284333] *** DEADLOCK ***
[ 36.284333]
[ 36.290372] 1 lock held by syzkaller112059/4055:
[ 36.295095] #0: (ashmem_mutex){+.+.+.}, at: [<ffffffff82c61a56>] ashmem_llseek+0x56/0x1f0
[ 36.304165]
[ 36.304165] stack backtrace:
[ 36.308643] CPU: 0 PID: 4055 Comm: syzkaller112059 Not tainted 4.4.114-ga81d322 #4
[ 36.316319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 36.325643] 0000000000000000 655b6ff202562119 ffff8800b953fa58 ffffffff81d0394d
[ 36.333607] ffffffff851a0240 ffffffff851a9d80 ffffffff851bf260 ffff8801d7ffb8f8
[ 36.341585] ffff8801d7ffb000 ffff8800b953faa0 ffffffff81233b91 ffff8801d7ffb8f8
[ 36.349571] Call Trace:
[ 36.352130] [<ffffffff81d0394d>] dump_stack+0xc1/0x124
[ 36.357464] [<ffffffff81233b91>] print_circular_bug+0x271/0x310
[ 36.363577] [<ffffffff8123ab1f>] __lock_acquire+0x371f/0x4b50
[ 36.369518] [<ffffffff81237400>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 36.376510] [<ffffffff81230141>] ? __lock_is_held+0xa1/0xf0
[ 36.382278] [<ffffffff8123d7be>] lock_acquire+0x15e/0x460
[ 36.387874] [<ffffffff81463491>] ? shmem_file_llseek+0xf1/0x240
[ 36.393998] [<ffffffff81463491>] ? shmem_file_llseek+0xf1/0x240
[ 36.400122] [<ffffffff8376a92b>] mutex_lock_nested+0xbb/0x850
[ 36.406061] [<ffffffff81463491>] ? shmem_file_llseek+0xf1/0x240
[ 36.412179] [<ffffffff8376ae44>] ? mutex_lock_nested+0x5d4/0x850
[ 36.418385] [<ffffffff8376a870>] ? __ww_mutex_lock+0x14f0/0x14f0
[ 36.424595] [<ffffffff8376add0>] ? mutex_lock_nested+0x560/0x850
[ 36.430798] [<ffffffff82c61a56>] ? ashmem_llseek+0x56/0x1f0
[ 36.436567] [<ffffffff81463491>] shmem_file_llseek+0xf1/0x240
[ 36.442510] [<ffffffff814633a0>] ? shmem_mmap+0x90/0x90
[ 36.447930] [<ffffffff8151c642>] vfs_llseek+0xa2/0xd0
[ 36.453176] [<ffffffff82c61ae7>] ashmem_llseek+0xe7/0x1f0
[ 36.458777] [<ffffffff82c61a00>] ? ashmem_read+0x200/0x200
[ 36.464458] [<ffffffff8151e5bb>] compat_SyS_lseek+0xeb/0x170
[ 36.470317] [<ffffffff8151e4d0>] ? SyS_lseek+0x170/0x170
[ 36.475826] [<ffffffff81006d74>] do_fast_syscall_32+0x314/0x890
[ 36.481950] [<ffffffff8377586a>] syse