[ 22.293977] random: sshd: uninitialized urandom read (32 bytes read, 35 bits of entropy available) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 26.259364] random: sshd: uninitialized urandom read (32 bytes read, 40 bits of entropy available) [ 26.630749] random: sshd: uninitialized urandom read (32 bytes read, 40 bits of entropy available) [ 27.576021] random: sshd: uninitialized urandom read (32 bytes read, 116 bits of entropy available) [ 27.743537] random: sshd: uninitialized urandom read (32 bytes read, 121 bits of entropy available) Warning: Permanently added '10.128.0.39' (ECDSA) to the list of known hosts. [ 33.132594] random: sshd: uninitialized urandom read (32 bytes read, 128 bits of entropy available) executing program [ 33.231496] [ 33.233137] ====================================================== [ 33.239425] [ INFO: possible circular locking dependency detected ] [ 33.245795] 4.4.113-g962d1f3 #2 Not tainted [ 33.250081] ------------------------------------------------------- [ 33.256451] syzkaller739113/4052 is trying to acquire lock: [ 33.262127] (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [] shmem_file_llseek+0xf1/0x240 [ 33.272424] [ 33.272424] but task is already holding lock: [ 33.278362] (ashmem_mutex){+.+.+.}, at: [] ashmem_llseek+0x56/0x1f0 [ 33.286868] [ 33.286868] which lock already depends on the new lock. [ 33.286868] [ 33.295161] [ 33.295161] the existing dependency chain (in reverse order) is: [ 33.302748] -> #2 (ashmem_mutex){+.+.+.}: [ 33.307495] [] lock_acquire+0x15e/0x460 [ 33.313722] [] mutex_lock_nested+0xbb/0x850 [ 33.320329] [] ashmem_mmap+0x53/0x400 [ 33.326400] [] mmap_region+0x94f/0x1250 [ 33.332631] [] do_mmap+0x4fd/0x9d0 [ 33.338436] [] vm_mmap_pgoff+0x16e/0x1c0 [ 33.344765] [] SyS_mmap_pgoff+0x33f/0x560 [ 33.351167] [] do_fast_syscall_32+0x314/0x890 [ 33.357920] [] sysenter_flags_fixed+0xd/0x17 [ 33.364585] -> #1 (&mm->mmap_sem){++++++}: [ 33.369425] [] lock_acquire+0x15e/0x460 [ 33.375658] [] __might_fault+0x14a/0x1d0 [ 33.381973] [] filldir+0x162/0x2d0 [ 33.387778] [] dcache_readdir+0x11e/0x7b0 [ 33.394178] [] iterate_dir+0x1c8/0x420 [ 33.400320] [] SyS_getdents+0x14a/0x270 [ 33.406553] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 33.413748] -> #0 (&sb->s_type->i_mutex_key#10){+.+.+.}: [ 33.419914] [] __lock_acquire+0x371f/0x4b50 [ 33.426488] [] lock_acquire+0x15e/0x460 [ 33.432716] [] mutex_lock_nested+0xbb/0x850 [ 33.439313] [] shmem_file_llseek+0xf1/0x240 [ 33.445893] [] vfs_llseek+0xa2/0xd0 [ 33.451773] [] ashmem_llseek+0xe7/0x1f0 [ 33.458000] [] compat_SyS_lseek+0xeb/0x170 [ 33.464485] [] do_fast_syscall_32+0x314/0x890 [ 33.471234] [] sysenter_flags_fixed+0xd/0x17 [ 33.477898] [ 33.477898] other info that might help us debug this: [ 33.477898] [ 33.486005] Chain exists of: &sb->s_type->i_mutex_key#10 --> &mm->mmap_sem --> ashmem_mutex [ 33.495704] Possible unsafe locking scenario: [ 33.495704] [ 33.501725] CPU0 CPU1 [ 33.506365] ---- ---- [ 33.510996] lock(ashmem_mutex); [ 33.514644] lock(&mm->mmap_sem); [ 33.520907] lock(ashmem_mutex); [ 33.527073] lock(&sb->s_type->i_mutex_key#10); [ 33.532132] [ 33.532132] *** DEADLOCK *** [ 33.532132] [ 33.538156] 1 lock held by syzkaller739113/4052: [ 33.542875] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_llseek+0x56/0x1f0 [ 33.551922] [ 33.551922] stack backtrace: [ 33.556388] CPU: 0 PID: 4052 Comm: syzkaller739113 Not tainted 4.4.113-g962d1f3 #2 [ 33.564059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.573386] 0000000000000000 d59b23f6dc702eed ffff8801d7b77a58 ffffffff81d028ed [ 33.581355] ffffffff851a0200 ffffffff851a9ef0 ffffffff851be4a0 ffff8801d7f7cfd8 [ 33.589323] ffff8801d7f7c740 ffff8801d7b77aa0 ffffffff81232cc1 ffff8801d7f7cfd8 [ 33.597286] Call Trace: [ 33.599851] [] dump_stack+0xc1/0x124 [ 33.605186] [] print_circular_bug+0x271/0x310 [ 33.611298] [] __lock_acquire+0x371f/0x4b50 [ 33.617237] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 33.624220] [] ? __lock_is_held+0xa1/0xf0 [ 33.629986] [] lock_acquire+0x15e/0x460 [ 33.635577] [] ? shmem_file_llseek+0xf1/0x240 [ 33.641687] [] ? shmem_file_llseek+0xf1/0x240 [ 33.647800] [] mutex_lock_nested+0xbb/0x850 [ 33.653746] [] ? shmem_file_llseek+0xf1/0x240 [ 33.659871] [] ? mutex_lock_nested+0x5d4/0x850 [ 33.666084] [] ? __ww_mutex_lock+0x14f0/0x14f0 [ 33.672923] [] ? mutex_lock_nested+0x560/0x850 [ 33.679126] [] ? ashmem_llseek+0x56/0x1f0 [ 33.684895] [] shmem_file_llseek+0xf1/0x240 [ 33.690844] [] ? shmem_mmap+0x90/0x90 [ 33.696284] [] vfs_llseek+0xa2/0xd0 [ 33.701539] [] ashmem_llseek+0xe7/0x1f0 [ 33.707134] [] ? ashmem_read+0x200/0x200 [ 33.712814] [] compat_SyS_lseek+0xeb/0x170 [ 33.718666] [] ? SyS_lseek+0x170/0x170 [ 33.724184] [] do_fast_syscall_32+0x314/0x890 [ 33.730297] [] sys