[ 21.204576] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 25.444056] random: sshd: uninitialized urandom read (32 bytes read, 40 bits of entropy available) [ 25.782823] random: sshd: uninitialized urandom read (32 bytes read, 40 bits of entropy available) [ 26.708861] random: sshd: uninitialized urandom read (32 bytes read, 107 bits of entropy available) [ 26.876374] random: sshd: uninitialized urandom read (32 bytes read, 110 bits of entropy available) Warning: Permanently added '10.128.0.7' (ECDSA) to the list of known hosts. [ 32.243257] random: sshd: uninitialized urandom read (32 bytes read, 115 bits of entropy available) 2018/03/05 19:45:54 parsed 1 programs 2018/03/05 19:45:54 executed programs: 0 [ 32.578347] IPVS: Creating netns size=2552 id=1 [ 32.610358] [ 32.612014] ====================================================== [ 32.618303] [ INFO: possible circular locking dependency detected ] [ 32.624682] 4.4.119-g855ea74 #28 Not tainted [ 32.629063] ------------------------------------------------------- [ 32.635439] syz-executor0/3807 is trying to acquire lock: [ 32.640945] (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [] shmem_file_llseek+0xf1/0x240 [ 32.651265] [ 32.651265] but task is already holding lock: [ 32.657209] (ashmem_mutex){+.+.+.}, at: [] ashmem_llseek+0x56/0x1f0 [ 32.665732] [ 32.665732] which lock already depends on the new lock. [ 32.665732] [ 32.674020] [ 32.674020] the existing dependency chain (in reverse order) is: [ 32.681616] -> #2 (ashmem_mutex){+.+.+.}: [ 32.686419] [] lock_acquire+0x15e/0x460 [ 32.692671] [] mutex_lock_nested+0xbb/0x850 [ 32.699265] [] ashmem_mmap+0x53/0x400 [ 32.705348] [] mmap_region+0x94f/0x1250 [ 32.711597] [] do_mmap+0x4fd/0x9d0 [ 32.717412] [] vm_mmap_pgoff+0x16e/0x1c0 [ 32.723750] [] SyS_mmap_pgoff+0x33f/0x560 [ 32.730168] [] do_fast_syscall_32+0x321/0x8a0 [ 32.736934] [] sysenter_flags_fixed+0xd/0x17 [ 32.743615] -> #1 (&mm->mmap_sem){++++++}: [ 32.748491] [] lock_acquire+0x15e/0x460 [ 32.754731] [] __might_fault+0x14a/0x1d0 [ 32.761064] [] filldir+0x162/0x2d0 [ 32.766876] [] dcache_readdir+0x11e/0x7b0 [ 32.773291] [] iterate_dir+0x1c8/0x420 [ 32.779443] [] SyS_getdents+0x14a/0x270 [ 32.785686] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 32.792891] -> #0 (&sb->s_type->i_mutex_key#10){+.+.+.}: [ 32.799117] [] __lock_acquire+0x371f/0x4b50 [ 32.805709] [] lock_acquire+0x15e/0x460 [ 32.811947] [] mutex_lock_nested+0xbb/0x850 [ 32.818540] [] shmem_file_llseek+0xf1/0x240 [ 32.825135] [] vfs_llseek+0xa2/0xd0 [ 32.831035] [] ashmem_llseek+0xe7/0x1f0 [ 32.837279] [] compat_SyS_lseek+0xeb/0x170 [ 32.843791] [] do_fast_syscall_32+0x321/0x8a0 [ 32.850555] [] sysenter_flags_fixed+0xd/0x17 [ 32.857238] [ 32.857238] other info that might help us debug this: [ 32.857238] [ 32.865354] Chain exists of: &sb->s_type->i_mutex_key#10 --> &mm->mmap_sem --> ashmem_mutex [ 32.875109] Possible unsafe locking scenario: [ 32.875109] [ 32.881141] CPU0 CPU1 [ 32.885778] ---- ---- [ 32.890416] lock(ashmem_mutex); [ 32.894087] lock(&mm->mmap_sem); [ 32.900374] lock(ashmem_mutex); [ 32.906571] lock(&sb->s_type->i_mutex_key#10); [ 32.911670] [ 32.911670] *** DEADLOCK *** [ 32.911670] [ 32.917702] 1 lock held by syz-executor0/3807: [ 32.922257] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_llseek+0x56/0x1f0 [ 32.931357] [ 32.931357] stack backtrace: [ 32.935831] CPU: 1 PID: 3807 Comm: syz-executor0 Not tainted 4.4.119-g855ea74 #28 [ 32.943423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.952750] 0000000000000000 7b61b7e5bd8cbb17 ffff8801c5757a58 ffffffff81d0402d [ 32.960742] ffffffff851a0010 ffffffff851a9b50 ffffffff851bee80 ffff8801d8c150f8 [ 32.968737] ffff8801d8c14800 ffff8801c5757aa0 ffffffff81233ba1 ffff8801d8c150f8 [ 32.976775] Call Trace: [ 32.979347] [] dump_stack+0xc1/0x124 [ 32.984687] [] print_circular_bug+0x271/0x310 [ 32.990807] [] __lock_acquire+0x371f/0x4b50 [ 32.996752] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 33.003752] [] ? __lock_is_held+0xa1/0xf0 [ 33.009525] [] lock_acquire+0x15e/0x460 [ 33.015125] [] ? shmem_file_llseek+0xf1/0x240 [ 33.021247] [] ? shmem_file_llseek+0xf1/0x240 [ 33.027368] [] mutex_lock_nested+0xbb/0x850 [ 33.033312] [] ? shmem_file_llseek+0xf1/0x240 [ 33.039432] [] ? mutex_lock_nested+0x5d4/0x850 [ 33.045637] [] ? __ww_mutex_lock+0x14f0/0x14f0 [ 33.051844] [] ? mutex_lock_nested+0x560/0x850 [ 33.058057] [] ? ashmem_llseek+0x56/0x1f0 [ 33.063828] [] shmem_file_llseek+0xf1/0x240 [ 33.069775] [] ? shmem_mmap+0x90/0x90 [ 33.075202] [] vfs_llseek+0xa2/0xd0 [ 33.080455] [] ashmem_llseek+0xe7/0x1f0 [ 33.086054] [] ? ashmem_read+0x200/0x200 [ 33.091741] [] compat_SyS_lseek+0xeb/0x170 [ 33.097603] [] ? SyS_lseek+0x170/0x170 [ 33.103115] [] do_fast_syscall_32+0x321/0x8a0 [ 33.109240] [] sys