[ 15.135875] random: sshd: uninitialized urandom read (32 bytes read, 31 bits of entropy available) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.902416] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 21.364692] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available) [ 22.293678] random: sshd: uninitialized urandom read (32 bytes read, 112 bits of entropy available) [ 22.469825] random: sshd: uninitialized urandom read (32 bytes read, 118 bits of entropy available) Warning: Permanently added '10.128.0.43' (ECDSA) to the list of known hosts. [ 27.819994] random: sshd: uninitialized urandom read (32 bytes read, 126 bits of entropy available) executing program [ 27.925305] [ 27.926938] ====================================================== [ 27.933222] [ INFO: possible circular locking dependency detected ] [ 27.939593] 4.4.112-g3fc4284 #25 Not tainted [ 27.943971] ------------------------------------------------------- [ 27.950341] syzkaller642451/3309 is trying to acquire lock: [ 27.956022] (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [] shmem_file_llseek+0xf1/0x240 [ 27.966302] [ 27.966302] but task is already holding lock: [ 27.972240] (ashmem_mutex){+.+.+.}, at: [] ashmem_llseek+0x56/0x1f0 [ 27.980729] [ 27.980729] which lock already depends on the new lock. [ 27.980729] [ 27.989011] [ 27.989011] the existing dependency chain (in reverse order) is: [ 27.996595] -> #2 (ashmem_mutex){+.+.+.}: [ 28.001344] [] lock_acquire+0x15e/0x460 [ 28.007571] [] mutex_lock_nested+0xbb/0x850 [ 28.014143] [] ashmem_mmap+0x53/0x400 [ 28.020193] [] mmap_region+0x94f/0x1250 [ 28.026422] [] do_mmap+0x4fd/0x9d0 [ 28.032217] [] vm_mmap_pgoff+0x16e/0x1c0 [ 28.038528] [] SyS_mmap_pgoff+0x33f/0x560 [ 28.044931] [] do_fast_syscall_32+0x314/0x890 [ 28.051681] [] sysenter_flags_fixed+0xd/0x17 [ 28.058343] -> #1 (&mm->mmap_sem){++++++}: [ 28.063180] [] lock_acquire+0x15e/0x460 [ 28.069405] [] __might_fault+0x14a/0x1d0 [ 28.075718] [] filldir+0x162/0x2d0 [ 28.081507] [] dcache_readdir+0x11e/0x7b0 [ 28.087907] [] iterate_dir+0x1c8/0x420 [ 28.094041] [] SyS_getdents+0x14a/0x270 [ 28.100270] [] entry_SYSCALL_64_fastpath+0x16/0x92 [ 28.107452] -> #0 (&sb->s_type->i_mutex_key#10){+.+.+.}: [ 28.113615] [] __lock_acquire+0x371f/0x4b50 [ 28.120188] [] lock_acquire+0x15e/0x460 [ 28.126412] [] mutex_lock_nested+0xbb/0x850 [ 28.132986] [] shmem_file_llseek+0xf1/0x240 [ 28.139559] [] vfs_llseek+0xa2/0xd0 [ 28.145438] [] ashmem_llseek+0xe7/0x1f0 [ 28.151664] [] compat_SyS_lseek+0xeb/0x170 [ 28.158147] [] do_fast_syscall_32+0x314/0x890 [ 28.165762] [] sysenter_flags_fixed+0xd/0x17 [ 28.172683] [ 28.172683] other info that might help us debug this: [ 28.172683] [ 28.180790] Chain exists of: &sb->s_type->i_mutex_key#10 --> &mm->mmap_sem --> ashmem_mutex [ 28.193443] Possible unsafe locking scenario: [ 28.193443] [ 28.200336] CPU0 CPU1 [ 28.204966] ---- ---- [ 28.209598] lock(ashmem_mutex); [ 28.213253] lock(&mm->mmap_sem); [ 28.219508] lock(ashmem_mutex); [ 28.225669] lock(&sb->s_type->i_mutex_key#10); [ 28.231687] [ 28.231687] *** DEADLOCK *** [ 28.231687] [ 28.240403] 1 lock held by syzkaller642451/3309: [ 28.245730] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_llseek+0x56/0x1f0 [ 28.254778] [ 28.254778] stack backtrace: [ 28.259268] CPU: 1 PID: 3309 Comm: syzkaller642451 Not tainted 4.4.112-g3fc4284 #25 [ 28.267027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.276350] 0000000000000000 d8ba0ea66fd22dfb ffff8801d139fa58 ffffffff81d054ed [ 28.284319] ffffffff8519e1c0 ffffffff851a8060 ffffffff851bc7c0 ffff8801d22de798 [ 28.292282] ffff8801d22ddf00 ffff8801d139faa0 ffffffff81232b91 ffff8801d22de798 [ 28.300241] Call Trace: [ 28.302797] [] dump_stack+0xc1/0x124 [ 28.308131] [] print_circular_bug+0x271/0x310 [ 28.314248] [] __lock_acquire+0x371f/0x4b50 [ 28.320187] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 28.327167] [] ? __lock_is_held+0xa1/0xf0 [ 28.332930] [] lock_acquire+0x15e/0x460 [ 28.338522] [] ? shmem_file_llseek+0xf1/0x240 [ 28.344638] [] ? shmem_file_llseek+0xf1/0x240 [ 28.350758] [] mutex_lock_nested+0xbb/0x850 [ 28.356699] [] ? shmem_file_llseek+0xf1/0x240 [ 28.362820] [] ? mutex_lock_nested+0x5d4/0x850 [ 28.369018] [] ? __ww_mutex_lock+0x14f0/0x14f0 [ 28.375224] [] ? mutex_lock_nested+0x560/0x850 [ 28.381424] [] ? ashmem_llseek+0x56/0x1f0 [ 28.387194] [] shmem_file_llseek+0xf1/0x240 [ 28.393133] [] ? shmem_mmap+0x90/0x90 [ 28.398553] [] vfs_llseek+0xa2/0xd0 [ 28.403799] [] ashmem_llseek+0xe7/0x1f0 [ 28.410343] [] ? ashmem_read+0x200/0x200 [ 28.416021] [] compat_SyS_lseek+0xeb/0x170 [ 28.421872] [] ? SyS_lseek+0x170/0x170 [