[ 15.080038] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.739351] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 21.074701] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 21.941278] random: sshd: uninitialized urandom read (32 bytes read, 111 bits of entropy available) [ 28.863881] random: sshd: uninitialized urandom read (32 bytes read, 122 bits of entropy available) Warning: Permanently added '10.128.15.200' (ECDSA) to the list of known hosts. [ 34.257722] random: sshd: uninitialized urandom read (32 bytes read, 128 bits of entropy available) executing program [ 34.356748] [ 34.358396] ====================================================== [ 34.364684] [ INFO: possible circular locking dependency detected ] [ 34.371058] 4.4.112-g5f6325b #28 Not tainted [ 34.375430] ------------------------------------------------------- [ 34.381798] syzkaller535257/3316 is trying to acquire lock: [ 34.387474] (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [] shmem_file_llseek+0xf1/0x240 [ 34.397754] [ 34.397754] but task is already holding lock: [ 34.403692] (ashmem_mutex){+.+.+.}, at: [] ashmem_llseek+0x56/0x1f0 [ 34.412191] [ 34.412191] which lock already depends on the new lock. [ 34.412191] [ 34.420473] [ 34.420473] the existing dependency chain (in reverse order) is: [ 34.428061] -> #2 (ashmem_mutex){+.+.+.}: [ 34.432807] [] lock_acquire+0x15e/0x460 [ 34.439038] [] mutex_lock_nested+0xbb/0x850 [ 34.445615] [] ashmem_mmap+0x53/0x400 [ 34.451668] [] mmap_region+0x94f/0x1250 [ 34.457899] [] do_mmap+0x4fd/0x9d0 [ 34.463696] [] vm_mmap_pgoff+0x16e/0x1c0 [ 34.470013] [] SyS_mmap_pgoff+0x33f/0x560 [ 34.476414] [] SyS_mmap+0x16/0x20 [ 34.482123] [] entry_SYSCALL_64_fastpath+0x16/0x92 [ 34.489305] -> #1 (&mm->mmap_sem){++++++}: [ 34.494152] [] lock_acquire+0x15e/0x460 [ 34.500378] [] __might_fault+0x14a/0x1d0 [ 34.506694] [] filldir+0x162/0x2d0 [ 34.512494] [] dcache_readdir+0x11e/0x7b0 [ 34.518894] [] iterate_dir+0x1c8/0x420 [ 34.525035] [] SyS_getdents+0x14a/0x270 [ 34.531261] [] entry_SYSCALL_64_fastpath+0x16/0x92 [ 34.538446] -> #0 (&sb->s_type->i_mutex_key#10){+.+.+.}: [ 34.544613] [] __lock_acquire+0x371f/0x4b50 [ 34.551188] [] lock_acquire+0x15e/0x460 [ 34.557413] [] mutex_lock_nested+0xbb/0x850 [ 34.563992] [] shmem_file_llseek+0xf1/0x240 [ 34.570568] [] vfs_llseek+0xa2/0xd0 [ 34.576464] [] ashmem_llseek+0xe7/0x1f0 [ 34.582694] [] SyS_lseek+0xeb/0x170 [ 34.588578] [] entry_SYSCALL_64_fastpath+0x16/0x92 [ 34.595765] [ 34.595765] other info that might help us debug this: [ 34.595765] [ 34.603881] Chain exists of: &sb->s_type->i_mutex_key#10 --> &mm->mmap_sem --> ashmem_mutex [ 34.613584] Possible unsafe locking scenario: [ 34.613584] [ 34.619607] CPU0 CPU1 [ 34.624238] ---- ---- [ 34.628872] lock(ashmem_mutex); [ 34.632523] lock(&mm->mmap_sem); [ 34.638780] lock(ashmem_mutex); [ 34.644946] lock(&sb->s_type->i_mutex_key#10); [ 34.650017] [ 34.650017] *** DEADLOCK *** [ 34.650017] [ 34.656044] 1 lock held by syzkaller535257/3316: [ 34.660764] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_llseek+0x56/0x1f0 [ 34.669805] [ 34.669805] stack backtrace: [ 34.674271] CPU: 0 PID: 3316 Comm: syzkaller535257 Not tainted 4.4.112-g5f6325b #28 [ 34.682031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.691356] 0000000000000000 817aef4324a95a6e ffff8801d0407ad8 ffffffff81d0579d [ 34.699318] ffffffff8519e1c0 ffffffff851a7d00 ffffffff851bc610 ffff8801d1e96798 [ 34.707280] ffff8801d1e95f00 ffff8801d0407b20 ffffffff81232c31 ffff8801d1e96798 [ 34.715241] Call Trace: [ 34.717801] [] dump_stack+0xc1/0x124 [ 34.723140] [] print_circular_bug+0x271/0x310 [ 34.729252] [] __lock_acquire+0x371f/0x4b50 [ 34.735192] [] ? perf_event_mmap+0x93/0x910 [ 34.741133] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 34.748113] [] ? vma_link+0xe4/0x170 [ 34.753443] [] ? __lock_is_held+0xa1/0xf0 [ 34.759210] [] lock_acquire+0x15e/0x460 [ 34.764804] [] ? shmem_file_llseek+0xf1/0x240 [ 34.770916] [] ? shmem_file_llseek+0xf1/0x240 [ 34.777029] [] mutex_lock_nested+0xbb/0x850 [ 34.782968] [] ? shmem_file_llseek+0xf1/0x240 [ 34.789080] [] ? mutex_lock_nested+0x5d4/0x850 [ 34.795280] [] ? __ww_mutex_lock+0x14f0/0x14f0 [ 34.801480] [] ? mutex_lock_nested+0x560/0x850 [ 34.807677