[ 15.593486] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.917932] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 21.354119] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 22.223996] random: sshd: uninitialized urandom read (32 bytes read, 104 bits of entropy available) [ 22.388497] random: sshd: uninitialized urandom read (32 bytes read, 109 bits of entropy available) Warning: Permanently added '10.128.15.196' (ECDSA) to the list of known hosts. [ 27.760062] random: sshd: uninitialized urandom read (32 bytes read, 116 bits of entropy available) executing program [ 27.864472] [ 27.866106] ====================================================== [ 27.872390] [ INFO: possible circular locking dependency detected ] [ 27.878775] 4.4.112-g3fc4284 #25 Not tainted [ 27.883148] ------------------------------------------------------- [ 27.889519] syzkaller019158/3317 is trying to acquire lock: [ 27.895191] (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [] shmem_file_llseek+0xf1/0x240 [ 27.905447] [ 27.905447] but task is already holding lock: [ 27.911382] (ashmem_mutex){+.+.+.}, at: [] ashmem_llseek+0x56/0x1f0 [ 27.919874] [ 27.919874] which lock already depends on the new lock. [ 27.919874] [ 27.928164] [ 27.928164] the existing dependency chain (in reverse order) is: [ 27.935757] -> #2 (ashmem_mutex){+.+.+.}: [ 27.940508] [] lock_acquire+0x15e/0x460 [ 27.946737] [] mutex_lock_nested+0xbb/0x850 [ 27.953320] [] ashmem_mmap+0x53/0x400 [ 27.959376] [] mmap_region+0x94f/0x1250 [ 27.965609] [] do_mmap+0x4fd/0x9d0 [ 27.971401] [] vm_mmap_pgoff+0x16e/0x1c0 [ 27.977718] [] SyS_mmap_pgoff+0x33f/0x560 [ 27.984124] [] do_fast_syscall_32+0x314/0x890 [ 27.990872] [] sysenter_flags_fixed+0xd/0x17 [ 27.997537] -> #1 (&mm->mmap_sem){++++++}: [ 28.002371] [] lock_acquire+0x15e/0x460 [ 28.008599] [] __might_fault+0x14a/0x1d0 [ 28.014910] [] filldir+0x162/0x2d0 [ 28.020706] [] dcache_readdir+0x11e/0x7b0 [ 28.027111] [] iterate_dir+0x1c8/0x420 [ 28.033257] [] SyS_getdents+0x14a/0x270 [ 28.039495] [] entry_SYSCALL_64_fastpath+0x16/0x92 [ 28.046680] -> #0 (&sb->s_type->i_mutex_key#10){+.+.+.}: [ 28.052854] [] __lock_acquire+0x371f/0x4b50 [ 28.059431] [] lock_acquire+0x15e/0x460 [ 28.065660] [] mutex_lock_nested+0xbb/0x850 [ 28.072236] [] shmem_file_llseek+0xf1/0x240 [ 28.078813] [] vfs_llseek+0xa2/0xd0 [ 28.084692] [] ashmem_llseek+0xe7/0x1f0 [ 28.090923] [] compat_SyS_lseek+0xeb/0x170 [ 28.097422] [] do_fast_syscall_32+0x314/0x890 [ 28.104176] [] sysenter_flags_fixed+0xd/0x17 [ 28.110845] [ 28.110845] other info that might help us debug this: [ 28.110845] [ 28.118953] Chain exists of: &sb->s_type->i_mutex_key#10 --> &mm->mmap_sem --> ashmem_mutex [ 28.128655] Possible unsafe locking scenario: [ 28.128655] [ 28.134680] CPU0 CPU1 [ 28.139313] ---- ---- [ 28.143943] lock(ashmem_mutex); [ 28.147600] lock(&mm->mmap_sem); [ 28.153855] lock(ashmem_mutex); [ 28.160026] lock(&sb->s_type->i_mutex_key#10); [ 28.165092] [ 28.165092] *** DEADLOCK *** [ 28.165092] [ 28.171122] 1 lock held by syzkaller019158/3317: [ 28.175842] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_llseek+0x56/0x1f0 [ 28.184913] [ 28.184913] stack backtrace: [ 28.189389] CPU: 0 PID: 3317 Comm: syzkaller019158 Not tainted 4.4.112-g3fc4284 #25 [ 28.197160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.206485] 0000000000000000 48aa386db25bc728 ffff8800b3ebfa58 ffffffff81d054ed [ 28.214453] ffffffff8519e370 ffffffff851a7eb0 ffffffff851bc970 ffff8801d1280898 [ 28.222414] ffff8801d1280000 ffff8800b3ebfaa0 ffffffff81232b91 ffff8801d1280898 [ 28.230374] Call Trace: [ 28.232931] [] dump_stack+0xc1/0x124 [ 28.238263] [] print_circular_bug+0x271/0x310 [ 28.244378] [] __lock_acquire+0x371f/0x4b50 [ 28.250318] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 28.257299] [] ? __lock_is_held+0xa1/0xf0 [ 28.263067] [] lock_acquire+0x15e/0x460 [ 28.268660] [] ? shmem_file_llseek+0xf1/0x240 [ 28.274772] [] ? shmem_file_llseek+0xf1/0x240 [ 28.280889] [] mutex_lock_nested+0xbb/0x850 [ 28.286827] [] ? shmem_file_llseek+0xf1/0x240 [ 28.292942] [] ? mutex_lock_nested+0x5d4/0x850 [ 28.299142] [] ? __ww_mutex_lock+0x14f0/0x14f0 [ 28.305341] [] ? mutex_lock_nested+0x560/0x850 [ 28.311542] [] ? ashmem_llseek+0x56/0x1f0 [ 28.317307] [] shmem_file_llseek+0xf1/0x240 [ 28.323249] [] ? shmem_mmap+0x90/0x90 [ 28.328669] [] vfs_llseek+0xa2/0xd0 [ 28.333912] [] ashmem_llseek+0xe7/0x1f0 [ 28.339504] [] ? ashmem_read+0x200/0x200 [ 28.345185] [] compat_SyS_lseek+0xeb/0x170 [ 28.351040] [] ? SyS_lseek+0x170/0x170 [ 28.356545] [] do_fast_syscall_32+0x314/0x890 [ 28.362662] [] sysenter_f