[ 16.191542] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available) [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.952219] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 21.228362] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 22.176365] random: sshd: uninitialized urandom read (32 bytes read, 120 bits of entropy available) [ 22.336262] random: sshd: uninitialized urandom read (32 bytes read, 124 bits of entropy available) [ 26.295663] random: nonblocking pool is initialized Warning: Permanently added '10.128.0.23' (ECDSA) to the list of known hosts. executing program [ 27.791082] [ 27.792732] ====================================================== [ 27.799016] [ INFO: possible circular locking dependency detected ] [ 27.805393] 4.4.113-ge70c132 #27 Not tainted [ 27.809783] ------------------------------------------------------- [ 27.816154] syzkaller065204/3317 is trying to acquire lock: [ 27.821830] (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [] shmem_file_llseek+0xf1/0x240 [ 27.832095] [ 27.832095] but task is already holding lock: [ 27.838039] (ashmem_mutex){+.+.+.}, at: [] ashmem_llseek+0x56/0x1f0 [ 27.846530] [ 27.846530] which lock already depends on the new lock. [ 27.846530] [ 27.854824] [ 27.854824] the existing dependency chain (in reverse order) is: [ 27.862412] -> #2 (ashmem_mutex){+.+.+.}: [ 27.867166] [] lock_acquire+0x15e/0x460 [ 27.873405] [] mutex_lock_nested+0xbb/0x850 [ 27.879994] [] ashmem_mmap+0x53/0x400 [ 27.886053] [] mmap_region+0x94f/0x1250 [ 27.892285] [] do_mmap+0x4fd/0x9d0 [ 27.898085] [] vm_mmap_pgoff+0x16e/0x1c0 [ 27.904400] [] SyS_mmap_pgoff+0x33f/0x560 [ 27.910805] [] do_fast_syscall_32+0x314/0x890 [ 27.917552] [] sysenter_flags_fixed+0xd/0x17 [ 27.924215] -> #1 (&mm->mmap_sem){++++++}: [ 27.929061] [] lock_acquire+0x15e/0x460 [ 27.935292] [] __might_fault+0x14a/0x1d0 [ 27.941609] [] filldir+0x162/0x2d0 [ 27.947405] [] dcache_readdir+0x11e/0x7b0 [ 27.953809] [] iterate_dir+0x1c8/0x420 [ 27.959954] [] SyS_getdents+0x14a/0x270 [ 27.966181] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 27.973373] -> #0 (&sb->s_type->i_mutex_key#10){+.+.+.}: [ 27.979544] [] __lock_acquire+0x371f/0x4b50 [ 27.986115] [] lock_acquire+0x15e/0x460 [ 27.992341] [] mutex_lock_nested+0xbb/0x850 [ 27.998921] [] shmem_file_llseek+0xf1/0x240 [ 28.005509] [] vfs_llseek+0xa2/0xd0 [ 28.011393] [] ashmem_llseek+0xe7/0x1f0 [ 28.017628] [] compat_SyS_lseek+0xeb/0x170 [ 28.024114] [] do_fast_syscall_32+0x314/0x890 [ 28.030865] [] sysenter_flags_fixed+0xd/0x17 [ 28.037537] [ 28.037537] other info that might help us debug this: [ 28.037537] [ 28.045645] Chain exists of: &sb->s_type->i_mutex_key#10 --> &mm->mmap_sem --> ashmem_mutex [ 28.055340] Possible unsafe locking scenario: [ 28.055340] [ 28.061362] CPU0 CPU1 [ 28.066437] ---- ---- [ 28.071069] lock(ashmem_mutex); [ 28.074714] lock(&mm->mmap_sem); [ 28.080976] lock(ashmem_mutex); [ 28.087140] lock(&sb->s_type->i_mutex_key#10); [ 28.092206] [ 28.092206] *** DEADLOCK *** [ 28.092206] [ 28.098234] 1 lock held by syzkaller065204/3317: [ 28.102953] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_llseek+0x56/0x1f0 [ 28.111993] [ 28.111993] stack backtrace: [ 28.116458] CPU: 1 PID: 3317 Comm: syzkaller065204 Not tainted 4.4.113-ge70c132 #27 [ 28.124217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.133540] 0000000000000000 231479759b665a60 ffff8800b4a9fa58 ffffffff81d0278d [ 28.141509] ffffffff851a0560 ffffffff851aa0a0 ffffffff851bf220 ffff8801d0d08898 [ 28.149479] ffff8801d0d08000 ffff8800b4a9faa0 ffffffff81232b51 ffff8801d0d08898 [ 28.157438] Call Trace: [ 28.159997] [] dump_stack+0xc1/0x124 [ 28.165330] [] print_circular_bug+0x271/0x310 [ 28.171443] [] __lock_acquire+0x371f/0x4b50 [ 28.177385] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 28.184824] [] ? __lock_is_held+0xa1/0xf0 [ 28.190589] [] lock_acquire+0x15e/0x460 [ 28.196183] [] ? shmem_file_llseek+0xf1/0x240 [ 28.202296] [] ? shmem_file_llseek+0xf1/0x240 [ 28.208411] [] mutex_lock_nested+0xbb/0x850 [ 28.214350] [] ? shmem_file_llseek+0xf1/0x240 [ 28.220469] [] ? mutex_lock_nested+0x5d4/0x850 [ 28.226668] [] ? __ww_mutex_lock+0x14f0/0x14f0 [ 28.232873] [] ? mutex_lock_nested+0x560/0x850 [ 28.239076] [] ? ashmem_llseek+0x56/0x1f0 [ 28.244844] [] shmem_file_llseek+0xf1/0x240 [ 28.250785] [] ? shmem_mmap+0x90/0x90 [ 28.256204] [] vfs_llseek+0xa2/0xd0 [ 28.261450] [] ashmem_llseek+0xe7/0x1f0 [ 28.267041] [] ? ashmem_read+0x200/0x200 [ 28.272724] [] compat_SyS_lseek+0xeb/0x170 [ 28.278574] [] ? SyS_lseek+0x170/0x170 [ 28.284078] [] do_fast_syscall_32+0x314/0x890 [ 28.290198] []