[ 15.445952] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.941075] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 21.235991] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 22.207955] random: sshd: uninitialized urandom read (32 bytes read, 118 bits of entropy available) [ 22.379946] random: sshd: uninitialized urandom read (32 bytes read, 122 bits of entropy available) Warning: Permanently added '10.128.0.57' (ECDSA) to the list of known hosts. [ 27.730530] random: nonblocking pool is initialized executing program [ 27.836725] [ 27.838371] ====================================================== [ 27.844655] [ INFO: possible circular locking dependency detected ] [ 27.851027] 4.4.112-g3fc4284 #25 Not tainted [ 27.855401] ------------------------------------------------------- [ 27.861775] syzkaller589209/3313 is trying to acquire lock: [ 27.867454] (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [] shmem_file_llseek+0xf1/0x240 [ 27.877725] [ 27.877725] but task is already holding lock: [ 27.883661] (ashmem_mutex){+.+.+.}, at: [] ashmem_llseek+0x56/0x1f0 [ 27.892176] [ 27.892176] which lock already depends on the new lock. [ 27.892176] [ 27.900459] [ 27.900459] the existing dependency chain (in reverse order) is: [ 27.908046] -> #2 (ashmem_mutex){+.+.+.}: [ 27.912796] [] lock_acquire+0x15e/0x460 [ 27.919029] [] mutex_lock_nested+0xbb/0x850 [ 27.925635] [] ashmem_mmap+0x53/0x400 [ 27.931699] [] mmap_region+0x94f/0x1250 [ 27.937935] [] do_mmap+0x4fd/0x9d0 [ 27.943756] [] vm_mmap_pgoff+0x16e/0x1c0 [ 27.950083] [] SyS_mmap_pgoff+0x33f/0x560 [ 27.956488] [] do_fast_syscall_32+0x314/0x890 [ 27.963259] [] sysenter_flags_fixed+0xd/0x17 [ 27.969932] -> #1 (&mm->mmap_sem){++++++}: [ 27.974773] [] lock_acquire+0x15e/0x460 [ 27.981009] [] __might_fault+0x14a/0x1d0 [ 27.987332] [] filldir+0x162/0x2d0 [ 27.993139] [] dcache_readdir+0x11e/0x7b0 [ 27.999547] [] iterate_dir+0x1c8/0x420 [ 28.005688] [] SyS_getdents+0x14a/0x270 [ 28.011920] [] entry_SYSCALL_64_fastpath+0x16/0x92 [ 28.019108] -> #0 (&sb->s_type->i_mutex_key#10){+.+.+.}: [ 28.025286] [] __lock_acquire+0x371f/0x4b50 [ 28.031864] [] lock_acquire+0x15e/0x460 [ 28.038095] [] mutex_lock_nested+0xbb/0x850 [ 28.044678] [] shmem_file_llseek+0xf1/0x240 [ 28.051259] [] vfs_llseek+0xa2/0xd0 [ 28.057147] [] ashmem_llseek+0xe7/0x1f0 [ 28.063377] [] compat_SyS_lseek+0xeb/0x170 [ 28.069867] [] do_fast_syscall_32+0x314/0x890 [ 28.076623] [] sysenter_flags_fixed+0xd/0x17 [ 28.083292] [ 28.083292] other info that might help us debug this: [ 28.083292] [ 28.091404] Chain exists of: &sb->s_type->i_mutex_key#10 --> &mm->mmap_sem --> ashmem_mutex [ 28.101123] Possible unsafe locking scenario: [ 28.101123] [ 28.107151] CPU0 CPU1 [ 28.111785] ---- ---- [ 28.116420] lock(ashmem_mutex); [ 28.120071] lock(&mm->mmap_sem); [ 28.126329] lock(ashmem_mutex); [ 28.132500] lock(&sb->s_type->i_mutex_key#10); [ 28.137571] [ 28.137571] *** DEADLOCK *** [ 28.137571] [ 28.143598] 1 lock held by syzkaller589209/3313: [ 28.148318] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_llseek+0x56/0x1f0 [ 28.157373] [ 28.157373] stack backtrace: [ 28.161838] CPU: 1 PID: 3313 Comm: syzkaller589209 Not tainted 4.4.112-g3fc4284 #25 [ 28.169598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.178922] 0000000000000000 0892443ced23c820 ffff8800b535fa58 ffffffff81d054ed [ 28.186898] ffffffff8519e370 ffffffff851a7d00 ffffffff851bcb20 ffff8800b506cfd8 [ 28.194865] ffff8800b506c740 ffff8800b535faa0 ffffffff81232b91 ffff8800b506cfd8 [ 28.202831] Call Trace: [ 28.205399] [] dump_stack+0xc1/0x124 [ 28.210738] [] print_circular_bug+0x271/0x310 [ 28.216852] [] __lock_acquire+0x371f/0x4b50 [ 28.222792] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 28.229773] [] ? __lock_is_held+0xa1/0xf0 [ 28.235540] [] lock_acquire+0x15e/0x460 [ 28.241491] [] ? shmem_file_llseek+0xf1/0x240 [ 28.247615] [] ? shmem_file_llseek+0xf1/0x240 [ 28.253734] [] mutex_lock_nested+0xbb/0x850 [ 28.259675] [] ? shmem_file_llseek+0xf1/0x240 [ 28.265790] [] ? mutex_lock_nested+0x5d4/0x850 [ 28.271992] [] ? __ww_mutex_lock+0x14f0/0x14f0 [ 28.278193] [] ? mutex_lock_nested+0x560/0x850 [ 28.284396] [] ? ashmem_llseek+0x56/0x1f0 [ 28.290164] [] shmem_file_llseek+0xf1/0x240 [ 28.296105] [] ? shmem_mmap+0x90/0x90 [ 28.301532] [] vfs_llseek+0xa2/0xd0 [ 28.306957] [] ashmem_llseek+0xe7/0x1f0 [ 28.312553] [] ? ashmem_read+0x200/0x200 [ 28.318241] [] compat_SyS_lseek+0xeb/0x170 [ 28.324093] [] ? SyS_lseek+0x170/0x170 [ 28.329606] [] do_fast_syscall_32+0x314/0x890 [ 28.335745] []