[ 22.425964] random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 27.070308] random: sshd: uninitialized urandom read (32 bytes read, 40 bits of entropy available) [ 27.376873] random: sshd: uninitialized urandom read (32 bytes read, 42 bits of entropy available) [ 28.345109] random: sshd: uninitialized urandom read (32 bytes read, 106 bits of entropy available) [ 28.522888] random: sshd: uninitialized urandom read (32 bytes read, 110 bits of entropy available) Warning: Permanently added '10.128.0.46' (ECDSA) to the list of known hosts. [ 33.933518] random: sshd: uninitialized urandom read (32 bytes read, 118 bits of entropy available) executing program [ 34.035114] [ 34.036774] ====================================================== [ 34.043059] [ INFO: possible circular locking dependency detected ] [ 34.049433] 4.4.114-ga81d322 #4 Not tainted [ 34.053718] ------------------------------------------------------- [ 34.060088] syzkaller539241/4046 is trying to acquire lock: [ 34.065762] (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [] shmem_file_llseek+0xf1/0x240 [ 34.076030] [ 34.076030] but task is already holding lock: [ 34.081968] (ashmem_mutex){+.+.+.}, at: [] ashmem_llseek+0x56/0x1f0 [ 34.090462] [ 34.090462] which lock already depends on the new lock. [ 34.090462] [ 34.098744] [ 34.098744] the existing dependency chain (in reverse order) is: [ 34.106332] -> #2 (ashmem_mutex){+.+.+.}: [ 34.111086] [] lock_acquire+0x15e/0x460 [ 34.117320] [] mutex_lock_nested+0xbb/0x850 [ 34.123899] [] ashmem_mmap+0x53/0x400 [ 34.129969] [] mmap_region+0x94f/0x1250 [ 34.136200] [] do_mmap+0x4fd/0x9d0 [ 34.141993] [] vm_mmap_pgoff+0x16e/0x1c0 [ 34.148311] [] SyS_mmap_pgoff+0x33f/0x560 [ 34.154721] [] SyS_mmap+0x16/0x20 [ 34.160445] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 34.167632] -> #1 (&mm->mmap_sem){++++++}: [ 34.172475] [] lock_acquire+0x15e/0x460 [ 34.178713] [] __might_fault+0x14a/0x1d0 [ 34.185031] [] filldir+0x162/0x2d0 [ 34.190828] [] dcache_readdir+0x11e/0x7b0 [ 34.197256] [] iterate_dir+0x1c8/0x420 [ 34.203407] [] SyS_getdents+0x14a/0x270 [ 34.209636] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 34.216832] -> #0 (&sb->s_type->i_mutex_key#10){+.+.+.}: [ 34.223006] [] __lock_acquire+0x371f/0x4b50 [ 34.229583] [] lock_acquire+0x15e/0x460 [ 34.235817] [] mutex_lock_nested+0xbb/0x850 [ 34.242399] [] shmem_file_llseek+0xf1/0x240 [ 34.249007] [] vfs_llseek+0xa2/0xd0 [ 34.254894] [] ashmem_llseek+0xe7/0x1f0 [ 34.261142] [] SyS_lseek+0xeb/0x170 [ 34.267037] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 34.274228] [ 34.274228] other info that might help us debug this: [ 34.274228] [ 34.282343] Chain exists of: &sb->s_type->i_mutex_key#10 --> &mm->mmap_sem --> ashmem_mutex [ 34.292054] Possible unsafe locking scenario: [ 34.292054] [ 34.298079] CPU0 CPU1 [ 34.302714] ---- ---- [ 34.307366] lock(ashmem_mutex); [ 34.311022] lock(&mm->mmap_sem); [ 34.317297] lock(ashmem_mutex); [ 34.323472] lock(&sb->s_type->i_mutex_key#10); [ 34.328551] [ 34.328551] *** DEADLOCK *** [ 34.328551] [ 34.334581] 1 lock held by syzkaller539241/4046: [ 34.339303] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_llseek+0x56/0x1f0 [ 34.348373] [ 34.348373] stack backtrace: [ 34.352842] CPU: 0 PID: 4046 Comm: syzkaller539241 Not tainted 4.4.114-ga81d322 #4 [ 34.360534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.369869] 0000000000000000 929849d1f523ab01 ffff8800b9777ad8 ffffffff81d0394d [ 34.377841] ffffffff851a0240 ffffffff851a9f30 ffffffff851be9f0 ffff8801d729e8f8 [ 34.385808] ffff8801d729e000 ffff8800b9777b20 ffffffff81233b91 ffff8801d729e8f8 [ 34.393774] Call Trace: [ 34.396342] [] dump_stack+0xc1/0x124 [ 34.401679] [] print_circular_bug+0x271/0x310 [ 34.407791] [] __lock_acquire+0x371f/0x4b50 [ 34.413732] [] ? perf_event_mmap+0x93/0x910 [ 34.419679] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 34.426664] [] ? vma_link+0xe4/0x170 [ 34.431997] [] ? __lock_is_held+0xa1/0xf0 [ 34.437762] [] lock_acquire+0x15e/0x460 [ 34.443359] [] ? shmem_file_llseek+0xf1/0x240 [ 34.449474] [] ? shmem_file_llseek+0xf1/0x240 [ 34.455592] [] mutex_lock_nested+0xbb/0x850 [ 34.461532] [] ? shmem_file_llseek+0xf1/0x240 [ 34.467651] [] ? mutex_lock_nested+0x5d4/0x850 [ 34.473856] [] ? __ww_mutex_lock+0x14f0/0x14f0 [ 34.480067] [] ? mutex_lock_nested+0x560/0x850 [ 34.48