[ 22.435654] random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 26.182430] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available) [ 26.516146] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available) [ 27.465955] random: sshd: uninitialized urandom read (32 bytes read, 114 bits of entropy available) [ 33.794148] random: sshd: uninitialized urandom read (32 bytes read, 121 bits of entropy available) Warning: Permanently added '10.128.0.21' (ECDSA) to the list of known hosts. [ 39.193861] random: sshd: uninitialized urandom read (32 bytes read, 125 bits of entropy available) executing program [ 39.287809] [ 39.290348] ====================================================== [ 39.296643] [ INFO: possible circular locking dependency detected ] [ 39.303017] 4.4.113-g962d1f3 #2 Not tainted [ 39.307303] ------------------------------------------------------- [ 39.313676] syzkaller815524/4054 is trying to acquire lock: [ 39.319351] (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [] shmem_file_llseek+0xf1/0x240 [ 39.329826] [ 39.329826] but task is already holding lock: [ 39.335769] (ashmem_mutex){+.+.+.}, at: [] ashmem_llseek+0x56/0x1f0 [ 39.344262] [ 39.344262] which lock already depends on the new lock. [ 39.344262] [ 39.352641] [ 39.352641] the existing dependency chain (in reverse order) is: [ 39.360237] -> #2 (ashmem_mutex){+.+.+.}: [ 39.365007] [] lock_acquire+0x15e/0x460 [ 39.371242] [] mutex_lock_nested+0xbb/0x850 [ 39.377820] [] ashmem_mmap+0x53/0x400 [ 39.383876] [] mmap_region+0x94f/0x1250 [ 39.390109] [] do_mmap+0x4fd/0x9d0 [ 39.395910] [] vm_mmap_pgoff+0x16e/0x1c0 [ 39.402228] [] SyS_mmap_pgoff+0x33f/0x560 [ 39.408634] [] do_fast_syscall_32+0x314/0x890 [ 39.415389] [] sysenter_flags_fixed+0xd/0x17 [ 39.422058] -> #1 (&mm->mmap_sem){++++++}: [ 39.426895] [] lock_acquire+0x15e/0x460 [ 39.433128] [] __might_fault+0x14a/0x1d0 [ 39.439452] [] filldir+0x162/0x2d0 [ 39.445253] [] dcache_readdir+0x11e/0x7b0 [ 39.451655] [] iterate_dir+0x1c8/0x420 [ 39.457811] [] SyS_getdents+0x14a/0x270 [ 39.464044] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 39.471235] -> #0 (&sb->s_type->i_mutex_key#10){+.+.+.}: [ 39.477403] [] __lock_acquire+0x371f/0x4b50 [ 39.483986] [] lock_acquire+0x15e/0x460 [ 39.490214] [] mutex_lock_nested+0xbb/0x850 [ 39.496807] [] shmem_file_llseek+0xf1/0x240 [ 39.503393] [] vfs_llseek+0xa2/0xd0 [ 39.509292] [] ashmem_llseek+0xe7/0x1f0 [ 39.515536] [] compat_SyS_lseek+0xeb/0x170 [ 39.522069] [] do_fast_syscall_32+0x314/0x890 [ 39.528830] [] sysenter_flags_fixed+0xd/0x17 [ 39.535514] [ 39.535514] other info that might help us debug this: [ 39.535514] [ 39.543631] Chain exists of: &sb->s_type->i_mutex_key#10 --> &mm->mmap_sem --> ashmem_mutex [ 39.553353] Possible unsafe locking scenario: [ 39.553353] [ 39.559378] CPU0 CPU1 [ 39.564023] ---- ---- [ 39.568662] lock(ashmem_mutex); [ 39.572319] lock(&mm->mmap_sem); [ 39.578575] lock(ashmem_mutex); [ 39.584741] lock(&sb->s_type->i_mutex_key#10); [ 39.589820] [ 39.589820] *** DEADLOCK *** [ 39.589820] [ 39.595851] 1 lock held by syzkaller815524/4054: [ 39.600570] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_llseek+0x56/0x1f0 [ 39.609619] [ 39.609619] stack backtrace: [ 39.614085] CPU: 0 PID: 4054 Comm: syzkaller815524 Not tainted 4.4.113-g962d1f3 #2 [ 39.621760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.631179] 0000000000000000 1e675825ad9a6012 ffff8801d72ffa58 ffffffff81d028ed [ 39.639156] ffffffff851a0200 ffffffff851a9ef0 ffffffff851be650 ffff8801d9588898 [ 39.647130] ffff8801d9588000 ffff8801d72ffaa0 ffffffff81232cc1 ffff8801d9588898 [ 39.655109] Call Trace: [ 39.657669] [] dump_stack+0xc1/0x124 [ 39.663017] [] print_circular_bug+0x271/0x310 [ 39.669133] [] __lock_acquire+0x371f/0x4b50 [ 39.675075] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 39.682058] [] ? __lock_is_held+0xa1/0xf0 [ 39.687825] [] lock_acquire+0x15e/0x460 [ 39.693421] [] ? shmem_file_llseek+0xf1/0x240 [ 39.699534] [] ? shmem_file_llseek+0xf1/0x240 [ 39.705652] [] mutex_lock_nested+0xbb/0x850 [ 39.711594] [] ? shmem_file_llseek+0xf1/0x240 [ 39.717717] [] ? mutex_lock_nested+0x5d4/0x850 [ 39.723922] [] ? __ww_mutex_lock+0x14f0/0x14f0 [ 39.730124] [] ? mutex_lock_nested+0x560/0x850 [ 39.736327] [] ? ashmem_llseek+0x56/0x1f0 [ 39.742093] [] shmem_file_llseek+0xf1/0x240 [ 39.748033] [] ? shmem_mmap+0x90/0x90 [ 39.753457] [] vfs_llseek+0xa2/0xd0 [ 39.758701] [] ashmem_llseek+0xe7/0x1f0 [ 39.764306] [] ? ashmem_read+0x200/0x200 [ 39.769989] [] compat_SyS_lseek+0xeb/0x170 [ 39.775844] [] ? SyS_lseek+0x170/0x170 [ 39.781352] [] do_fast_syscall_32+0x314/0x890 [ 39.787470] [