[ 20.232410] random: sshd: uninitialized urandom read (32 bytes read, 31 bits of entropy available) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [ 21.060398] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available) [ 21.400245] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 22.456795] random: sshd: uninitialized urandom read (32 bytes read, 105 bits of entropy available) [ 22.679463] random: sshd: uninitialized urandom read (32 bytes read, 109 bits of entropy available) Warning: Permanently added '10.128.15.237' (ECDSA) to the list of known hosts. [ 28.100811] random: sshd: uninitialized urandom read (32 bytes read, 117 bits of entropy available) executing program [ 28.213167] [ 28.214849] ====================================================== [ 28.221161] [ INFO: possible circular locking dependency detected ] [ 28.231388] 4.4.112-gca0ebb4 #22 Not tainted [ 28.235781] ------------------------------------------------------- [ 28.242171] syzkaller008408/3323 is trying to acquire lock: [ 28.247863] (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [] shmem_file_llseek+0xf1/0x240 [ 28.258214] [ 28.258214] but task is already holding lock: [ 28.264162] (ashmem_mutex){+.+.+.}, at: [] ashmem_llseek+0x56/0x1f0 [ 28.272692] [ 28.272692] which lock already depends on the new lock. [ 28.272692] [ 28.280999] [ 28.280999] the existing dependency chain (in reverse order) is: [ 28.296507] -> #2 (ashmem_mutex){+.+.+.}: [ 28.302953] [] lock_acquire+0x15e/0x460 [ 28.309338] [] mutex_lock_nested+0xbb/0x850 [ 28.315970] [] ashmem_mmap+0x53/0x400 [ 28.322089] [] mmap_region+0x94f/0x1250 [ 28.328351] [] do_mmap+0x4fd/0x9d0 [ 28.334269] [] vm_mmap_pgoff+0x16e/0x1c0 [ 28.340616] [] SyS_mmap_pgoff+0x33f/0x560 [ 28.347068] [] do_fast_syscall_32+0x314/0x890 [ 28.353962] [] sysenter_flags_fixed+0xd/0x17 [ 28.361610] -> #1 (&mm->mmap_sem){++++++}: [ 28.367320] [] lock_acquire+0x15e/0x460 [ 28.373577] [] __might_fault+0x14a/0x1d0 [ 28.379916] [] filldir+0x162/0x2d0 [ 28.385747] [] dcache_readdir+0x11e/0x7b0 [ 28.392173] [] iterate_dir+0x1c8/0x420 [ 28.398343] [] SyS_getdents+0x14a/0x270 [ 28.404640] [] entry_SYSCALL_64_fastpath+0x16/0x92 [ 28.411857] -> #0 (&sb->s_type->i_mutex_key#10){+.+.+.}: [ 28.418158] [] __lock_acquire+0x371f/0x4b50 [ 28.425897] [] lock_acquire+0x15e/0x460 [ 28.432171] [] mutex_lock_nested+0xbb/0x850 [ 28.440287] [] shmem_file_llseek+0xf1/0x240 [ 28.446899] [] vfs_llseek+0xa2/0xd0 [ 28.452802] [] ashmem_llseek+0xe7/0x1f0 [ 28.459049] [] compat_SyS_lseek+0xeb/0x170 [ 28.465605] [] do_fast_syscall_32+0x314/0x890 [ 28.472388] [] sysenter_flags_fixed+0xd/0x17 [ 28.479111] [ 28.479111] other info that might help us debug this: [ 28.479111] [ 28.489868] Chain exists of: &sb->s_type->i_mutex_key#10 --> &mm->mmap_sem --> ashmem_mutex [ 28.504116] Possible unsafe locking scenario: [ 28.504116] [ 28.510177] CPU0 CPU1 [ 28.514823] ---- ---- [ 28.519464] lock(ashmem_mutex); [ 28.523152] lock(&mm->mmap_sem); [ 28.529557] lock(ashmem_mutex); [ 28.535864] lock(&sb->s_type->i_mutex_key#10); [ 28.540990] [ 28.540990] *** DEADLOCK *** [ 28.540990] [ 28.547750] 1 lock held by syzkaller008408/3323: [ 28.552505] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_llseek+0x56/0x1f0 [ 28.568119] [ 28.568119] stack backtrace: [ 28.572601] CPU: 1 PID: 3323 Comm: syzkaller008408 Not tainted 4.4.112-gca0ebb4 #22 [ 28.580819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.591933] 0000000000000000 58661873ae2e734c ffff8800b44b7a58 ffffffff81d056fd [ 28.601689] ffffffff8519e880 ffffffff851a7eb0 ffffffff851bc460 ffff8800b5df2058 [ 28.617807] ffff8800b5df17c0 ffff8800b44b7aa0 ffffffff81232b91 ffff8800b5df2058 [ 28.628923] Call Trace: [ 28.633261] [] dump_stack+0xc1/0x124 [ 28.639551] [] print_circular_bug+0x271/0x310 [ 28.645962] [] __lock_acquire+0x371f/0x4b50 [ 28.654088] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 28.661400] [] ? __lock_is_held+0xa1/0xf0 [ 28.667378] [] lock_acquire+0x15e/0x460 [ 28.673013] [] ? shmem_file_llseek+0xf1/0x240 [ 28.679149] [] ? shmem_file_llseek+0xf1/0x240 [ 28.685317] [] mutex_lock_nested+0xbb/0x850 [ 28.691286] [] ? shmem_file_llseek+0xf1/0x240 [ 28.697518] [] ? mutex_lock_nested+0x5d4/0x850 [ 28.703740] [] ? __ww_mutex_lock+0x14f0/0x14f0 [ 28.709967] [] ? mutex_lock_nested+0x560/0x850 [ 28.716193] [] ? ashmem_llseek+0x56/0x1f0 [ 28.721986] [] shmem_file_llseek+0xf1/0x240 [ 28.727955] [] ? shmem_mmap+0x90/0x90 [ 28.733419] [] vfs_llseek+0xa2/0xd0 [ 28.738687] [] ashmem_llseek+0xe7/0x1f0 [ 28.744315] [] ? ashmem_read+0x200/0x200 [ 28.750023] [] compat_SyS_lseek+0xeb/0x170 [ 28.755908] [] ? SyS_lseek+0x170/0x170 [ 28.761439] [] do_fast_syscall_