[ 16.847815] random: sshd: uninitialized urandom read (32 bytes read, 31 bits of entropy available) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 19.868823] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available) [ 20.379107] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available) [ 21.320442] random: sshd: uninitialized urandom read (32 bytes read, 117 bits of entropy available) [ 21.501610] random: sshd: uninitialized urandom read (32 bytes read, 121 bits of entropy available) Warning: Permanently added '10.128.0.56' (ECDSA) to the list of known hosts. [ 26.996083] random: sshd: uninitialized urandom read (32 bytes read, 126 bits of entropy available) executing program [ 27.114411] [ 27.116161] ====================================================== [ 27.122459] [ INFO: possible circular locking dependency detected ] [ 27.128844] 4.4.112-gca0ebb4 #22 Not tainted [ 27.133221] ------------------------------------------------------- [ 27.139601] syzkaller228583/3319 is trying to acquire lock: [ 27.145282] (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [] shmem_file_llseek+0xf1/0x240 [ 27.155600] [ 27.155600] but task is already holding lock: [ 27.161544] (ashmem_mutex){+.+.+.}, at: [] ashmem_llseek+0x56/0x1f0 [ 27.170086] [ 27.170086] which lock already depends on the new lock. [ 27.170086] [ 27.178376] [ 27.178376] the existing dependency chain (in reverse order) is: [ 27.186621] -> #2 (ashmem_mutex){+.+.+.}: [ 27.191444] [] lock_acquire+0x15e/0x460 [ 27.197718] [] mutex_lock_nested+0xbb/0x850 [ 27.204318] [] ashmem_mmap+0x53/0x400 [ 27.210401] [] mmap_region+0x94f/0x1250 [ 27.216743] [] do_mmap+0x4fd/0x9d0 [ 27.222553] [] vm_mmap_pgoff+0x16e/0x1c0 [ 27.228881] [] SyS_mmap_pgoff+0x33f/0x560 [ 27.235293] [] do_fast_syscall_32+0x314/0x890 [ 27.242139] [] sysenter_flags_fixed+0xd/0x17 [ 27.248834] -> #1 (&mm->mmap_sem){++++++}: [ 27.253716] [] lock_acquire+0x15e/0x460 [ 27.259957] [] __might_fault+0x14a/0x1d0 [ 27.266287] [] filldir+0x162/0x2d0 [ 27.272115] [] dcache_readdir+0x11e/0x7b0 [ 27.278531] [] iterate_dir+0x1c8/0x420 [ 27.284704] [] SyS_getdents+0x14a/0x270 [ 27.290973] [] entry_SYSCALL_64_fastpath+0x16/0x92 [ 27.298176] -> #0 (&sb->s_type->i_mutex_key#10){+.+.+.}: [ 27.304433] [] __lock_acquire+0x371f/0x4b50 [ 27.311043] [] lock_acquire+0x15e/0x460 [ 27.317288] [] mutex_lock_nested+0xbb/0x850 [ 27.323892] [] shmem_file_llseek+0xf1/0x240 [ 27.330480] [] vfs_llseek+0xa2/0xd0 [ 27.336399] [] ashmem_llseek+0xe7/0x1f0 [ 27.342647] [] compat_SyS_lseek+0xeb/0x170 [ 27.349159] [] do_fast_syscall_32+0x314/0x890 [ 27.355987] [] sysenter_flags_fixed+0xd/0x17 [ 27.362669] [ 27.362669] other info that might help us debug this: [ 27.362669] [ 27.370783] Chain exists of: &sb->s_type->i_mutex_key#10 --> &mm->mmap_sem --> ashmem_mutex [ 27.380529] Possible unsafe locking scenario: [ 27.380529] [ 27.386565] CPU0 CPU1 [ 27.391204] ---- ---- [ 27.395842] lock(ashmem_mutex); [ 27.399526] lock(&mm->mmap_sem); [ 27.405797] lock(ashmem_mutex); [ 27.412021] lock(&sb->s_type->i_mutex_key#10); [ 27.417117] [ 27.417117] *** DEADLOCK *** [ 27.417117] [ 27.423165] 1 lock held by syzkaller228583/3319: [ 27.427892] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_llseek+0x56/0x1f0 [ 27.436982] [ 27.436982] stack backtrace: [ 27.441461] CPU: 1 PID: 3319 Comm: syzkaller228583 Not tainted 4.4.112-gca0ebb4 #22 [ 27.449249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.458763] 0000000000000000 0bb8a0cfb80a4f0b ffff8801d0277a58 ffffffff81d056fd [ 27.466778] ffffffff8519e520 ffffffff851a8210 ffffffff851bc610 ffff8800b5216798 [ 27.474779] ffff8800b5215f00 ffff8801d0277aa0 ffffffff81232b91 ffff8800b5216798 [ 27.482760] Call Trace: [ 27.485882] [] dump_stack+0xc1/0x124 [ 27.491252] [] print_circular_bug+0x271/0x310 [ 27.497371] [] __lock_acquire+0x371f/0x4b50 [ 27.503330] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 27.510334] [] ? __lock_is_held+0xa1/0xf0 [ 27.516119] [] lock_acquire+0x15e/0x460 [ 27.521720] [] ? shmem_file_llseek+0xf1/0x240 [ 27.527849] [] ? shmem_file_llseek+0xf1/0x240 [ 27.533978] [] mutex_lock_nested+0xbb/0x850 [ 27.540185] [] ? shmem_file_llseek+0xf1/0x240 [ 27.546307] [] ? mutex_lock_nested+0x5d4/0x850 [ 27.552535] [] ? __ww_mutex_lock+0x14f0/0x14f0 [ 27.558834] [] ? mutex_lock_nested+0x560/0x850 [ 27.565045] [] ? ashmem_llseek+0x56/0x1f0 [ 27.570819] [] shmem_file_llseek+0xf1/0x240 [ 27.576765] [] ? shmem_mmap+0x90/0x90 [ 27.582217] [] vfs_llseek+0xa2/0xd0 [ 27.587478] [] ashmem_llseek+0xe7/0x1f0 [ 27.593184] [] ? ashmem_read+0x200/0x200 [ 27.599048] [] compat_SyS_lseek+0xeb/0x170 [ 27.604908] [] ? SyS_lseek+0x170/0x170 [ 27.610431] [] do_fast_syscall_32+0x314/0x890 [