[ 20.775531] random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available) [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 25.420045] random: sshd: uninitialized urandom read (32 bytes read, 41 bits of entropy available) [ 25.683691] random: sshd: uninitialized urandom read (32 bytes read, 42 bits of entropy available) [ 26.705028] random: sshd: uninitialized urandom read (32 bytes read, 117 bits of entropy available) [ 26.868730] random: sshd: uninitialized urandom read (32 bytes read, 122 bits of entropy available) Warning: Permanently added '10.128.10.0' (ECDSA) to the list of known hosts. [ 32.259941] random: sshd: uninitialized urandom read (32 bytes read, 126 bits of entropy available) 2018/03/20 21:55:50 parsed 1 programs 2018/03/20 21:55:50 executed programs: 0 [ 32.599098] IPVS: Creating netns size=2552 id=1 [ 32.629733] [ 32.631365] ====================================================== [ 32.637661] [ INFO: possible circular locking dependency detected ] [ 32.644036] 4.4.120-gd63fdf6 #29 Not tainted [ 32.648408] ------------------------------------------------------- [ 32.654781] syz-executor0/3818 is trying to acquire lock: [ 32.660287] (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [] shmem_file_llseek+0xf1/0x240 [ 32.670586] [ 32.670586] but task is already holding lock: [ 32.676523] (ashmem_mutex){+.+.+.}, at: [] ashmem_llseek+0x56/0x1f0 [ 32.685016] [ 32.685016] which lock already depends on the new lock. [ 32.685016] [ 32.693298] [ 32.693298] the existing dependency chain (in reverse order) is: [ 32.700887] -> #2 (ashmem_mutex){+.+.+.}: [ 32.705662] [] lock_acquire+0x15e/0x460 [ 32.711894] [] mutex_lock_nested+0xbb/0x850 [ 32.718470] [] ashmem_mmap+0x53/0x400 [ 32.724528] [] mmap_region+0x94f/0x1250 [ 32.730757] [] do_mmap+0x4fd/0x9d0 [ 32.736547] [] vm_mmap_pgoff+0x16e/0x1c0 [ 32.742860] [] SyS_mmap_pgoff+0x33f/0x560 [ 32.749263] [] do_fast_syscall_32+0x321/0x8a0 [ 32.756020] [] sysenter_flags_fixed+0xd/0x17 [ 32.762682] -> #1 (&mm->mmap_sem){++++++}: [ 32.767513] [] lock_acquire+0x15e/0x460 [ 32.773738] [] __might_fault+0x14a/0x1d0 [ 32.780057] [] filldir+0x162/0x2d0 [ 32.785855] [] dcache_readdir+0x11e/0x7b0 [ 32.792256] [] iterate_dir+0x1c8/0x420 [ 32.798411] [] SyS_getdents+0x14a/0x270 [ 32.804647] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 32.811833] -> #0 (&sb->s_type->i_mutex_key#10){+.+.+.}: [ 32.818003] [] __lock_acquire+0x371f/0x4b50 [ 32.824577] [] lock_acquire+0x15e/0x460 [ 32.830800] [] mutex_lock_nested+0xbb/0x850 [ 32.837406] [] shmem_file_llseek+0xf1/0x240 [ 32.843982] [] vfs_llseek+0xa2/0xd0 [ 32.849891] [] ashmem_llseek+0xe7/0x1f0 [ 32.856119] [] compat_SyS_lseek+0xeb/0x170 [ 32.862606] [] do_fast_syscall_32+0x321/0x8a0 [ 32.869368] [] sysenter_flags_fixed+0xd/0x17 [ 32.876033] [ 32.876033] other info that might help us debug this: [ 32.876033] [ 32.884141] Chain exists of: &sb->s_type->i_mutex_key#10 --> &mm->mmap_sem --> ashmem_mutex [ 32.893871] Possible unsafe locking scenario: [ 32.893871] [ 32.899892] CPU0 CPU1 [ 32.904523] ---- ---- [ 32.909155] lock(ashmem_mutex); [ 32.912811] lock(&mm->mmap_sem); [ 32.919063] lock(ashmem_mutex); [ 32.925253] lock(&sb->s_type->i_mutex_key#10); [ 32.930341] [ 32.930341] *** DEADLOCK *** [ 32.930341] [ 32.936365] 1 lock held by syz-executor0/3818: [ 32.940922] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_llseek+0x56/0x1f0 [ 32.949963] [ 32.949963] stack backtrace: [ 32.954434] CPU: 1 PID: 3818 Comm: syz-executor0 Not tainted 4.4.120-gd63fdf6 #29 [ 32.962017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.971338] 0000000000000000 c4357bb607969f9b ffff8801c4467a58 ffffffff81d0408d [ 32.979297] ffffffff851a0010 ffffffff851a9d00 ffffffff851beb20 ffff8801c44808f8 [ 32.987267] ffff8801c4480000 ffff8801c4467aa0 ffffffff81233ba1 ffff8801c44808f8 [ 32.995244] Call Trace: [ 32.997811] [] dump_stack+0xc1/0x124 [ 33.003144] [] print_circular_bug+0x271/0x310 [ 33.009260] [] __lock_acquire+0x371f/0x4b50 [ 33.015203] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 33.022197] [] ? __lock_is_held+0xa1/0xf0 [ 33.027971] [] lock_acquire+0x15e/0x460 [ 33.033563] [] ? shmem_file_llseek+0xf1/0x240 [ 33.039685] [] ? shmem_file_llseek+0xf1/0x240 [ 33.045801] [] mutex_lock_nested+0xbb/0x850 [ 33.051744] [] ? shmem_file_llseek+0xf1/0x240 [ 33.057867] [] ? mutex_lock_nested+0x5d4/0x850 [ 33.064069] [] ? __ww_mutex_lock+0x14f0/0x14f0 [ 33.070268] [] ? mutex_lock_nested+0x560/0x850 [ 33.076466] [] ? ashmem_llseek+0x56/0x1f0 [ 33.082233] [] shmem_file_llseek+0xf1/0x240 [ 33.088179] [] ? shmem_mmap+0x90/0x90 [ 33.093603] [] vfs_llseek+0xa2/0xd0 [ 33.098860] [] ashmem_llseek+0xe7/0x1f0 [ 33.104455] [] ? ashmem_read+0x200/0x200 [ 33.110137] [] compat_SyS_lseek+0xeb/0x170 [ 33.115994] [] ? SyS_lseek+0x170/0x170 [ 33.121503] [] do_fast_syscall_32+0x321/0x8a0 [ 33.127631] [] sysenter_flags_