[ 20.115072] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 20.264272] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available) [ 20.560332] random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 21.581121] random: sshd: uninitialized urandom read (32 bytes read, 123 bits of entropy available) [ 21.751191] random: sshd: uninitialized urandom read (32 bytes read, 126 bits of entropy available) [ 24.442420] random: nonblocking pool is initialized Warning: Permanently added '10.128.0.23' (ECDSA) to the list of known hosts. 2018/03/20 17:20:52 parsed 1 programs 2018/03/20 17:20:52 executed programs: 0 [ 27.633566] IPVS: Creating netns size=2552 id=1 [ 27.664317] [ 27.665953] ====================================================== [ 27.672236] [ INFO: possible circular locking dependency detected ] [ 27.678615] 4.4.120-gd63fdf6 #29 Not tainted [ 27.682988] ------------------------------------------------------- [ 27.689356] syz-executor0/3799 is trying to acquire lock: [ 27.694857] (&mm->mmap_sem){++++++}, at: [] __might_fault+0xe4/0x1d0 [ 27.703446] [ 27.703446] but task is already holding lock: [ 27.709385] (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 27.717884] [ 27.717884] which lock already depends on the new lock. [ 27.717884] [ 27.726166] [ 27.726166] the existing dependency chain (in reverse order) is: [ 27.733753] -> #1 (ashmem_mutex){+.+.+.}: [ 27.738508] [] lock_acquire+0x15e/0x460 [ 27.744747] [] mutex_lock_nested+0xbb/0x850 [ 27.751324] [] ashmem_mmap+0x53/0x400 [ 27.757385] [] mmap_region+0x94f/0x1250 [ 27.763610] [] do_mmap+0x4fd/0x9d0 [ 27.769404] [] vm_mmap_pgoff+0x16e/0x1c0 [ 27.775718] [] SyS_mmap_pgoff+0x33f/0x560 [ 27.782122] [] do_fast_syscall_32+0x321/0x8a0 [ 27.788870] [] sysenter_flags_fixed+0xd/0x17 [ 27.795538] -> #0 (&mm->mmap_sem){++++++}: [ 27.800398] [] __lock_acquire+0x371f/0x4b50 [ 27.806976] [] lock_acquire+0x15e/0x460 [ 27.813200] [] __might_fault+0x14a/0x1d0 [ 27.819514] [] ashmem_ioctl+0x3b4/0xfa0 [ 27.825739] [] compat_ashmem_ioctl+0x3e/0x50 [ 27.832398] [] compat_SyS_ioctl+0x28a/0x2540 [ 27.839060] [] do_fast_syscall_32+0x321/0x8a0 [ 27.845810] [] sysenter_flags_fixed+0xd/0x17 [ 27.852477] [ 27.852477] other info that might help us debug this: [ 27.852477] [ 27.860585] Possible unsafe locking scenario: [ 27.860585] [ 27.866610] CPU0 CPU1 [ 27.871244] ---- ---- [ 27.875874] lock(ashmem_mutex); [ 27.879519] lock(&mm->mmap_sem); [ 27.885772] lock(ashmem_mutex); [ 27.891943] lock(&mm->mmap_sem); [ 27.895676] [ 27.895676] *** DEADLOCK *** [ 27.895676] [ 27.901702] 1 lock held by syz-executor0/3799: [ 27.906247] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 27.915290] [ 27.915290] stack backtrace: [ 27.919754] CPU: 1 PID: 3799 Comm: syz-executor0 Not tainted 4.4.120-gd63fdf6 #29 [ 27.927337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.936658] 0000000000000000 7c06b0559dc7ab3f ffff8801d98bf8a8 ffffffff81d0408d [ 27.944629] ffffffff851a0010 ffffffff851a0010 ffffffff851bee80 ffff8801d997b8f8 [ 27.952595] ffff8801d997b000 ffff8801d98bf8f0 ffffffff81233ba1 ffff8801d997b8f8 [ 27.960555] Call Trace: [ 27.963112] [] dump_stack+0xc1/0x124 [ 27.968443] [] print_circular_bug+0x271/0x310 [ 27.974557] [] __lock_acquire+0x371f/0x4b50 [ 27.980496] [] ? avc_has_extended_perms+0xe2/0xf30 [ 27.987042] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 27.994023] [] ? mark_held_locks+0xaf/0x100 [ 27.999960] [] ? __lock_is_held+0xa1/0xf0 [ 28.005723] [] lock_acquire+0x15e/0x460 [ 28.011314] [] ? __might_fault+0xe4/0x1d0 [ 28.017081] [] __might_fault+0x14a/0x1d0 [ 28.022765] [] ? __might_fault+0xe4/0x1d0 [ 28.028530] [] ashmem_ioctl+0x3b4/0xfa0 [ 28.034120] [] ? selinux_file_ioctl+0x363/0x570 [ 28.040403] [] ? selinux_capable+0x30/0x30 [ 28.046256] [] ? ashmem_shrink_scan+0x390/0x390 [ 28.052542] [] ? vma_set_page_prot+0x10b/0x150 [ 28.058744] [] ? exit_robust_list+0x240/0x240 [ 28.064858] [] compat_ashmem_ioctl+0x3e/0x50 [ 28.070884] [] compat_SyS_ioctl+0x28a/0x2540 [ 28.076908] [] ? vm_mmap_pgoff+0x180/0x1c0 [ 28.082757] [] ? ashmem_ioctl+0xfa0/0xfa0 [ 28.088524] [] ? compat_SyS_ppoll+0x420/0x420 [ 28.094636] [] ? vm_mmap_pgoff+0xdf/0x1c0 [ 28.100402] [] ? compat_SyS_futex+0x1f9/0x2a0 [ 28.106515] [] ? compat_SyS_get_robust_list+0x300/0x300 [ 28.113495] [