[ 21.095317] random: sshd: uninitialized urandom read (32 bytes read, 35 bits of entropy available) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 21.355814] random: sshd: uninitialized urandom read (32 bytes read, 35 bits of entropy available) [ 21.660486] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 22.653357] random: sshd: uninitialized urandom read (32 bytes read, 112 bits of entropy available) [ 22.819503] random: sshd: uninitialized urandom read (32 bytes read, 115 bits of entropy available) Warning: Permanently added '10.128.0.20' (ECDSA) to the list of known hosts. [ 28.206173] random: sshd: uninitialized urandom read (32 bytes read, 120 bits of entropy available) 2018/03/10 06:12:33 parsed 1 programs 2018/03/10 06:12:33 executed programs: 0 [ 28.549376] IPVS: Creating netns size=2552 id=1 [ 28.581094] [ 28.582744] ====================================================== [ 28.589028] [ INFO: possible circular locking dependency detected ] [ 28.595401] 4.4.120-gd63fdf6 #29 Not tainted [ 28.599773] ------------------------------------------------------- [ 28.606143] syz-executor0/3801 is trying to acquire lock: [ 28.611647] (&mm->mmap_sem){++++++}, at: [] __might_fault+0xe4/0x1d0 [ 28.620260] [ 28.620260] but task is already holding lock: [ 28.626205] (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 28.634720] [ 28.634720] which lock already depends on the new lock. [ 28.634720] [ 28.643003] [ 28.643003] the existing dependency chain (in reverse order) is: [ 28.650638] -> #1 (ashmem_mutex){+.+.+.}: [ 28.655423] [] lock_acquire+0x15e/0x460 [ 28.661679] [] mutex_lock_nested+0xbb/0x850 [ 28.668269] [] ashmem_mmap+0x53/0x400 [ 28.674326] [] mmap_region+0x94f/0x1250 [ 28.680568] [] do_mmap+0x4fd/0x9d0 [ 28.686380] [] vm_mmap_pgoff+0x16e/0x1c0 [ 28.692707] [] SyS_mmap_pgoff+0x33f/0x560 [ 28.699120] [] do_fast_syscall_32+0x321/0x8a0 [ 28.705894] [] sysenter_flags_fixed+0xd/0x17 [ 28.712564] -> #0 (&mm->mmap_sem){++++++}: [ 28.717445] [] __lock_acquire+0x371f/0x4b50 [ 28.724027] [] lock_acquire+0x15e/0x460 [ 28.730272] [] __might_fault+0x14a/0x1d0 [ 28.736595] [] ashmem_ioctl+0x3b4/0xfa0 [ 28.742832] [] compat_ashmem_ioctl+0x3e/0x50 [ 28.749498] [] compat_SyS_ioctl+0x28a/0x2540 [ 28.756167] [] do_fast_syscall_32+0x321/0x8a0 [ 28.762923] [] sysenter_flags_fixed+0xd/0x17 [ 28.769594] [ 28.769594] other info that might help us debug this: [ 28.769594] [ 28.777705] Possible unsafe locking scenario: [ 28.777705] [ 28.783730] CPU0 CPU1 [ 28.788366] ---- ---- [ 28.793006] lock(ashmem_mutex); [ 28.796659] lock(&mm->mmap_sem); [ 28.802916] lock(ashmem_mutex); [ 28.809082] lock(&mm->mmap_sem); [ 28.812834] [ 28.812834] *** DEADLOCK *** [ 28.812834] [ 28.818864] 1 lock held by syz-executor0/3801: [ 28.823416] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 28.832463] [ 28.832463] stack backtrace: [ 28.836930] CPU: 1 PID: 3801 Comm: syz-executor0 Not tainted 4.4.120-gd63fdf6 #29 [ 28.844519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.853843] 0000000000000000 d0660356200021dc ffff8800aa35f8a8 ffffffff81d0408d [ 28.861833] ffffffff851a0010 ffffffff851a0010 ffffffff851beb20 ffff8800aab320f8 [ 28.869819] ffff8800aab31800 ffff8800aa35f8f0 ffffffff81233ba1 ffff8800aab320f8 [ 28.877795] Call Trace: [ 28.880354] [] dump_stack+0xc1/0x124 [ 28.885689] [] print_circular_bug+0x271/0x310 [ 28.891803] [] __lock_acquire+0x371f/0x4b50 [ 28.897742] [] ? avc_has_extended_perms+0xe2/0xf30 [ 28.904291] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 28.911276] [] ? mark_held_locks+0xaf/0x100 [ 28.917216] [] ? __lock_is_held+0xa1/0xf0 [ 28.922983] [] lock_acquire+0x15e/0x460 [ 28.928584] [] ? __might_fault+0xe4/0x1d0 [ 28.934360] [] __might_fault+0x14a/0x1d0 [ 28.940050] [] ? __might_fault+0xe4/0x1d0 [ 28.945823] [] ashmem_ioctl+0x3b4/0xfa0 [ 28.951426] [] ? selinux_file_ioctl+0x363/0x570 [ 28.957720] [] ? selinux_capable+0x30/0x30 [ 28.963575] [] ? ashmem_shrink_scan+0x390/0x390 [ 28.969865] [] ? vma_set_page_prot+0x10b/0x150 [ 28.976066] [] ? exit_robust_list+0x240/0x240 [ 28.982178] [] compat_ashmem_ioctl+0x3e/0x50 [ 28.988223] [] compat_SyS_ioctl+0x28a/0x2540 [ 28.994260] [] ? vm_mmap_pgoff+0x180/0x1c0 [ 29.000130] [] ? ashmem_ioctl+0xfa0/0xfa0 [ 29.005916] [] ? compat_SyS_ppoll+0x420/0x420 [ 29.012037] [] ? vm_mmap_pgoff+0xdf/0x1c0 [ 29.017811] [] ? compat_SyS_futex+0x1f9/0x2a0 [ 29.023923] [] ? compat_SyS_get_robust_list+0x300/0x300 [ 29.030912] [