[ 21.182834] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 24.783265] random: sshd: uninitialized urandom read (32 bytes read, 40 bits of entropy available) [ 25.308527] random: sshd: uninitialized urandom read (32 bytes read, 40 bits of entropy available) [ 26.240644] random: sshd: uninitialized urandom read (32 bytes read, 110 bits of entropy available) [ 26.404030] random: sshd: uninitialized urandom read (32 bytes read, 114 bits of entropy available) Warning: Permanently added '10.128.0.20' (ECDSA) to the list of known hosts. [ 31.773843] random: sshd: uninitialized urandom read (32 bytes read, 118 bits of entropy available) 2018/03/03 11:09:30 parsed 1 programs 2018/03/03 11:09:30 executed programs: 0 [ 32.109582] IPVS: Creating netns size=2552 id=1 [ 32.141077] [ 32.142736] ====================================================== [ 32.149023] [ INFO: possible circular locking dependency detected ] [ 32.155401] 4.4.119-g855ea74 #28 Not tainted [ 32.159783] ------------------------------------------------------- [ 32.166157] syz-executor0/3810 is trying to acquire lock: [ 32.171660] (&mm->mmap_sem){++++++}, at: [] __might_fault+0xe4/0x1d0 [ 32.180252] [ 32.180252] but task is already holding lock: [ 32.186188] (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 32.194684] [ 32.194684] which lock already depends on the new lock. [ 32.194684] [ 32.202966] [ 32.202966] the existing dependency chain (in reverse order) is: [ 32.210554] -> #1 (ashmem_mutex){+.+.+.}: [ 32.215309] [] lock_acquire+0x15e/0x460 [ 32.221549] [] mutex_lock_nested+0xbb/0x850 [ 32.228130] [] ashmem_mmap+0x53/0x400 [ 32.234191] [] mmap_region+0x94f/0x1250 [ 32.240423] [] do_mmap+0x4fd/0x9d0 [ 32.246223] [] vm_mmap_pgoff+0x16e/0x1c0 [ 32.252544] [] SyS_mmap_pgoff+0x33f/0x560 [ 32.258951] [] do_fast_syscall_32+0x321/0x8a0 [ 32.265715] [] sysenter_flags_fixed+0xd/0x17 [ 32.272385] -> #0 (&mm->mmap_sem){++++++}: [ 32.277230] [] __lock_acquire+0x371f/0x4b50 [ 32.283809] [] lock_acquire+0x15e/0x460 [ 32.290037] [] __might_fault+0x14a/0x1d0 [ 32.296357] [] ashmem_ioctl+0x3b4/0xfa0 [ 32.302591] [] compat_ashmem_ioctl+0x3e/0x50 [ 32.309257] [] compat_SyS_ioctl+0x28a/0x2540 [ 32.315925] [] do_fast_syscall_32+0x321/0x8a0 [ 32.322681] [] sysenter_flags_fixed+0xd/0x17 [ 32.329355] [ 32.329355] other info that might help us debug this: [ 32.329355] [ 32.337463] Possible unsafe locking scenario: [ 32.337463] [ 32.343489] CPU0 CPU1 [ 32.348122] ---- ---- [ 32.352757] lock(ashmem_mutex); [ 32.356412] lock(&mm->mmap_sem); [ 32.362671] lock(ashmem_mutex); [ 32.368847] lock(&mm->mmap_sem); [ 32.372599] [ 32.372599] *** DEADLOCK *** [ 32.372599] [ 32.378627] 1 lock held by syz-executor0/3810: [ 32.383175] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 32.392229] [ 32.392229] stack backtrace: [ 32.396694] CPU: 1 PID: 3810 Comm: syz-executor0 Not tainted 4.4.119-g855ea74 #28 [ 32.404282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.413604] 0000000000000000 8d2990a443c006e4 ffff8801d954f8a8 ffffffff81d0402d [ 32.421574] ffffffff851a0010 ffffffff851a0010 ffffffff851bf030 ffff8801d96eb8f8 [ 32.429549] ffff8801d96eb000 ffff8801d954f8f0 ffffffff81233ba1 ffff8801d96eb8f8 [ 32.437531] Call Trace: [ 32.440091] [] dump_stack+0xc1/0x124 [ 32.445429] [] print_circular_bug+0x271/0x310 [ 32.451549] [] __lock_acquire+0x371f/0x4b50 [ 32.457493] [] ? avc_has_extended_perms+0xe2/0xf30 [ 32.464054] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 32.471035] [] ? mark_held_locks+0xaf/0x100 [ 32.476974] [] ? __lock_is_held+0xa1/0xf0 [ 32.482738] [] lock_acquire+0x15e/0x460 [ 32.488330] [] ? __might_fault+0xe4/0x1d0 [ 32.494095] [] __might_fault+0x14a/0x1d0 [ 32.499774] [] ? __might_fault+0xe4/0x1d0 [ 32.505542] [] ashmem_ioctl+0x3b4/0xfa0 [ 32.511134] [] ? selinux_file_ioctl+0x363/0x570 [ 32.517423] [] ? selinux_capable+0x30/0x30 [ 32.523274] [] ? ashmem_shrink_scan+0x390/0x390 [ 32.529563] [] ? vma_set_page_prot+0x10b/0x150 [ 32.535768] [] ? exit_robust_list+0x240/0x240 [ 32.541884] [] compat_ashmem_ioctl+0x3e/0x50 [ 32.547913] [] compat_SyS_ioctl+0x28a/0x2540 [ 32.553940] [] ? vm_mmap_pgoff+0x180/0x1c0 [ 32.559793] [] ? ashmem_ioctl+0xfa0/0xfa0 [ 32.565556] [] ? compat_SyS_ppoll+0x420/0x420 [ 32.571667] [] ? vm_mmap_pgoff+0xdf/0x1c0 [ 32.577435] [] ? compat_SyS_futex+0x1f9/0x2a0 [ 32.583558] [] ? compat_SyS_get_robust_list+0x300/0x300 [ 32.590542] [] ? vm_stat_account+0x130/0x130 [ 32.596572] [] ? __do_page_fault+0x380/0xa00 [ 32.602603] [] ? do_fast_syscall_32+0xd7/0x8a0 [ 32.608806] [] ? compat_SyS_ppoll+0x420/0x420 [ 32.614918] [] do_fast_syscall_32+0x321/0x8a0 [ 32.621035] [] sysenter_flags_fixed+0xd/0x17 2018/03/03 11:09:35 executed programs: 740 2018/03/03 11:09:40 executed programs: 1550