[ 20.852618] random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 24.545983] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available) [ 24.915555] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available) [ 25.908771] random: sshd: uninitialized urandom read (32 bytes read, 116 bits of entropy available) [ 26.083939] random: sshd: uninitialized urandom read (32 bytes read, 121 bits of entropy available) Warning: Permanently added '10.128.0.34' (ECDSA) to the list of known hosts. [ 31.469526] random: nonblocking pool is initialized executing program [ 31.570450] [ 31.572087] ====================================================== [ 31.578377] [ INFO: possible circular locking dependency detected ] [ 31.584748] 4.4.120-gd63fdf6 #28 Not tainted [ 31.589123] ------------------------------------------------------- [ 31.595490] syzkaller610802/3777 is trying to acquire lock: [ 31.601161] (&mm->mmap_sem){++++++}, at: [] __might_fault+0xe4/0x1d0 [ 31.609735] [ 31.609735] but task is already holding lock: [ 31.615669] (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 31.624151] [ 31.624151] which lock already depends on the new lock. [ 31.624151] [ 31.632429] [ 31.632429] the existing dependency chain (in reverse order) is: [ 31.640011] -> #1 (ashmem_mutex){+.+.+.}: [ 31.644755] [] lock_acquire+0x15e/0x460 [ 31.650990] [] mutex_lock_nested+0xbb/0x850 [ 31.657562] [] ashmem_mmap+0x53/0x400 [ 31.663614] [] mmap_region+0x94f/0x1250 [ 31.669845] [] do_mmap+0x4fd/0x9d0 [ 31.675635] [] vm_mmap_pgoff+0x16e/0x1c0 [ 31.681952] [] SyS_mmap_pgoff+0x33f/0x560 [ 31.688353] [] SyS_mmap+0x16/0x20 [ 31.694060] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 31.701240] -> #0 (&mm->mmap_sem){++++++}: [ 31.706071] [] __lock_acquire+0x371f/0x4b50 [ 31.712642] [] lock_acquire+0x15e/0x460 [ 31.718870] [] __might_fault+0x14a/0x1d0 [ 31.725183] [] ashmem_ioctl+0x3b4/0xfa0 [ 31.731413] [] do_vfs_ioctl+0x7aa/0xee0 [ 31.737639] [] SyS_ioctl+0x8f/0xc0 [ 31.743435] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 31.750618] [ 31.750618] other info that might help us debug this: [ 31.750618] [ 31.758727] Possible unsafe locking scenario: [ 31.758727] [ 31.764748] CPU0 CPU1 [ 31.769379] ---- ---- [ 31.774017] lock(ashmem_mutex); [ 31.777700] lock(&mm->mmap_sem); [ 31.783971] lock(ashmem_mutex); [ 31.790137] lock(&mm->mmap_sem); [ 31.793868] [ 31.793868] *** DEADLOCK *** [ 31.793868] [ 31.799892] 1 lock held by syzkaller610802/3777: [ 31.804612] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 31.813642] [ 31.813642] stack backtrace: [ 31.818104] CPU: 1 PID: 3777 Comm: syzkaller610802 Not tainted 4.4.120-gd63fdf6 #28 [ 31.825861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.835183] 0000000000000000 90cfa257fdde869e ffff8801d94ef9b8 ffffffff81d0408d [ 31.843142] ffffffff851a0010 ffffffff851a0010 ffffffff851be2b0 ffff8800bb84b8f8 [ 31.851115] ffff8800bb84b000 ffff8801d94efa00 ffffffff81233ba1 ffff8800bb84b8f8 [ 31.859080] Call Trace: [ 31.861641] [] dump_stack+0xc1/0x124 [ 31.866980] [] print_circular_bug+0x271/0x310 [ 31.873093] [] __lock_acquire+0x371f/0x4b50 [ 31.879029] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 31.886008] [] ? mark_held_locks+0xaf/0x100 [ 31.891954] [] ? __lock_is_held+0xa1/0xf0 [ 31.897723] [] lock_acquire+0x15e/0x460 [ 31.903315] [] ? __might_fault+0xe4/0x1d0 [ 31.909076] [] __might_fault+0x14a/0x1d0 [ 31.914754] [] ? __might_fault+0xe4/0x1d0 [ 31.920517] [] ashmem_ioctl+0x3b4/0xfa0 [ 31.926108] [] ? mmap_region+0x3f9/0x1250 [ 31.931871] [] ? ashmem_shrink_scan+0x390/0x390 [ 31.938156] [] ? vm_mmap_pgoff+0x180/0x1c0 [ 31.944006] [] ? ashmem_shrink_scan+0x390/0x390 [ 31.950289] [] do_vfs_ioctl+0x7aa/0xee0 [ 31.955877] [] ? ioctl_preallocate+0x1f0/0x1f0 [ 31.962073] [] ? fput+0x20/0x150 [ 31.967054] [] ? SyS_mmap_pgoff+0xd8/