[ 21.252575] random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 25.913655] random: sshd: uninitialized urandom read (32 bytes read, 40 bits of entropy available) [ 26.151680] random: sshd: uninitialized urandom read (32 bytes read, 40 bits of entropy available) [ 27.134978] random: sshd: uninitialized urandom read (32 bytes read, 108 bits of entropy available) [ 27.301898] random: sshd: uninitialized urandom read (32 bytes read, 112 bits of entropy available) Warning: Permanently added '10.128.0.15' (ECDSA) to the list of known hosts. [ 32.672837] random: sshd: uninitialized urandom read (32 bytes read, 116 bits of entropy available) 2018/03/12 21:22:20 parsed 1 programs 2018/03/12 21:22:20 executed programs: 0 [ 33.015554] IPVS: Creating netns size=2552 id=1 [ 33.046120] [ 33.047751] ====================================================== [ 33.054038] [ INFO: possible circular locking dependency detected ] [ 33.060423] 4.4.120-gd63fdf6 #29 Not tainted [ 33.064797] ------------------------------------------------------- [ 33.071168] syz-executor0/3808 is trying to acquire lock: [ 33.076669] (&mm->mmap_sem){++++++}, at: [] __might_fault+0xe4/0x1d0 [ 33.085263] [ 33.085263] but task is already holding lock: [ 33.091202] (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 33.099700] [ 33.099700] which lock already depends on the new lock. [ 33.099700] [ 33.107994] [ 33.107994] the existing dependency chain (in reverse order) is: [ 33.115603] -> #1 (ashmem_mutex){+.+.+.}: [ 33.120359] [] lock_acquire+0x15e/0x460 [ 33.126590] [] mutex_lock_nested+0xbb/0x850 [ 33.133168] [] ashmem_mmap+0x53/0x400 [ 33.139225] [] mmap_region+0x94f/0x1250 [ 33.145455] [] do_mmap+0x4fd/0x9d0 [ 33.151248] [] vm_mmap_pgoff+0x16e/0x1c0 [ 33.157562] [] SyS_mmap_pgoff+0x33f/0x560 [ 33.163965] [] do_fast_syscall_32+0x321/0x8a0 [ 33.170717] [] sysenter_flags_fixed+0xd/0x17 [ 33.177380] -> #0 (&mm->mmap_sem){++++++}: [ 33.182231] [] __lock_acquire+0x371f/0x4b50 [ 33.188805] [] lock_acquire+0x15e/0x460 [ 33.195039] [] __might_fault+0x14a/0x1d0 [ 33.201360] [] ashmem_ioctl+0x3b4/0xfa0 [ 33.207590] [] compat_ashmem_ioctl+0x3e/0x50 [ 33.214256] [] compat_SyS_ioctl+0x28a/0x2540 [ 33.220922] [] do_fast_syscall_32+0x321/0x8a0 [ 33.227668] [] sysenter_flags_fixed+0xd/0x17 [ 33.234332] [ 33.234332] other info that might help us debug this: [ 33.234332] [ 33.242440] Possible unsafe locking scenario: [ 33.242440] [ 33.248465] CPU0 CPU1 [ 33.253098] ---- ---- [ 33.257731] lock(ashmem_mutex); [ 33.261382] lock(&mm->mmap_sem); [ 33.267640] lock(ashmem_mutex); [ 33.273852] lock(&mm->mmap_sem); [ 33.277597] [ 33.277597] *** DEADLOCK *** [ 33.277597] [ 33.283625] 1 lock held by syz-executor0/3808: [ 33.288179] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 33.297245] [ 33.297245] stack backtrace: [ 33.301710] CPU: 1 PID: 3808 Comm: syz-executor0 Not tainted 4.4.120-gd63fdf6 #29 [ 33.309298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.318627] 0000000000000000 04f7f5feaae208ef ffff8801c48178a8 ffffffff81d0408d [ 33.326608] ffffffff851a0010 ffffffff851a0010 ffffffff851bf030 ffff8801d8dab8f8 [ 33.334580] ffff8801d8dab000 ffff8801c48178f0 ffffffff81233ba1 ffff8801d8dab8f8 [ 33.342564] Call Trace: [ 33.345121] [] dump_stack+0xc1/0x124 [ 33.350454] [] print_circular_bug+0x271/0x310 [ 33.356573] [] __lock_acquire+0x371f/0x4b50 [ 33.362521] [] ? avc_has_extended_perms+0xe2/0xf30 [ 33.369082] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 33.376068] [] ? mark_held_locks+0xaf/0x100 [ 33.382013] [] ? __lock_is_held+0xa1/0xf0 [ 33.387871] [] lock_acquire+0x15e/0x460 [ 33.393469] [] ? __might_fault+0xe4/0x1d0 [ 33.399256] [] __might_fault+0x14a/0x1d0 [ 33.404936] [] ? __might_fault+0xe4/0x1d0 [ 33.410712] [] ashmem_ioctl+0x3b4/0xfa0 [ 33.416311] [] ? selinux_file_ioctl+0x363/0x570 [ 33.422599] [] ? selinux_capable+0x30/0x30 [ 33.428458] [] ? ashmem_shrink_scan+0x390/0x390 [ 33.434744] [] ? vma_set_page_prot+0x10b/0x150 [ 33.440945] [] ? exit_robust_list+0x240/0x240 [ 33.447064] [] compat_ashmem_ioctl+0x3e/0x50 [ 33.453091] [] compat_SyS_ioctl+0x28a/0x2540 [ 33.459120] [] ? vm_mmap_pgoff+0x180/0x1c0 [ 33.464976] [] ? ashmem_ioctl+0xfa0/0xfa0 [ 33.470748] [] ? compat_SyS_ppoll+0x420/0x420 [ 33.476867] [] ? vm_mmap_pgoff+0xdf/0x1c0 [ 33.482636] [] ? compat_SyS_futex+0x1f9/0x2a0 [ 33.488756] [] ? compat_SyS_get_robust_list+0x300/0x300 [ 33.495755] [