[ 20.824344] random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 21.825575] random: sshd: uninitialized urandom read (32 bytes read, 35 bits of entropy available) [ 22.094764] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 23.138120] random: sshd: uninitialized urandom read (32 bytes read, 117 bits of entropy available) [ 23.319383] random: sshd: uninitialized urandom read (32 bytes read, 123 bits of entropy available) Warning: Permanently added '10.128.0.14' (ECDSA) to the list of known hosts. [ 28.710941] random: nonblocking pool is initialized executing program [ 28.815092] [ 28.816747] ====================================================== [ 28.823029] [ INFO: possible circular locking dependency detected ] [ 28.829398] 4.4.120-gd63fdf6 #28 Not tainted [ 28.833769] ------------------------------------------------------- [ 28.840138] syzkaller904115/3784 is trying to acquire lock: [ 28.846220] (&mm->mmap_sem){++++++}, at: [] __might_fault+0xe4/0x1d0 [ 28.854802] [ 28.854802] but task is already holding lock: [ 28.860747] (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 28.869233] [ 28.869233] which lock already depends on the new lock. [ 28.869233] [ 28.877522] [ 28.877522] the existing dependency chain (in reverse order) is: [ 28.885105] -> #1 (ashmem_mutex){+.+.+.}: [ 28.889846] [] lock_acquire+0x15e/0x460 [ 28.896080] [] mutex_lock_nested+0xbb/0x850 [ 28.902653] [] ashmem_mmap+0x53/0x400 [ 28.908705] [] mmap_region+0x94f/0x1250 [ 28.914930] [] do_mmap+0x4fd/0x9d0 [ 28.920718] [] vm_mmap_pgoff+0x16e/0x1c0 [ 28.927029] [] SyS_mmap_pgoff+0x33f/0x560 [ 28.933428] [] SyS_mmap+0x16/0x20 [ 28.939135] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 28.946315] -> #0 (&mm->mmap_sem){++++++}: [ 28.951150] [] __lock_acquire+0x371f/0x4b50 [ 28.957720] [] lock_acquire+0x15e/0x460 [ 28.963944] [] __might_fault+0x14a/0x1d0 [ 28.970253] [] ashmem_ioctl+0x3b4/0xfa0 [ 28.976480] [] do_vfs_ioctl+0x7aa/0xee0 [ 28.982709] [] SyS_ioctl+0x8f/0xc0 [ 28.988497] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 28.995677] [ 28.995677] other info that might help us debug this: [ 28.995677] [ 29.003785] Possible unsafe locking scenario: [ 29.003785] [ 29.009812] CPU0 CPU1 [ 29.014444] ---- ---- [ 29.019079] lock(ashmem_mutex); [ 29.022726] lock(&mm->mmap_sem); [ 29.028974] lock(ashmem_mutex); [ 29.035148] lock(&mm->mmap_sem); [ 29.038881] [ 29.038881] *** DEADLOCK *** [ 29.038881] [ 29.044905] 1 lock held by syzkaller904115/3784: [ 29.049630] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 29.058663] [ 29.058663] stack backtrace: [ 29.063126] CPU: 0 PID: 3784 Comm: syzkaller904115 Not tainted 4.4.120-gd63fdf6 #28 [ 29.070885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.080205] 0000000000000000 a8b1fe7935ccc8fb ffff8801c45279b8 ffffffff81d0408d [ 29.088166] ffffffff851a0010 ffffffff851a0010 ffffffff851bdf50 ffff8801c4f5e8f8 [ 29.096126] ffff8801c4f5e000 ffff8801c4527a00 ffffffff81233ba1 ffff8801c4f5e8f8 [ 29.104084] Call Trace: [ 29.106639] [] dump_stack+0xc1/0x124 [ 29.111969] [] print_circular_bug+0x271/0x310 [ 29.118087] [] __lock_acquire+0x371f/0x4b50 [ 29.124029] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 29.131007] [] ? mark_held_locks+0xaf/0x100 [ 29.136946] [] ? __lock_is_held+0xa1/0xf0 [ 29.142711] [] lock_acquire+0x15e/0x460 [ 29.148300] [] ? __might_fault+0xe4/0x1d0 [ 29.154064] [] __might_fault+0x14a/0x1d0 [ 29.159738] [] ? __might_fault+0xe4/0x1d0 [ 29.165500] [] ashmem_ioctl+0x3b4/0xfa0 [ 29.171087] [] ? mmap_region+0x3f9/0x1250 [ 29.176849] [] ? ashmem_shrink_scan+0x390/0x390 [ 29.183134] [] ? vm_mmap_pgoff+0x180/0x1c0 [ 29.188983] [] ? ashmem_shrink_scan+0x390/0x390 [ 29.195266] [] do_vfs_ioctl+0x7aa/0xee0 [ 29.200854] [] ? ioctl_preallocate+0x1f0/0x1f0 [ 29.207054] [] ? fput+0x20/0x150 [ 29.212036] [] ? SyS_mmap_pgoff+0xd8