[ 19.588180] random: sshd: uninitialized urandom read (32 bytes read, 35 bits of entropy available) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 20.764057] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 21.032458] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 21.996628] random: sshd: uninitialized urandom read (32 bytes read, 110 bits of entropy available) [ 22.164499] random: sshd: uninitialized urandom read (32 bytes read, 114 bits of entropy available) Warning: Permanently added '10.128.0.43' (ECDSA) to the list of known hosts. [ 27.542720] random: sshd: uninitialized urandom read (32 bytes read, 118 bits of entropy available) 2018/03/01 22:27:03 parsed 1 programs 2018/03/01 22:27:03 executed programs: 0 [ 27.898563] IPVS: Creating netns size=2552 id=1 [ 27.928861] [ 27.930503] ====================================================== [ 27.936786] [ INFO: possible circular locking dependency detected ] [ 27.943156] 4.4.119-g024f962 #27 Not tainted [ 27.947528] ------------------------------------------------------- [ 27.953898] syz-executor0/3740 is trying to acquire lock: [ 27.959404] (&mm->mmap_sem){++++++}, at: [] __might_fault+0xe4/0x1d0 [ 27.967989] [ 27.967989] but task is already holding lock: [ 27.973927] (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 27.982419] [ 27.982419] which lock already depends on the new lock. [ 27.982419] [ 27.990698] [ 27.990698] the existing dependency chain (in reverse order) is: [ 27.998292] -> #1 (ashmem_mutex){+.+.+.}: [ 28.003169] [] lock_acquire+0x15e/0x460 [ 28.009414] [] mutex_lock_nested+0xbb/0x850 [ 28.016001] [] ashmem_mmap+0x53/0x400 [ 28.022067] [] mmap_region+0x94f/0x1250 [ 28.028294] [] do_mmap+0x4fd/0x9d0 [ 28.034088] [] vm_mmap_pgoff+0x16e/0x1c0 [ 28.040408] [] SyS_mmap_pgoff+0x33f/0x560 [ 28.046812] [] do_fast_syscall_32+0x321/0x8a0 [ 28.053566] [] sysenter_flags_fixed+0xd/0x17 [ 28.060233] -> #0 (&mm->mmap_sem){++++++}: [ 28.065068] [] __lock_acquire+0x371f/0x4b50 [ 28.071649] [] lock_acquire+0x15e/0x460 [ 28.077875] [] __might_fault+0x14a/0x1d0 [ 28.084201] [] ashmem_ioctl+0x3b4/0xfa0 [ 28.090437] [] compat_ashmem_ioctl+0x3e/0x50 [ 28.097102] [] compat_SyS_ioctl+0x28a/0x2540 [ 28.103763] [] do_fast_syscall_32+0x321/0x8a0 [ 28.110515] [] sysenter_flags_fixed+0xd/0x17 [ 28.117183] [ 28.117183] other info that might help us debug this: [ 28.117183] [ 28.125292] Possible unsafe locking scenario: [ 28.125292] [ 28.131315] CPU0 CPU1 [ 28.135949] ---- ---- [ 28.140580] lock(ashmem_mutex); [ 28.144234] lock(&mm->mmap_sem); [ 28.150488] lock(ashmem_mutex); [ 28.156657] lock(&mm->mmap_sem); [ 28.160401] [ 28.160401] *** DEADLOCK *** [ 28.160401] [ 28.166429] 1 lock held by syz-executor0/3740: [ 28.170975] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 28.180014] [ 28.180014] stack backtrace: [ 28.184479] CPU: 1 PID: 3740 Comm: syz-executor0 Not tainted 4.4.119-g024f962 #27 [ 28.192066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.201387] 0000000000000000 73b774f4973f6a72 ffff8801d967f8a8 ffffffff81d0402d [ 28.209352] ffffffff851a0010 ffffffff851a0010 ffffffff851beb20 ffff8800aef3e8f8 [ 28.217326] ffff8800aef3e000 ffff8801d967f8f0 ffffffff81233ba1 ffff8800aef3e8f8 [ 28.225292] Call Trace: [ 28.227850] [] dump_stack+0xc1/0x124 [ 28.233188] [] print_circular_bug+0x271/0x310 [ 28.239301] [] __lock_acquire+0x371f/0x4b50 [ 28.245242] [] ? avc_has_extended_perms+0xe2/0xf30 [ 28.251788] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 28.258771] [] ? mark_held_locks+0xaf/0x100 [ 28.264711] [] ? __lock_is_held+0xa1/0xf0 [ 28.270573] [] lock_acquire+0x15e/0x460 [ 28.276165] [] ? __might_fault+0xe4/0x1d0 [ 28.281929] [] __might_fault+0x14a/0x1d0 [ 28.287609] [] ? __might_fault+0xe4/0x1d0 [ 28.293382] [] ashmem_ioctl+0x3b4/0xfa0 [ 28.298974] [] ? selinux_file_ioctl+0x363/0x570 [ 28.305258] [] ? selinux_capable+0x30/0x30 [ 28.311112] [] ? ashmem_shrink_scan+0x390/0x390 [ 28.317400] [] ? vma_set_page_prot+0x10b/0x150 [ 28.323632] [] ? exit_robust_list+0x240/0x240 [ 28.329758] [] compat_ashmem_ioctl+0x3e/0x50 [ 28.335788] [] compat_SyS_ioctl+0x28a/0x2540 [ 28.341816] [] ? vm_mmap_pgoff+0x180/0x1c0 [ 28.347669] [] ? ashmem_ioctl+0xfa0/0xfa0 [ 28.353435] [] ? compat_SyS_ppoll+0x420/0x420 [ 28.359546] [] ? vm_mmap_pgoff+0xdf/0x1c0 [ 28.365313] [] ? compat_SyS_futex+0x1f9/0x2a0 [ 28.371427] [] ? compat_SyS_get_robust_list+0x300/0x300 [ 28.378409] [