[ 20.902893] random: sshd: uninitialized urandom read (32 bytes read, 35 bits of entropy available) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 25.212001] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available) [ 25.611461] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available) [ 26.657424] random: sshd: uninitialized urandom read (32 bytes read, 127 bits of entropy available) [ 26.763537] random: nonblocking pool is initialized Warning: Permanently added '10.128.0.11' (ECDSA) to the list of known hosts. executing program [ 32.313366] [ 32.315017] ====================================================== [ 32.321308] [ INFO: possible circular locking dependency detected ] [ 32.327679] 4.4.120-gd63fdf6 #28 Not tainted [ 32.332054] ------------------------------------------------------- [ 32.338426] syzkaller328234/3783 is trying to acquire lock: [ 32.344101] (&mm->mmap_sem){++++++}, at: [] __might_fault+0xe4/0x1d0 [ 32.352675] [ 32.352675] but task is already holding lock: [ 32.358619] (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 32.367109] [ 32.367109] which lock already depends on the new lock. [ 32.367109] [ 32.375396] [ 32.375396] the existing dependency chain (in reverse order) is: [ 32.382999] -> #1 (ashmem_mutex){+.+.+.}: [ 32.387752] [] lock_acquire+0x15e/0x460 [ 32.393984] [] mutex_lock_nested+0xbb/0x850 [ 32.400565] [] ashmem_mmap+0x53/0x400 [ 32.406622] [] mmap_region+0x94f/0x1250 [ 32.412850] [] do_mmap+0x4fd/0x9d0 [ 32.418646] [] vm_mmap_pgoff+0x16e/0x1c0 [ 32.424965] [] SyS_mmap_pgoff+0x33f/0x560 [ 32.431367] [] SyS_mmap+0x16/0x20 [ 32.437074] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 32.444264] -> #0 (&mm->mmap_sem){++++++}: [ 32.449097] [] __lock_acquire+0x371f/0x4b50 [ 32.455673] [] lock_acquire+0x15e/0x460 [ 32.461900] [] __might_fault+0x14a/0x1d0 [ 32.468224] [] ashmem_ioctl+0x3b4/0xfa0 [ 32.474453] [] do_vfs_ioctl+0x7aa/0xee0 [ 32.480680] [] SyS_ioctl+0x8f/0xc0 [ 32.486488] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 32.493682] [ 32.493682] other info that might help us debug this: [ 32.493682] [ 32.501806] Possible unsafe locking scenario: [ 32.501806] [ 32.507837] CPU0 CPU1 [ 32.512470] ---- ---- [ 32.517105] lock(ashmem_mutex); [ 32.520763] lock(&mm->mmap_sem); [ 32.527027] lock(ashmem_mutex); [ 32.533192] lock(&mm->mmap_sem); [ 32.536942] [ 32.536942] *** DEADLOCK *** [ 32.536942] [ 32.542969] 1 lock held by syzkaller328234/3783: [ 32.547690] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 32.556744] [ 32.556744] stack backtrace: [ 32.561210] CPU: 1 PID: 3783 Comm: syzkaller328234 Not tainted 4.4.120-gd63fdf6 #28 [ 32.568975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.578297] 0000000000000000 7122b272a1996160 ffff8801d8daf9b8 ffffffff81d0408d [ 32.586258] ffffffff851a0010 ffffffff851a0010 ffffffff851be460 ffff8801d90ee8f8 [ 32.594227] ffff8801d90ee000 ffff8801d8dafa00 ffffffff81233ba1 ffff8801d90ee8f8 [ 32.602652] Call Trace: [ 32.605212] [] dump_stack+0xc1/0x124 [ 32.610552] [] print_circular_bug+0x271/0x310 [ 32.616664] [] __lock_acquire+0x371f/0x4b50 [ 32.622613] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 32.629602] [] ? mark_held_locks+0xaf/0x100 [ 32.635560] [] ? __lock_is_held+0xa1/0xf0 [ 32.641336] [] lock_acquire+0x15e/0x460 [ 32.646929] [] ? __might_fault+0xe4/0x1d0 [ 32.652697] [] __might_fault+0x14a/0x1d0 [ 32.658375] [] ? __might_fault+0xe4/0x1d0 [ 32.664140] [] ashmem_ioctl+0x3b4/0xfa0 [ 32.669733] [] ? mmap_region+0x3f9/0x1250 [ 32.675498] [] ? ashmem_shrink_scan+0x390/0x390 [ 32.681788] [] ? vm_mmap_pgoff+0x180/0x1c0 [ 32.687644] [] ? ashmem_shrink_scan+0x390/0x390 [ 32.693933] [] do_vfs_ioctl+0x7aa/0xee0 [ 32.699527] [] ? ioctl_preallocate+0x1f0/0x1f0 [ 32.705728] [] ? fput+0x20/0x150 [ 32.710714] [] ? SyS_mmap_pgo