[ 20.815604] random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available) [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [ 21.398394] random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available) [ 21.619331] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 22.646248] random: sshd: uninitialized urandom read (32 bytes read, 122 bits of entropy available) [ 29.609588] random: nonblocking pool is initialized Warning: Permanently added '10.128.10.17' (ECDSA) to the list of known hosts. 2018/03/16 04:05:27 parsed 1 programs 2018/03/16 04:05:27 executed programs: 0 [ 35.358836] IPVS: Creating netns size=2552 id=1 [ 35.389491] [ 35.391141] ====================================================== [ 35.397427] [ INFO: possible circular locking dependency detected ] [ 35.403803] 4.4.120-gd63fdf6 #29 Not tainted [ 35.408178] ------------------------------------------------------- [ 35.414554] syz-executor0/3789 is trying to acquire lock: [ 35.420057] (&mm->mmap_sem){++++++}, at: [] __might_fault+0xe4/0x1d0 [ 35.428643] [ 35.428643] but task is already holding lock: [ 35.434581] (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 35.443075] [ 35.443075] which lock already depends on the new lock. [ 35.443075] [ 35.451357] [ 35.451357] the existing dependency chain (in reverse order) is: [ 35.458946] -> #1 (ashmem_mutex){+.+.+.}: [ 35.463693] [] lock_acquire+0x15e/0x460 [ 35.469930] [] mutex_lock_nested+0xbb/0x850 [ 35.476538] [] ashmem_mmap+0x53/0x400 [ 35.482618] [] mmap_region+0x94f/0x1250 [ 35.488851] [] do_mmap+0x4fd/0x9d0 [ 35.494664] [] vm_mmap_pgoff+0x16e/0x1c0 [ 35.500980] [] SyS_mmap_pgoff+0x33f/0x560 [ 35.507386] [] do_fast_syscall_32+0x321/0x8a0 [ 35.514158] [] sysenter_flags_fixed+0xd/0x17 [ 35.520826] -> #0 (&mm->mmap_sem){++++++}: [ 35.525665] [] __lock_acquire+0x371f/0x4b50 [ 35.532248] [] lock_acquire+0x15e/0x460 [ 35.538486] [] __might_fault+0x14a/0x1d0 [ 35.544897] [] ashmem_ioctl+0x3b4/0xfa0 [ 35.551127] [] compat_ashmem_ioctl+0x3e/0x50 [ 35.557789] [] compat_SyS_ioctl+0x28a/0x2540 [ 35.564468] [] do_fast_syscall_32+0x321/0x8a0 [ 35.571221] [] sysenter_flags_fixed+0xd/0x17 [ 35.577887] [ 35.577887] other info that might help us debug this: [ 35.577887] [ 35.586009] Possible unsafe locking scenario: [ 35.586009] [ 35.592032] CPU0 CPU1 [ 35.596669] ---- ---- [ 35.601304] lock(ashmem_mutex); [ 35.604956] lock(&mm->mmap_sem); [ 35.611228] lock(ashmem_mutex); [ 35.617391] lock(&mm->mmap_sem); [ 35.621130] [ 35.621130] *** DEADLOCK *** [ 35.621130] [ 35.627160] 1 lock held by syz-executor0/3789: [ 35.631726] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 35.640766] [ 35.640766] stack backtrace: [ 35.645235] CPU: 1 PID: 3789 Comm: syz-executor0 Not tainted 4.4.120-gd63fdf6 #29 [ 35.652823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.662409] 0000000000000000 cfae45d967dbe9de ffff8801c87a78a8 ffffffff81d0408d [ 35.670396] ffffffff851a0010 ffffffff851a0010 ffffffff851bf1e0 ffff8801c86f88f8 [ 35.678455] ffff8801c86f8000 ffff8801c87a78f0 ffffffff81233ba1 ffff8801c86f88f8 [ 35.686435] Call Trace: [ 35.688994] [] dump_stack+0xc1/0x124 [ 35.694329] [] print_circular_bug+0x271/0x310 [ 35.700458] [] __lock_acquire+0x371f/0x4b50 [ 35.706400] [] ? avc_has_extended_perms+0xe2/0xf30 [ 35.712951] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 35.719935] [] ? mark_held_locks+0xaf/0x100 [ 35.725893] [] ? __lock_is_held+0xa1/0xf0 [ 35.731662] [] lock_acquire+0x15e/0x460 [ 35.737258] [] ? __might_fault+0xe4/0x1d0 [ 35.743025] [] __might_fault+0x14a/0x1d0 [ 35.748707] [] ? __might_fault+0xe4/0x1d0 [ 35.754474] [] ashmem_ioctl+0x3b4/0xfa0 [ 35.760069] [] ? selinux_file_ioctl+0x363/0x570 [ 35.766360] [] ? selinux_capable+0x30/0x30 [ 35.772216] [] ? ashmem_shrink_scan+0x390/0x390 [ 35.779090] [] ? vma_set_page_prot+0x10b/0x150 [ 35.785303] [] ? exit_robust_list+0x240/0x240 [ 35.791422] [] compat_ashmem_ioctl+0x3e/0x50 [ 35.797452] [] compat_SyS_ioctl+0x28a/0x2540 [ 35.803483] [] ? vm_mmap_pgoff+0x180/0x1c0 [ 35.809338] [] ? ashmem_ioctl+0xfa0/0xfa0 [ 35.815110] [] ? compat_SyS_ppoll+0x420/0x420 [ 35.821236] [] ? vm_mmap_pgoff+0xdf/0x1c0 [ 35.827009] [] ? compat_SyS_futex+0x1f9/0x2a0 [ 35.833126] [] ? compat_SyS_get_robust_list+0x300/0x300 [ 35.840126] [