[ 17.957837] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available) [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 21.242038] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available) [ 21.582779] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available) [ 22.585602] random: sshd: uninitialized urandom read (32 bytes read, 111 bits of entropy available) [ 22.762005] random: sshd: uninitialized urandom read (32 bytes read, 116 bits of entropy available) Warning: Permanently added '10.128.10.3' (ECDSA) to the list of known hosts. [ 28.192342] random: sshd: uninitialized urandom read (32 bytes read, 122 bits of entropy available) executing program [ 28.307933] [ 28.309580] ====================================================== [ 28.315866] [ INFO: possible circular locking dependency detected ] [ 28.322246] 4.4.120-gd63fdf6 #28 Not tainted [ 28.326621] ------------------------------------------------------- [ 28.333167] syzkaller000956/3588 is trying to acquire lock: [ 28.338851] (&mm->mmap_sem){++++++}, at: [] __might_fault+0xe4/0x1d0 [ 28.347432] [ 28.347432] but task is already holding lock: [ 28.353370] (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 28.361880] [ 28.361880] which lock already depends on the new lock. [ 28.361880] [ 28.370163] [ 28.370163] the existing dependency chain (in reverse order) is: [ 28.377748] -> #1 (ashmem_mutex){+.+.+.}: [ 28.382495] [] lock_acquire+0x15e/0x460 [ 28.388736] [] mutex_lock_nested+0xbb/0x850 [ 28.395321] [] ashmem_mmap+0x53/0x400 [ 28.401373] [] mmap_region+0x94f/0x1250 [ 28.407603] [] do_mmap+0x4fd/0x9d0 [ 28.413398] [] vm_mmap_pgoff+0x16e/0x1c0 [ 28.419711] [] SyS_mmap_pgoff+0x33f/0x560 [ 28.426114] [] SyS_mmap+0x16/0x20 [ 28.431820] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 28.439012] -> #0 (&mm->mmap_sem){++++++}: [ 28.443868] [] __lock_acquire+0x371f/0x4b50 [ 28.450448] [] lock_acquire+0x15e/0x460 [ 28.456674] [] __might_fault+0x14a/0x1d0 [ 28.462989] [] ashmem_ioctl+0x3b4/0xfa0 [ 28.469227] [] do_vfs_ioctl+0x7aa/0xee0 [ 28.475458] [] SyS_ioctl+0x8f/0xc0 [ 28.481249] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 28.488439] [ 28.488439] other info that might help us debug this: [ 28.488439] [ 28.496550] Possible unsafe locking scenario: [ 28.496550] [ 28.502595] CPU0 CPU1 [ 28.507238] ---- ---- [ 28.511873] lock(ashmem_mutex); [ 28.515524] lock(&mm->mmap_sem); [ 28.521777] lock(ashmem_mutex); [ 28.527941] lock(&mm->mmap_sem); [ 28.531682] [ 28.531682] *** DEADLOCK *** [ 28.531682] [ 28.537708] 1 lock held by syzkaller000956/3588: [ 28.542426] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 28.551465] [ 28.551465] stack backtrace: [ 28.555929] CPU: 1 PID: 3588 Comm: syzkaller000956 Not tainted 4.4.120-gd63fdf6 #28 [ 28.563687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.573011] 0000000000000000 9012d1071072413a ffff8800b84179b8 ffffffff81d0408d [ 28.581004] ffffffff851a0010 ffffffff851a0010 ffffffff851bdf50 ffff8801cf0c20f8 [ 28.588972] ffff8801cf0c1800 ffff8800b8417a00 ffffffff81233ba1 ffff8801cf0c20f8 [ 28.596928] Call Trace: [ 28.599485] [] dump_stack+0xc1/0x124 [ 28.604818] [] print_circular_bug+0x271/0x310 [ 28.610932] [] __lock_acquire+0x371f/0x4b50 [ 28.616878] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 28.623859] [] ? mark_held_locks+0xaf/0x100 [ 28.629817] [] ? __lock_is_held+0xa1/0xf0 [ 28.635602] [] lock_acquire+0x15e/0x460 [ 28.641205] [] ? __might_fault+0xe4/0x1d0 [ 28.646968] [] __might_fault+0x14a/0x1d0 [ 28.652645] [] ? __might_fault+0xe4/0x1d0 [ 28.658869] [] ashmem_ioctl+0x3b4/0xfa0 [ 28.664471] [] ? mmap_region+0x3f9/0x1250 [ 28.670236] [] ? ashmem_shrink_scan+0x390/0x390 [ 28.676539] [] ? vm_mmap_pgoff+0x180/0x1c0 [ 28.682393] [] ? ashmem_shrink_scan+0x390/0x390 [ 28.688681] [] do_vfs_ioctl+0x7aa/0xee0 [ 28.694271] [] ? ioctl_preallocate+0x1f0/0x1f0 [ 28.700470] [] ? fput+0x20/0x150 [ 28.705460] [] ? SyS_mmap_pg