[ 20.771674] random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 24.764635] random: sshd: uninitialized urandom read (32 bytes read, 40 bits of entropy available) [ 25.119196] random: sshd: uninitialized urandom read (32 bytes read, 41 bits of entropy available) [ 26.092160] random: sshd: uninitialized urandom read (32 bytes read, 121 bits of entropy available) [ 26.254972] random: sshd: uninitialized urandom read (32 bytes read, 124 bits of entropy available) Warning: Permanently added '10.128.0.54' (ECDSA) to the list of known hosts. [ 31.600559] random: nonblocking pool is initialized 2018/03/21 01:22:53 parsed 1 programs 2018/03/21 01:22:53 executed programs: 0 [ 31.963184] IPVS: Creating netns size=2552 id=1 [ 31.993691] [ 31.995326] ====================================================== [ 32.001611] [ INFO: possible circular locking dependency detected ] [ 32.007983] 4.4.120-gd63fdf6 #29 Not tainted [ 32.012356] ------------------------------------------------------- [ 32.018728] syz-executor0/3776 is trying to acquire lock: [ 32.024228] (&mm->mmap_sem){++++++}, at: [] __might_fault+0xe4/0x1d0 [ 32.032805] [ 32.032805] but task is already holding lock: [ 32.038744] (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 32.047239] [ 32.047239] which lock already depends on the new lock. [ 32.047239] [ 32.055520] [ 32.055520] the existing dependency chain (in reverse order) is: [ 32.063108] -> #1 (ashmem_mutex){+.+.+.}: [ 32.067873] [] lock_acquire+0x15e/0x460 [ 32.074107] [] mutex_lock_nested+0xbb/0x850 [ 32.080689] [] ashmem_mmap+0x53/0x400 [ 32.086747] [] mmap_region+0x94f/0x1250 [ 32.092987] [] do_mmap+0x4fd/0x9d0 [ 32.098793] [] vm_mmap_pgoff+0x16e/0x1c0 [ 32.105107] [] SyS_mmap_pgoff+0x33f/0x560 [ 32.111521] [] do_fast_syscall_32+0x321/0x8a0 [ 32.118276] [] sysenter_flags_fixed+0xd/0x17 [ 32.124942] -> #0 (&mm->mmap_sem){++++++}: [ 32.129795] [] __lock_acquire+0x371f/0x4b50 [ 32.136372] [] lock_acquire+0x15e/0x460 [ 32.142599] [] __might_fault+0x14a/0x1d0 [ 32.148916] [] ashmem_ioctl+0x3b4/0xfa0 [ 32.155148] [] compat_ashmem_ioctl+0x3e/0x50 [ 32.161819] [] compat_SyS_ioctl+0x28a/0x2540 [ 32.168481] [] do_fast_syscall_32+0x321/0x8a0 [ 32.175229] [] sysenter_flags_fixed+0xd/0x17 [ 32.181908] [ 32.181908] other info that might help us debug this: [ 32.181908] [ 32.190021] Possible unsafe locking scenario: [ 32.190021] [ 32.196047] CPU0 CPU1 [ 32.200681] ---- ---- [ 32.205316] lock(ashmem_mutex); [ 32.208967] lock(&mm->mmap_sem); [ 32.215231] lock(ashmem_mutex); [ 32.221398] lock(&mm->mmap_sem); [ 32.225134] [ 32.225134] *** DEADLOCK *** [ 32.225134] [ 32.231169] 1 lock held by syz-executor0/3776: [ 32.235716] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 32.244764] [ 32.244764] stack backtrace: [ 32.249229] CPU: 1 PID: 3776 Comm: syz-executor0 Not tainted 4.4.120-gd63fdf6 #29 [ 32.256813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.266138] 0000000000000000 9d74a080e2c32d58 ffff8801cc0d78a8 ffffffff81d0408d [ 32.274115] ffffffff851a0010 ffffffff851a0010 ffffffff851bee80 ffff8801d8ee20f8 [ 32.282078] ffff8801d8ee1800 ffff8801cc0d78f0 ffffffff81233ba1 ffff8801d8ee20f8 [ 32.290048] Call Trace: [ 32.292606] [] dump_stack+0xc1/0x124 [ 32.297942] [] print_circular_bug+0x271/0x310 [ 32.304056] [] __lock_acquire+0x371f/0x4b50 [ 32.309998] [] ? avc_has_extended_perms+0xe2/0xf30 [ 32.316556] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 32.323540] [] ? mark_held_locks+0xaf/0x100 [ 32.329489] [] ? __lock_is_held+0xa1/0xf0 [ 32.335264] [] lock_acquire+0x15e/0x460 [ 32.340855] [] ? __might_fault+0xe4/0x1d0 [ 32.346621] [] __might_fault+0x14a/0x1d0 [ 32.352303] [] ? __might_fault+0xe4/0x1d0 [ 32.358067] [] ashmem_ioctl+0x3b4/0xfa0 [ 32.363671] [] ? selinux_file_ioctl+0x363/0x570 [ 32.369960] [] ? selinux_capable+0x30/0x30 [ 32.375815] [] ? ashmem_shrink_scan+0x390/0x390 [ 32.382107] [] ? vma_set_page_prot+0x10b/0x150 [ 32.388310] [] ? exit_robust_list+0x240/0x240 [ 32.394429] [] compat_ashmem_ioctl+0x3e/0x50 [ 32.400466] [] compat_SyS_ioctl+0x28a/0x2540 [ 32.406493] [] ? vm_mmap_pgoff+0x180/0x1c0 [ 32.412349] [] ? ashmem_ioctl+0xfa0/0xfa0 [ 32.418129] [] ? compat_SyS_ppoll+0x420/0x420 [ 32.424249] [] ? vm_mmap_pgoff+0xdf/0x1c0 [ 32.430023] [] ? compat_SyS_futex+0x1f9/0x2a0 [ 32.436137] [] ? compat_SyS_get_robust_list+0x300/0x300 [ 32.443116] [