[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 20.460482] random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available) [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 24.690820] random: sshd: uninitialized urandom read (32 bytes read, 38 bits of entropy available) [ 25.094741] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available) [ 26.066897] random: nonblocking pool is initialized Warning: Permanently added '10.128.0.8' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 31.866272] [ 31.867917] ====================================================== [ 31.874200] [ INFO: possible circular locking dependency detected ] [ 31.880575] 4.4.120-gd63fdf6 #28 Not tainted [ 31.884950] ------------------------------------------------------- [ 31.891320] syzkaller092258/3776 is trying to acquire lock: [ 31.896997] (&mm->mmap_sem){++++++}, at: [] __might_fault+0xe4/0x1d0 [ 31.905589] [ 31.905589] but task is already holding lock: [ 31.911525] (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 31.920023] [ 31.920023] which lock already depends on the new lock. [ 31.920023] [ 31.928304] [ 31.928304] the existing dependency chain (in reverse order) is: [ 31.935892] -> #1 (ashmem_mutex){+.+.+.}: [ 31.940646] [] lock_acquire+0x15e/0x460 [ 31.946878] [] mutex_lock_nested+0xbb/0x850 [ 31.953453] [] ashmem_mmap+0x53/0x400 [ 31.959507] [] mmap_region+0x94f/0x1250 [ 31.965734] [] do_mmap+0x4fd/0x9d0 [ 31.971526] [] vm_mmap_pgoff+0x16e/0x1c0 [ 31.977846] [] SyS_mmap_pgoff+0x33f/0x560 [ 31.984253] [] SyS_mmap+0x16/0x20 [ 31.989966] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 31.997149] -> #0 (&mm->mmap_sem){++++++}: [ 32.001994] [] __lock_acquire+0x371f/0x4b50 [ 32.008568] [] lock_acquire+0x15e/0x460 [ 32.014801] [] __might_fault+0x14a/0x1d0 [ 32.021120] [] ashmem_ioctl+0x3b4/0xfa0 [ 32.027349] [] do_vfs_ioctl+0x7aa/0xee0 [ 32.033579] [] SyS_ioctl+0x8f/0xc0 [ 32.039377] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 32.046563] [ 32.046563] other info that might help us debug this: [ 32.046563] [ 32.054673] Possible unsafe locking scenario: [ 32.054673] [ 32.060698] CPU0 CPU1 [ 32.065334] ---- ---- [ 32.069968] lock(ashmem_mutex); [ 32.073619] lock(&mm->mmap_sem); [ 32.079870] lock(ashmem_mutex); [ 32.086039] lock(&mm->mmap_sem); [ 32.089782] [ 32.089782] *** DEADLOCK *** [ 32.089782] [ 32.095810] 1 lock held by syzkaller092258/3776: [ 32.100529] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 32.109578] [ 32.109578] stack backtrace: [ 32.114045] CPU: 1 PID: 3776 Comm: syzkaller092258 Not tainted 4.4.120-gd63fdf6 #28 [ 32.121803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.131124] 0000000000000000 4e317cce381f23ab ffff8801d91979b8 ffffffff81d0408d [ 32.139091] ffffffff851a0010 ffffffff851a0010 ffffffff851be2b0 ffff8801c703d0f8 [ 32.147061] ffff8801c703c800 ffff8801d9197a00 ffffffff81233ba1 ffff8801c703d0f8 [ 32.155033] Call Trace: [ 32.157592] [] dump_stack+0xc1/0x124 [ 32.162922] [] print_circular_bug+0x271/0x310 [ 32.169584] [] __lock_acquire+0x371f/0x4b50 [ 32.175524] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 32.182504] [] ? mark_held_locks+0xaf/0x100 [ 32.188443] [] ? __lock_is_held+0xa1/0xf0 [ 32.194211] [] lock_acquire+0x15e/0x460 [ 32.199805] [] ? __might_fault+0xe4/0x1d0 [ 32.205570] [] __might_fault+0x14a/0x1d0 [ 32.211248] [] ? __might_fault+0xe4/0x1d0 [ 32.217013] [] ashmem_ioctl+0x3b4/0xfa0 [ 32.222605] [] ? ashmem_shrink_scan+0x390/0x390 [ 32.228890] [] ? quarantine_put+0xab/0x180 [ 32.234744] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 32.241551] [] ? check_preemption_disabled+0x3b/0x200 [ 32.248358] [] ? check_preemption_disabled+0x3b/0x200 [ 32.255168] [] ? putname+0xee/0x130 [ 32.260413] [] ? ashmem_shrink_scan+0x390/0x390 executing program [ 32.266699] [] do_vfs_ioctl+0x7aa/0xee0 [ 32.272292] [] ? ioctl_preallocate+0x1f0/0x1f0 [ 32.278494] [] ? copy_fd_bitmaps+0x1a9/0x210 [ 32.284522] [] ? __fget+0x23a/0x3b0 [ 32.289770] [] ? __fget+0x47/0x3b0 [ 32.294932] [] ? security_file_ioctl+0x89/0xb0 [ 32.301134] [] SyS_ioctl+0x8f/0xc0 [ 32.306292] [] entry_SYSCALL_64_fastpath+0x1c/0x98