[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 21.120702] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available) [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [ 21.530822] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 21.965741] random: sshd: uninitialized urandom read (32 bytes read, 38 bits of entropy available) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 23.014682] random: sshd: uninitialized urandom read (32 bytes read, 126 bits of entropy available) [ 23.126593] random: nonblocking pool is initialized Warning: Permanently added '10.128.15.202' (ECDSA) to the list of known hosts. executing program [ 28.674482] [ 28.676132] ====================================================== [ 28.682422] [ INFO: possible circular locking dependency detected ] [ 28.688799] 4.4.118-g5f7f76a #24 Not tainted [ 28.693178] ------------------------------------------------------- [ 28.699553] syzkaller096592/3782 is trying to acquire lock: [ 28.705233] (&mm->mmap_sem){++++++}, at: [] __might_fault+0xe4/0x1d0 [ 28.713841] [ 28.713841] but task is already holding lock: [ 28.719785] (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 28.728303] [ 28.728303] which lock already depends on the new lock. [ 28.728303] [ 28.737057] [ 28.737057] the existing dependency chain (in reverse order) is: [ 28.744652] -> #1 (ashmem_mutex){+.+.+.}: [ 28.749431] [] lock_acquire+0x15e/0x460 [ 28.755675] [] mutex_lock_nested+0xbb/0x850 [ 28.762265] [] ashmem_mmap+0x53/0x400 [ 28.768332] [] mmap_region+0x94f/0x1250 [ 28.774570] [] do_mmap+0x4fd/0x9d0 [ 28.780378] [] vm_mmap_pgoff+0x16e/0x1c0 [ 28.786715] [] SyS_mmap_pgoff+0x33f/0x560 [ 28.793153] [] SyS_mmap+0x16/0x20 [ 28.798881] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 28.806077] -> #0 (&mm->mmap_sem){++++++}: [ 28.810947] [] __lock_acquire+0x371f/0x4b50 [ 28.817537] [] lock_acquire+0x15e/0x460 [ 28.823781] [] __might_fault+0x14a/0x1d0 [ 28.830110] [] ashmem_ioctl+0x3b4/0xfa0 [ 28.836355] [] do_vfs_ioctl+0x7aa/0xee0 [ 28.842594] [] SyS_ioctl+0x8f/0xc0 [ 28.848405] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 28.855605] [ 28.855605] other info that might help us debug this: [ 28.855605] [ 28.863722] Possible unsafe locking scenario: [ 28.863722] [ 28.869760] CPU0 CPU1 [ 28.874399] ---- ---- [ 28.879039] lock(ashmem_mutex); [ 28.882707] lock(&mm->mmap_sem); [ 28.888981] lock(ashmem_mutex); [ 28.895166] lock(&mm->mmap_sem); [ 28.898921] [ 28.898921] *** DEADLOCK *** [ 28.898921] [ 28.904954] 1 lock held by syzkaller096592/3782: [ 28.909681] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 28.918751] [ 28.918751] stack backtrace: [ 28.923219] CPU: 1 PID: 3782 Comm: syzkaller096592 Not tainted 4.4.118-g5f7f76a #24 [ 28.930982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.940317] 0000000000000000 577b8482c88357f7 ffff8800bb33f9b8 ffffffff81d0402d [ 28.948311] ffffffff8519fe60 ffffffff8519fe60 ffffffff851be610 ffff8801c5fba0f8 [ 28.956304] ffff8801c5fb9800 ffff8800bb33fa00 ffffffff81233ba1 ffff8801c5fba0f8 [ 28.964302] Call Trace: [ 28.966864] [] dump_stack+0xc1/0x124 [ 28.972203] [] print_circular_bug+0x271/0x310 [ 28.978319] [] __lock_acquire+0x371f/0x4b50 [ 28.984276] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 28.991273] [] ? mark_held_locks+0xaf/0x100 [ 28.997221] [] ? __lock_is_held+0xa1/0xf0 [ 29.002990] [] lock_acquire+0x15e/0x460 [ 29.008589] [] ? __might_fault+0xe4/0x1d0 [ 29.014358] [] __might_fault+0x14a/0x1d0 [ 29.020041] [] ? __might_fault+0xe4/0x1d0 [ 29.025818] [] ashmem_ioctl+0x3b4/0xfa0 [ 29.031422] [] ? mmap_region+0x3f9/0x1250 [ 29.037191] [] ? ashmem_shrink_scan+0x390/0x390 [ 29.043485] [] ? vm_mmap_pgoff+0x180/0x1c0 [ 29.049341] [] ? ashmem_shrink_scan+0x390/0x390 [ 29.055632] [] do_vfs_ioctl+0x7aa/0xee0 [ 29.061232] [] ? ioctl_preallocate+0x1f0/0x1f0 [ 29.067435] [] ? fput+0x20/0x150 [ 29.072427] [] ? SyS_mm