[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 21.107464] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available) [?25l[?1c7[ ok 8[?25h[?0c. [ 21.315069] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available) [ 21.598221] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 22.509081] random: sshd: uninitialized urandom read (32 bytes read, 102 bits of entropy available) [ 22.674226] random: sshd: uninitialized urandom read (32 bytes read, 106 bits of entropy available) Warning: Permanently added '10.128.0.14' (ECDSA) to the list of known hosts. [ 28.036950] random: sshd: uninitialized urandom read (32 bytes read, 110 bits of entropy available) 2018/03/18 05:27:13 parsed 1 programs 2018/03/18 05:27:13 executed programs: 0 [ 28.368313] IPVS: Creating netns size=2552 id=1 [ 28.398712] [ 28.400345] ====================================================== [ 28.406627] [ INFO: possible circular locking dependency detected ] [ 28.413000] 4.4.120-gd63fdf6 #29 Not tainted [ 28.417373] ------------------------------------------------------- [ 28.423742] syz-executor0/3790 is trying to acquire lock: [ 28.429245] (&mm->mmap_sem){++++++}, at: [] __might_fault+0xe4/0x1d0 [ 28.437833] [ 28.437833] but task is already holding lock: [ 28.443774] (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 28.452283] [ 28.452283] which lock already depends on the new lock. [ 28.452283] [ 28.460566] [ 28.460566] the existing dependency chain (in reverse order) is: [ 28.468153] -> #1 (ashmem_mutex){+.+.+.}: [ 28.472902] [] lock_acquire+0x15e/0x460 [ 28.479131] [] mutex_lock_nested+0xbb/0x850 [ 28.485710] [] ashmem_mmap+0x53/0x400 [ 28.491766] [] mmap_region+0x94f/0x1250 [ 28.497996] [] do_mmap+0x4fd/0x9d0 [ 28.503787] [] vm_mmap_pgoff+0x16e/0x1c0 [ 28.510099] [] SyS_mmap_pgoff+0x33f/0x560 [ 28.516502] [] do_fast_syscall_32+0x321/0x8a0 [ 28.523261] [] sysenter_flags_fixed+0xd/0x17 [ 28.529928] -> #0 (&mm->mmap_sem){++++++}: [ 28.534765] [] __lock_acquire+0x371f/0x4b50 [ 28.541341] [] lock_acquire+0x15e/0x460 [ 28.547570] [] __might_fault+0x14a/0x1d0 [ 28.553884] [] ashmem_ioctl+0x3b4/0xfa0 [ 28.560115] [] compat_ashmem_ioctl+0x3e/0x50 [ 28.566782] [] compat_SyS_ioctl+0x28a/0x2540 [ 28.573448] [] do_fast_syscall_32+0x321/0x8a0 [ 28.580196] [] sysenter_flags_fixed+0xd/0x17 [ 28.586861] [ 28.586861] other info that might help us debug this: [ 28.586861] [ 28.594971] Possible unsafe locking scenario: [ 28.594971] [ 28.600993] CPU0 CPU1 [ 28.605628] ---- ---- [ 28.610262] lock(ashmem_mutex); [ 28.613917] lock(&mm->mmap_sem); [ 28.620172] lock(ashmem_mutex); [ 28.626336] lock(&mm->mmap_sem); [ 28.630074] [ 28.630074] *** DEADLOCK *** [ 28.630074] [ 28.636101] 1 lock held by syz-executor0/3790: [ 28.640647] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 28.649680] [ 28.649680] stack backtrace: [ 28.654143] CPU: 1 PID: 3790 Comm: syz-executor0 Not tainted 4.4.120-gd63fdf6 #29 [ 28.661728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.671050] 0000000000000000 d26c45b29c0fee20 ffff8801d978f8a8 ffffffff81d0408d [ 28.679016] ffffffff851a0010 ffffffff851a0010 ffffffff851be970 ffff8800bb98d0f8 [ 28.686987] ffff8800bb98c800 ffff8801d978f8f0 ffffffff81233ba1 ffff8800bb98d0f8 [ 28.694950] Call Trace: [ 28.697505] [] dump_stack+0xc1/0x124 [ 28.702838] [] print_circular_bug+0x271/0x310 [ 28.708948] [] __lock_acquire+0x371f/0x4b50 [ 28.714886] [] ? avc_has_extended_perms+0xe2/0xf30 [ 28.721433] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 28.728413] [] ? mark_held_locks+0xaf/0x100 [ 28.734350] [] ? __lock_is_held+0xa1/0xf0 [ 28.740116] [] lock_acquire+0x15e/0x460 [ 28.745706] [] ? __might_fault+0xe4/0x1d0 [ 28.751469] [] __might_fault+0x14a/0x1d0 [ 28.757144] [] ? __might_fault+0xe4/0x1d0 [ 28.762913] [] ashmem_ioctl+0x3b4/0xfa0 [ 28.768502] [] ? selinux_file_ioctl+0x363/0x570 [ 28.774788] [] ? selinux_capable+0x30/0x30 [ 28.780637] [] ? ashmem_shrink_scan+0x390/0x390 [ 28.786924] [] ? vma_set_page_prot+0x10b/0x150 [ 28.793124] [] ? exit_robust_list+0x240/0x240 [ 28.799239] [] compat_ashmem_ioctl+0x3e/0x50 [ 28.805265] [] compat_SyS_ioctl+0x28a/0x2540 [ 28.811290] [] ? vm_mmap_pgoff+0x180/0x1c0 [ 28.817141] [] ? ashmem_ioctl+0xfa0/0xfa0 [ 28.822909] [] ? compat_SyS_ppoll+0x420/0x420 [ 28.829019] [] ? vm_mmap_pgoff+0xdf/0x1c0 [ 28.834785] [] ? compat_SyS_futex+0x1f9/0x2a0 [ 28.840899] [] ? compat_SyS_get_robust_list+0x300/0x300 [ 28.847879] [