[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 20.285729] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available) [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 24.521480] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 24.822611] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 25.820231] random: sshd: uninitialized urandom read (32 bytes read, 116 bits of entropy available) [ 25.989438] random: sshd: uninitialized urandom read (32 bytes read, 121 bits of entropy available) Warning: Permanently added '10.128.0.46' (ECDSA) to the list of known hosts. [ 31.376513] random: sshd: uninitialized urandom read (32 bytes read, 125 bits of entropy available) 2018/03/18 19:18:47 parsed 1 programs 2018/03/18 19:18:47 executed programs: 0 [ 31.737838] IPVS: Creating netns size=2552 id=1 [ 31.771055] IPVS: Creating netns size=2552 id=2 [ 31.806898] IPVS: Creating netns size=2552 id=3 [ 31.846456] IPVS: Creating netns size=2552 id=4 [ 31.899373] IPVS: Creating netns size=2552 id=5 [ 31.943974] IPVS: Creating netns size=2552 id=6 [ 31.990183] IPVS: Creating netns size=2552 id=7 [ 32.036983] IPVS: Creating netns size=2552 id=8 [ 34.982314] [ 34.983974] ====================================================== [ 34.990273] [ INFO: possible circular locking dependency detected ] [ 34.996646] 4.4.120-gd63fdf6 #29 Not tainted [ 35.001019] ------------------------------------------------------- [ 35.007391] syz-executor7/5641 is trying to acquire lock: [ 35.012893] (&mm->mmap_sem){++++++}, at: [] __might_fault+0xe4/0x1d0 [ 35.021470] [ 35.021470] but task is already holding lock: [ 35.027408] (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 35.035907] [ 35.035907] which lock already depends on the new lock. [ 35.035907] [ 35.044188] [ 35.044188] the existing dependency chain (in reverse order) is: [ 35.051775] -> #1 (ashmem_mutex){+.+.+.}: [ 35.056525] [] lock_acquire+0x15e/0x460 [ 35.062751] [] mutex_lock_nested+0xbb/0x850 [ 35.069326] [] ashmem_mmap+0x53/0x400 [ 35.075377] [] mmap_region+0x94f/0x1250 [ 35.081606] [] do_mmap+0x4fd/0x9d0 [ 35.087427] [] vm_mmap_pgoff+0x16e/0x1c0 [ 35.093740] [] SyS_mmap_pgoff+0x33f/0x560 [ 35.100147] [] do_fast_syscall_32+0x321/0x8a0 [ 35.106904] [] sysenter_flags_fixed+0xd/0x17 [ 35.113567] -> #0 (&mm->mmap_sem){++++++}: [ 35.118413] [] __lock_acquire+0x371f/0x4b50 [ 35.124993] [] lock_acquire+0x15e/0x460 [ 35.131220] [] __might_fault+0x14a/0x1d0 [ 35.137532] [] ashmem_ioctl+0x3b4/0xfa0 [ 35.143758] [] compat_ashmem_ioctl+0x3e/0x50 [ 35.150418] [] compat_SyS_ioctl+0x28a/0x2540 [ 35.157078] [] do_fast_syscall_32+0x321/0x8a0 [ 35.163830] [] sysenter_flags_fixed+0xd/0x17 [ 35.170498] [ 35.170498] other info that might help us debug this: [ 35.170498] [ 35.178609] Possible unsafe locking scenario: [ 35.178609] [ 35.184633] CPU0 CPU1 [ 35.189264] ---- ---- [ 35.193895] lock(ashmem_mutex); [ 35.197542] lock(&mm->mmap_sem); [ 35.203807] lock(ashmem_mutex); [ 35.209979] lock(&mm->mmap_sem); [ 35.213711] [ 35.213711] *** DEADLOCK *** [ 35.213711] [ 35.219738] 1 lock held by syz-executor7/5641: [ 35.224282] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 35.233337] [ 35.233337] stack backtrace: [ 35.237801] CPU: 0 PID: 5641 Comm: syz-executor7 Not tainted 4.4.120-gd63fdf6 #29 [ 35.245385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.254708] 0000000000000000 b94b9f8d080e674a ffff8801d73978a8 ffffffff81d0408d [ 35.262663] ffffffff851a0010 ffffffff851a0010 ffffffff851beb20 ffff8801d4f868f8 [ 35.270631] ffff8801d4f86000 ffff8801d73978f0 ffffffff81233ba1 ffff8801d4f868f8 [ 35.278590] Call Trace: [ 35.281149] [] dump_stack+0xc1/0x124 [ 35.286481] [] print_circular_bug+0x271/0x310 [ 35.292592] [] __lock_acquire+0x371f/0x4b50 [ 35.298532] [] ? avc_has_extended_perms+0xe2/0xf30 [ 35.305079] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 35.312059] [] ? mark_held_locks+0xaf/0x100 [ 35.317997] [] ? __lock_is_held+0xa1/0xf0 [ 35.323761] [] lock_acquire+0x15e/0x460 [ 35.329355] [] ? __might_fault+0xe4/0x1d0 [ 35.335122] [] __might_fault+0x14a/0x1d0 [ 35.340799] [] ? __might_fault+0xe4/0x1d0 [ 35.346564] [] ashmem_ioctl+0x3b4/0xfa0 [ 35.352158] [] ? selinux_file_ioctl+0x363/0x570 [ 35.358446] [] ? selinux_capable+0x30/0x30 [ 35.364298] [] ? ashmem_shrink_scan+0x390/0x390 [ 35.370590] [] ? __fget+0x213/0x3b0 [ 35.375836] [] ? __fget+0x23a/0x3b0 [ 35.381077] [] ? __fget+0x47/0x3b0 [ 35.386242] [] compat_ashmem_ioctl+0x3e/0x50 [ 35.392269] [] compat_SyS_ioctl+0x28a/0x2540 [ 35.398292] [] ? ashmem_ioctl+0xfa0/0xfa0 [ 35.404056] [] ? compat_SyS_ppoll+0x420/0x420 [ 35.410170] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 35.417152] [] ? _raw_spin_unlock_irq+0x27/0x50 [ 35.423437] [] ? do_fast_syscall_32+0xd7/0x8a0 [ 35.429637] [] ? compat_SyS_ppoll+0x420/0x420 [ 35.435751] [] do_fast_syscall_32+0x321/0x8a0 [ 35.441864] [] sysenter_flags_fixed+0xd/0x17 2018/03/18 19:18:52 executed programs: 849 [ 36.754152] random: nonblocking pool is initialized 2018/03/18 19:18:57 executed programs: 1779