[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 20.835935] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available) [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 25.209068] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available) [ 25.529923] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available) [ 26.564066] random: sshd: uninitialized urandom read (32 bytes read, 115 bits of entropy available) [ 26.731574] random: sshd: uninitialized urandom read (32 bytes read, 119 bits of entropy available) Warning: Permanently added '10.128.0.15' (ECDSA) to the list of known hosts. [ 32.089780] random: sshd: uninitialized urandom read (32 bytes read, 124 bits of entropy available) 2018/03/06 12:54:02 parsed 1 programs 2018/03/06 12:54:02 executed programs: 0 [ 32.414410] IPVS: Creating netns size=2552 id=1 [ 32.446086] [ 32.447720] ====================================================== [ 32.454002] [ INFO: possible circular locking dependency detected ] [ 32.460374] 4.4.120-gd63fdf6 #29 Not tainted [ 32.464746] ------------------------------------------------------- [ 32.471115] syz-executor0/3796 is trying to acquire lock: [ 32.476618] (&mm->mmap_sem){++++++}, at: [] __might_fault+0xe4/0x1d0 [ 32.485204] [ 32.485204] but task is already holding lock: [ 32.491142] (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 32.499635] [ 32.499635] which lock already depends on the new lock. [ 32.499635] [ 32.507919] [ 32.507919] the existing dependency chain (in reverse order) is: [ 32.515506] -> #1 (ashmem_mutex){+.+.+.}: [ 32.520255] [] lock_acquire+0x15e/0x460 [ 32.526485] [] mutex_lock_nested+0xbb/0x850 [ 32.533065] [] ashmem_mmap+0x53/0x400 [ 32.539123] [] mmap_region+0x94f/0x1250 [ 32.545362] [] do_mmap+0x4fd/0x9d0 [ 32.551156] [] vm_mmap_pgoff+0x16e/0x1c0 [ 32.557475] [] SyS_mmap_pgoff+0x33f/0x560 [ 32.563902] [] do_fast_syscall_32+0x321/0x8a0 [ 32.570655] [] sysenter_flags_fixed+0xd/0x17 [ 32.577322] -> #0 (&mm->mmap_sem){++++++}: [ 32.582159] [] __lock_acquire+0x371f/0x4b50 [ 32.588735] [] lock_acquire+0x15e/0x460 [ 32.594964] [] __might_fault+0x14a/0x1d0 [ 32.601282] [] ashmem_ioctl+0x3b4/0xfa0 [ 32.607512] [] compat_ashmem_ioctl+0x3e/0x50 [ 32.614180] [] compat_SyS_ioctl+0x28a/0x2540 [ 32.620844] [] do_fast_syscall_32+0x321/0x8a0 [ 32.627614] [] sysenter_flags_fixed+0xd/0x17 [ 32.634285] [ 32.634285] other info that might help us debug this: [ 32.634285] [ 32.642401] Possible unsafe locking scenario: [ 32.642401] [ 32.648428] CPU0 CPU1 [ 32.653060] ---- ---- [ 32.657694] lock(ashmem_mutex); [ 32.661343] lock(&mm->mmap_sem); [ 32.667599] lock(ashmem_mutex); [ 32.673764] lock(&mm->mmap_sem); [ 32.677506] [ 32.677506] *** DEADLOCK *** [ 32.677506] [ 32.683533] 1 lock held by syz-executor0/3796: [ 32.688078] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 32.697141] [ 32.697141] stack backtrace: [ 32.701609] CPU: 1 PID: 3796 Comm: syz-executor0 Not tainted 4.4.120-gd63fdf6 #29 [ 32.709193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.718517] 0000000000000000 cf5cf5db592303c9 ffff8801d88ef8a8 ffffffff81d0408d [ 32.726486] ffffffff8519fe60 ffffffff8519fe60 ffffffff851bee80 ffff8800b3d150f8 [ 32.734453] ffff8800b3d14800 ffff8801d88ef8f0 ffffffff81233ba1 ffff8800b3d150f8 [ 32.742418] Call Trace: [ 32.744977] [] dump_stack+0xc1/0x124 [ 32.750308] [] print_circular_bug+0x271/0x310 [ 32.756420] [] __lock_acquire+0x371f/0x4b50 [ 32.762359] [] ? avc_has_extended_perms+0xe2/0xf30 [ 32.768910] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 32.775891] [] ? mark_held_locks+0xaf/0x100 [ 32.781832] [] ? __lock_is_held+0xa1/0xf0 [ 32.787601] [] lock_acquire+0x15e/0x460 [ 32.793197] [] ? __might_fault+0xe4/0x1d0 [ 32.798966] [] __might_fault+0x14a/0x1d0 [ 32.804646] [] ? __might_fault+0xe4/0x1d0 [ 32.810412] [] ashmem_ioctl+0x3b4/0xfa0 [ 32.816008] [] ? selinux_file_ioctl+0x363/0x570 [ 32.822294] [] ? selinux_capable+0x30/0x30 [ 32.828148] [] ? ashmem_shrink_scan+0x390/0x390 [ 32.834437] [] ? vma_set_page_prot+0x10b/0x150 [ 32.840640] [] ? exit_robust_list+0x240/0x240 [ 32.846751] [] compat_ashmem_ioctl+0x3e/0x50 [ 32.852777] [] compat_SyS_ioctl+0x28a/0x2540 [ 32.858802] [] ? vm_mmap_pgoff+0x180/0x1c0 [ 32.864651] [] ? ashmem_ioctl+0xfa0/0xfa0 [ 32.870416] [] ? compat_SyS_ppoll+0x420/0x420 [ 32.876528] [] ? vm_mmap_pgoff+0xdf/0x1c0 [ 32.882299] [] ? compat_SyS_futex+0x1f9/0x2a0 [ 32.888414] [] ? compat_SyS_get_robust_list+0x300/0x300 [ 32.895394] [