[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 20.533376] random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available) [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 25.446143] random: sshd: uninitialized urandom read (32 bytes read, 40 bits of entropy available) [ 25.807191] random: sshd: uninitialized urandom read (32 bytes read, 42 bits of entropy available) [ 26.833617] random: sshd: uninitialized urandom read (32 bytes read, 122 bits of entropy available) [ 27.000570] random: sshd: uninitialized urandom read (32 bytes read, 126 bits of entropy available) Warning: Permanently added '10.128.0.47' (ECDSA) to the list of known hosts. [ 32.358382] random: nonblocking pool is initialized 2018/03/08 08:15:29 parsed 1 programs 2018/03/08 08:15:29 executed programs: 0 [ 32.704152] IPVS: Creating netns size=2552 id=1 [ 32.734614] [ 32.736236] ====================================================== [ 32.742516] [ INFO: possible circular locking dependency detected ] [ 32.748888] 4.4.120-gd63fdf6 #29 Not tainted [ 32.753259] ------------------------------------------------------- [ 32.759628] syz-executor0/3810 is trying to acquire lock: [ 32.765128] (&mm->mmap_sem){++++++}, at: [] __might_fault+0xe4/0x1d0 [ 32.773707] [ 32.773707] but task is already holding lock: [ 32.779645] (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 32.788143] [ 32.788143] which lock already depends on the new lock. [ 32.788143] [ 32.796427] [ 32.796427] the existing dependency chain (in reverse order) is: [ 32.804016] -> #1 (ashmem_mutex){+.+.+.}: [ 32.808776] [] lock_acquire+0x15e/0x460 [ 32.815011] [] mutex_lock_nested+0xbb/0x850 [ 32.821588] [] ashmem_mmap+0x53/0x400 [ 32.827654] [] mmap_region+0x94f/0x1250 [ 32.833883] [] do_mmap+0x4fd/0x9d0 [ 32.839675] [] vm_mmap_pgoff+0x16e/0x1c0 [ 32.845997] [] SyS_mmap_pgoff+0x33f/0x560 [ 32.852401] [] do_fast_syscall_32+0x321/0x8a0 [ 32.859152] [] sysenter_flags_fixed+0xd/0x17 [ 32.865816] -> #0 (&mm->mmap_sem){++++++}: [ 32.870659] [] __lock_acquire+0x371f/0x4b50 [ 32.877243] [] lock_acquire+0x15e/0x460 [ 32.883468] [] __might_fault+0x14a/0x1d0 [ 32.889785] [] ashmem_ioctl+0x3b4/0xfa0 [ 32.896015] [] compat_ashmem_ioctl+0x3e/0x50 [ 32.902692] [] compat_SyS_ioctl+0x28a/0x2540 [ 32.909353] [] do_fast_syscall_32+0x321/0x8a0 [ 32.916113] [] sysenter_flags_fixed+0xd/0x17 [ 32.922774] [ 32.922774] other info that might help us debug this: [ 32.922774] [ 32.930891] Possible unsafe locking scenario: [ 32.930891] [ 32.936912] CPU0 CPU1 [ 32.941546] ---- ---- [ 32.946179] lock(ashmem_mutex); [ 32.949829] lock(&mm->mmap_sem); [ 32.956088] lock(ashmem_mutex); [ 32.962252] lock(&mm->mmap_sem); [ 32.966485] [ 32.966485] *** DEADLOCK *** [ 32.966485] [ 32.972513] 1 lock held by syz-executor0/3810: [ 32.977058] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 32.986094] [ 32.986094] stack backtrace: [ 32.990559] CPU: 0 PID: 3810 Comm: syz-executor0 Not tainted 4.4.120-gd63fdf6 #29 [ 32.998149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.007479] 0000000000000000 1ea278535ddcaae2 ffff8801d97478a8 ffffffff81d0408d [ 33.015448] ffffffff851a0010 ffffffff851a0010 ffffffff851bee80 ffff8801d98e38f8 [ 33.023410] ffff8801d98e3000 ffff8801d97478f0 ffffffff81233ba1 ffff8801d98e38f8 [ 33.031373] Call Trace: [ 33.033940] [] dump_stack+0xc1/0x124 [ 33.039276] [] print_circular_bug+0x271/0x310 [ 33.045390] [] __lock_acquire+0x371f/0x4b50 [ 33.051342] [] ? avc_has_extended_perms+0xe2/0xf30 [ 33.057889] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 33.064869] [] ? mark_held_locks+0xaf/0x100 [ 33.070805] [] ? __lock_is_held+0xa1/0xf0 [ 33.076568] [] lock_acquire+0x15e/0x460 [ 33.082159] [] ? __might_fault+0xe4/0x1d0 [ 33.087924] [] __might_fault+0x14a/0x1d0 [ 33.093603] [] ? __might_fault+0xe4/0x1d0 [ 33.099368] [] ashmem_ioctl+0x3b4/0xfa0 [ 33.104961] [] ? selinux_file_ioctl+0x363/0x570 [ 33.111245] [] ? selinux_capable+0x30/0x30 [ 33.117096] [] ? ashmem_shrink_scan+0x390/0x390 [ 33.123383] [] ? vma_set_page_prot+0x10b/0x150 [ 33.129583] [] ? exit_robust_list+0x240/0x240 [ 33.135693] [] compat_ashmem_ioctl+0x3e/0x50 [ 33.141718] [] compat_SyS_ioctl+0x28a/0x2540 [ 33.147742] [] ? vm_mmap_pgoff+0x180/0x1c0 [ 33.153592] [] ? ashmem_ioctl+0xfa0/0xfa0 [ 33.159356] [] ? compat_SyS_ppoll+0x420/0x420 [ 33.165472] [] ? vm_mmap_pgoff+0xdf/0x1c0 [ 33.171236] [] ? compat_SyS_futex+0x1f9/0x2a0 [ 33.177348] [] ? compat_SyS_get_robust_list+0x300/0x300 [ 33.184330] [