[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 20.346642] random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available) [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 23.409716] random: sshd: uninitialized urandom read (32 bytes read, 40 bits of entropy available) [ 23.744275] random: sshd: uninitialized urandom read (32 bytes read, 40 bits of entropy available) [ 24.805683] random: sshd: uninitialized urandom read (32 bytes read, 125 bits of entropy available) [ 24.918545] random: nonblocking pool is initialized Warning: Permanently added '10.128.0.43' (ECDSA) to the list of known hosts. 2018/03/17 16:20:05 parsed 1 programs 2018/03/17 16:20:05 executed programs: 0 [ 30.704614] IPVS: Creating netns size=2552 id=1 [ 30.734925] [ 30.736556] ====================================================== [ 30.742837] [ INFO: possible circular locking dependency detected ] [ 30.749207] 4.4.120-gd63fdf6 #29 Not tainted [ 30.753580] ------------------------------------------------------- [ 30.759953] syz-executor0/3806 is trying to acquire lock: [ 30.765454] (&mm->mmap_sem){++++++}, at: [] __might_fault+0xe4/0x1d0 [ 30.774040] [ 30.774040] but task is already holding lock: [ 30.779978] (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 30.788473] [ 30.788473] which lock already depends on the new lock. [ 30.788473] [ 30.796754] [ 30.796754] the existing dependency chain (in reverse order) is: [ 30.804341] -> #1 (ashmem_mutex){+.+.+.}: [ 30.809095] [] lock_acquire+0x15e/0x460 [ 30.815323] [] mutex_lock_nested+0xbb/0x850 [ 30.821904] [] ashmem_mmap+0x53/0x400 [ 30.827965] [] mmap_region+0x94f/0x1250 [ 30.834194] [] do_mmap+0x4fd/0x9d0 [ 30.839986] [] vm_mmap_pgoff+0x16e/0x1c0 [ 30.846300] [] SyS_mmap_pgoff+0x33f/0x560 [ 30.852701] [] do_fast_syscall_32+0x321/0x8a0 [ 30.859448] [] sysenter_flags_fixed+0xd/0x17 [ 30.866109] -> #0 (&mm->mmap_sem){++++++}: [ 30.870939] [] __lock_acquire+0x371f/0x4b50 [ 30.877608] [] lock_acquire+0x15e/0x460 [ 30.883839] [] __might_fault+0x14a/0x1d0 [ 30.890152] [] ashmem_ioctl+0x3b4/0xfa0 [ 30.896384] [] compat_ashmem_ioctl+0x3e/0x50 [ 30.903045] [] compat_SyS_ioctl+0x28a/0x2540 [ 30.909709] [] do_fast_syscall_32+0x321/0x8a0 [ 30.916458] [] sysenter_flags_fixed+0xd/0x17 [ 30.923124] [ 30.923124] other info that might help us debug this: [ 30.923124] [ 30.931235] Possible unsafe locking scenario: [ 30.931235] [ 30.937256] CPU0 CPU1 [ 30.941891] ---- ---- [ 30.946522] lock(ashmem_mutex); [ 30.950179] lock(&mm->mmap_sem); [ 30.956440] lock(ashmem_mutex); [ 30.962604] lock(&mm->mmap_sem); [ 30.966343] [ 30.966343] *** DEADLOCK *** [ 30.966343] [ 30.972367] 1 lock held by syz-executor0/3806: [ 30.976911] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 30.985959] [ 30.985959] stack backtrace: [ 30.990424] CPU: 1 PID: 3806 Comm: syz-executor0 Not tainted 4.4.120-gd63fdf6 #29 [ 30.998009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.007330] 0000000000000000 196a37ff60d643a4 ffff8800aa9f78a8 ffffffff81d0408d [ 31.015295] ffffffff851a0010 ffffffff851a0010 ffffffff851bf030 ffff8801c45d50f8 [ 31.023256] ffff8801c45d4800 ffff8800aa9f78f0 ffffffff81233ba1 ffff8801c45d50f8 [ 31.031220] Call Trace: [ 31.033777] [] dump_stack+0xc1/0x124 [ 31.039116] [] print_circular_bug+0x271/0x310 [ 31.045227] [] __lock_acquire+0x371f/0x4b50 [ 31.051166] [] ? avc_has_extended_perms+0xe2/0xf30 [ 31.057715] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 31.064694] [] ? mark_held_locks+0xaf/0x100 [ 31.070641] [] ? __lock_is_held+0xa1/0xf0 [ 31.076412] [] lock_acquire+0x15e/0x460 [ 31.082007] [] ? __might_fault+0xe4/0x1d0 [ 31.087773] [] __might_fault+0x14a/0x1d0 [ 31.093450] [] ? __might_fault+0xe4/0x1d0 [ 31.099217] [] ashmem_ioctl+0x3b4/0xfa0 [ 31.104824] [] ? selinux_file_ioctl+0x363/0x570 [ 31.111124] [] ? selinux_capable+0x30/0x30 [ 31.116981] [] ? ashmem_shrink_scan+0x390/0x390 [ 31.123270] [] ? vma_set_page_prot+0x10b/0x150 [ 31.129469] [] ? exit_robust_list+0x240/0x240 [ 31.135592] [] compat_ashmem_ioctl+0x3e/0x50 [ 31.141624] [] compat_SyS_ioctl+0x28a/0x2540 [ 31.147652] [] ? vm_mmap_pgoff+0x180/0x1c0 [ 31.153511] [] ? ashmem_ioctl+0xfa0/0xfa0 [ 31.159275] [] ? compat_SyS_ppoll+0x420/0x420 [ 31.165385] [] ? vm_mmap_pgoff+0xdf/0x1c0 [ 31.171151] [] ? compat_SyS_futex+0x1f9/0x2a0 [ 31.177262] [] ? compat_SyS_get_robust_list+0x300/0x300 [ 31.184241] [