[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 20.593225] random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available) [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 24.943847] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available) [ 25.285586] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available) [ 26.284728] random: sshd: uninitialized urandom read (32 bytes read, 116 bits of entropy available) [ 26.452207] random: sshd: uninitialized urandom read (32 bytes read, 120 bits of entropy available) Warning: Permanently added '10.128.0.43' (ECDSA) to the list of known hosts. [ 31.864651] random: sshd: uninitialized urandom read (32 bytes read, 128 bits of entropy available) executing program [ 31.953189] [ 31.954825] ====================================================== [ 31.961115] [ INFO: possible circular locking dependency detected ] [ 31.967487] 4.4.119-g024f962 #26 Not tainted [ 31.971859] ------------------------------------------------------- [ 31.978229] syzkaller429806/3770 is trying to acquire lock: [ 31.983905] (&mm->mmap_sem){++++++}, at: [] __might_fault+0xe4/0x1d0 [ 31.992483] [ 31.992483] but task is already holding lock: [ 31.998419] (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 32.006910] [ 32.006910] which lock already depends on the new lock. [ 32.006910] [ 32.015189] [ 32.015189] the existing dependency chain (in reverse order) is: [ 32.022776] -> #1 (ashmem_mutex){+.+.+.}: [ 32.027522] [] lock_acquire+0x15e/0x460 [ 32.033753] [] mutex_lock_nested+0xbb/0x850 [ 32.040329] [] ashmem_mmap+0x53/0x400 [ 32.046383] [] mmap_region+0x94f/0x1250 [ 32.052611] [] do_mmap+0x4fd/0x9d0 [ 32.058410] [] vm_mmap_pgoff+0x16e/0x1c0 [ 32.064724] [] SyS_mmap_pgoff+0x33f/0x560 [ 32.071123] [] SyS_mmap+0x16/0x20 [ 32.076831] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 32.084013] -> #0 (&mm->mmap_sem){++++++}: [ 32.088850] [] __lock_acquire+0x371f/0x4b50 [ 32.095430] [] lock_acquire+0x15e/0x460 [ 32.101654] [] __might_fault+0x14a/0x1d0 [ 32.107967] [] ashmem_ioctl+0x3b4/0xfa0 [ 32.114195] [] do_vfs_ioctl+0x7aa/0xee0 [ 32.120423] [] SyS_ioctl+0x8f/0xc0 [ 32.126214] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 32.133398] [ 32.133398] other info that might help us debug this: [ 32.133398] [ 32.141514] Possible unsafe locking scenario: [ 32.141514] [ 32.147538] CPU0 CPU1 [ 32.152170] ---- ---- [ 32.156802] lock(ashmem_mutex); [ 32.160447] lock(&mm->mmap_sem); [ 32.166705] lock(ashmem_mutex); [ 32.172869] lock(&mm->mmap_sem); [ 32.176603] [ 32.176603] *** DEADLOCK *** [ 32.176603] [ 32.182629] 1 lock held by syzkaller429806/3770: [ 32.187346] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 32.196379] [ 32.196379] stack backtrace: [ 32.200850] CPU: 0 PID: 3770 Comm: syzkaller429806 Not tainted 4.4.119-g024f962 #26 [ 32.209910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.219234] 0000000000000000 46396adc17665b73 ffff8800adf979b8 ffffffff81d0402d [ 32.227196] ffffffff851a0010 ffffffff851a0010 ffffffff851bdda0 ffff8800ad4688f8 [ 32.235155] ffff8800ad468000 ffff8800adf97a00 ffffffff81233ba1 ffff8800ad4688f8 [ 32.243124] Call Trace: [ 32.245686] [] dump_stack+0xc1/0x124 [ 32.251020] [] print_circular_bug+0x271/0x310 [ 32.257132] [] __lock_acquire+0x371f/0x4b50 [ 32.263067] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 32.270047] [] ? mark_held_locks+0xaf/0x100 [ 32.275986] [] ? __lock_is_held+0xa1/0xf0 [ 32.281748] [] lock_acquire+0x15e/0x460 [ 32.287339] [] ? __might_fault+0xe4/0x1d0 [ 32.293102] [] __might_fault+0x14a/0x1d0 [ 32.298779] [] ? __might_fault+0xe4/0x1d0 [ 32.304543] [] ashmem_ioctl+0x3b4/0xfa0 [ 32.310133] [] ? mmap_region+0x3f9/0x1250 [ 32.315895] [] ? ashmem_shrink_scan+0x390/0x390 [ 32.322183] [] ? vm_mmap_pgoff+0x180/0x1c0 [ 32.328036] [] ? ashmem_shrink_scan+0x390/0x390 [ 32.334320] [] do_vfs_ioctl+0x7aa/0xee0 [ 32.339917] [] ? ioctl_preallocate+0x1f0/0x1f0 [ 32.346116] [] ? fput+0x20/0x150 [ 32.351098] [] ? SyS_mma