[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 26.043348] random: sshd: uninitialized urandom read (32 bytes read, 40 bits of entropy available) [ 26.382823] random: sshd: uninitialized urandom read (32 bytes read, 41 bits of entropy available) [ 27.395209] random: sshd: uninitialized urandom read (32 bytes read, 124 bits of entropy available) [ 27.554668] random: sshd: uninitialized urandom read (32 bytes read, 127 bits of entropy available) [ 27.662519] random: nonblocking pool is initialized Warning: Permanently added '10.128.0.34' (ECDSA) to the list of known hosts. executing program [ 33.010306] [ 33.011989] ====================================================== [ 33.018273] [ INFO: possible circular locking dependency detected ] [ 33.024645] 4.4.118-g5f7f76a #25 Not tainted [ 33.029017] ------------------------------------------------------- [ 33.035386] syzkaller790963/3786 is trying to acquire lock: [ 33.041063] (&mm->mmap_sem){++++++}, at: [] __might_fault+0xe4/0x1d0 [ 33.049646] [ 33.049646] but task is already holding lock: [ 33.055582] (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 33.064093] [ 33.064093] which lock already depends on the new lock. [ 33.064093] [ 33.072375] [ 33.072375] the existing dependency chain (in reverse order) is: [ 33.079963] -> #1 (ashmem_mutex){+.+.+.}: [ 33.084716] [] lock_acquire+0x15e/0x460 [ 33.090952] [] mutex_lock_nested+0xbb/0x850 [ 33.097528] [] ashmem_mmap+0x53/0x400 [ 33.103583] [] mmap_region+0x94f/0x1250 [ 33.109817] [] do_mmap+0x4fd/0x9d0 [ 33.115612] [] vm_mmap_pgoff+0x16e/0x1c0 [ 33.121931] [] SyS_mmap_pgoff+0x33f/0x560 [ 33.128344] [] do_fast_syscall_32+0x321/0x8a0 [ 33.135104] [] sysenter_flags_fixed+0xd/0x17 [ 33.141766] -> #0 (&mm->mmap_sem){++++++}: [ 33.146609] [] __lock_acquire+0x371f/0x4b50 [ 33.153188] [] lock_acquire+0x15e/0x460 [ 33.159424] [] __might_fault+0x14a/0x1d0 [ 33.165743] [] ashmem_ioctl+0x3b4/0xfa0 [ 33.171972] [] compat_ashmem_ioctl+0x3e/0x50 [ 33.178635] [] compat_SyS_ioctl+0x28a/0x2540 [ 33.185303] [] do_fast_syscall_32+0x321/0x8a0 [ 33.192051] [] sysenter_flags_fixed+0xd/0x17 [ 33.198713] [ 33.198713] other info that might help us debug this: [ 33.198713] [ 33.206822] Possible unsafe locking scenario: [ 33.206822] [ 33.212847] CPU0 CPU1 [ 33.217482] ---- ---- [ 33.222113] lock(ashmem_mutex); [ 33.225767] lock(&mm->mmap_sem); [ 33.232028] lock(ashmem_mutex); [ 33.238191] lock(&mm->mmap_sem); [ 33.241932] [ 33.241932] *** DEADLOCK *** [ 33.241932] [ 33.247960] 1 lock held by syzkaller790963/3786: [ 33.252680] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 33.261719] [ 33.261719] stack backtrace: [ 33.266184] CPU: 1 PID: 3786 Comm: syzkaller790963 Not tainted 4.4.118-g5f7f76a #25 [ 33.273942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.283265] 0000000000000000 bad25296bc00dd3c ffff8801d911f8a8 ffffffff81d0402d [ 33.291230] ffffffff8519fe60 ffffffff8519fe60 ffffffff851be7c0 ffff8801d97608f8 [ 33.299189] ffff8801d9760000 ffff8801d911f8f0 ffffffff81233ba1 ffff8801d97608f8 [ 33.307157] Call Trace: [ 33.309717] [] dump_stack+0xc1/0x124 [ 33.315049] [] print_circular_bug+0x271/0x310 [ 33.321163] [] __lock_acquire+0x371f/0x4b50 [ 33.327104] [] ? avc_has_extended_perms+0xe2/0xf30 [ 33.333670] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 33.340652] [] ? mark_held_locks+0xaf/0x100 [ 33.346603] [] ? __lock_is_held+0xa1/0xf0 [ 33.352367] [] lock_acquire+0x15e/0x460 [ 33.357959] [] ? __might_fault+0xe4/0x1d0 [ 33.363725] [] __might_fault+0x14a/0x1d0 [ 33.369403] [] ? __might_fault+0xe4/0x1d0 [ 33.375170] [] ashmem_ioctl+0x3b4/0xfa0 [ 33.380762] [] ? selinux_file_ioctl+0x363/0x570 [ 33.387048] [] ? vma_link+0xe4/0x170 [ 33.392379] [] ? selinux_capable+0x30/0x30 [ 33.398237] [] ? ashmem_shrink_scan+0x390/0x390 [ 33.404524] [] ? vma_set_page_prot+0x10b/0x150 [ 33.410724] [] ? mmap_region+0x3f9/0x1250 [ 33.416490] [] compat_ashmem_ioctl+0x3e/0x50 [ 33.422517] [] compat_SyS_ioctl+0x28a/0x2540 [ 33.428543] [] ? vm_mmap_pgoff+0x180/0x1c0 [ 33.434393] [] ? ashmem_ioctl+0xfa0/0xfa0 [ 33.440158] [] ? compat_SyS_ppoll+0x420/0x420 [ 33.446269] [] ? vm_mmap_pgoff+0xdf/0x1c0 [ 33.452034] [] ? vma_is_stack_for_task+0xa0/0xa0 [ 33.458409] [] ? fput+