[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 19.318986] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.638240] random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available) [ 20.830457] random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available) [ 21.800968] random: sshd: uninitialized urandom read (32 bytes read, 113 bits of entropy available) [ 21.975579] random: sshd: uninitialized urandom read (32 bytes read, 118 bits of entropy available) Warning: Permanently added '10.128.0.47' (ECDSA) to the list of known hosts. [ 27.381572] random: sshd: uninitialized urandom read (32 bytes read, 125 bits of entropy available) executing program [ 27.487490] [ 27.489125] ====================================================== [ 27.495405] [ INFO: possible circular locking dependency detected ] [ 27.501776] 4.4.120-gd63fdf6 #28 Not tainted [ 27.506146] ------------------------------------------------------- [ 27.512521] syzkaller084976/3618 is trying to acquire lock: [ 27.518199] (&mm->mmap_sem){++++++}, at: [] __might_fault+0xe4/0x1d0 [ 27.526776] [ 27.526776] but task is already holding lock: [ 27.532803] (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 27.541288] [ 27.541288] which lock already depends on the new lock. [ 27.541288] [ 27.549570] [ 27.549570] the existing dependency chain (in reverse order) is: [ 27.557159] -> #1 (ashmem_mutex){+.+.+.}: [ 27.561915] [] lock_acquire+0x15e/0x460 [ 27.568534] [] mutex_lock_nested+0xbb/0x850 [ 27.575112] [] ashmem_mmap+0x53/0x400 [ 27.581163] [] mmap_region+0x94f/0x1250 [ 27.587407] [] do_mmap+0x4fd/0x9d0 [ 27.593203] [] vm_mmap_pgoff+0x16e/0x1c0 [ 27.599522] [] SyS_mmap_pgoff+0x33f/0x560 [ 27.605933] [] SyS_mmap+0x16/0x20 [ 27.611643] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 27.618842] -> #0 (&mm->mmap_sem){++++++}: [ 27.623707] [] __lock_acquire+0x371f/0x4b50 [ 27.630289] [] lock_acquire+0x15e/0x460 [ 27.636531] [] __might_fault+0x14a/0x1d0 [ 27.642849] [] ashmem_ioctl+0x3b4/0xfa0 [ 27.649083] [] do_vfs_ioctl+0x7aa/0xee0 [ 27.655314] [] SyS_ioctl+0x8f/0xc0 [ 27.661104] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 27.668285] [ 27.668285] other info that might help us debug this: [ 27.668285] [ 27.676398] Possible unsafe locking scenario: [ 27.676398] [ 27.682428] CPU0 CPU1 [ 27.687065] ---- ---- [ 27.691695] lock(ashmem_mutex); [ 27.695345] lock(&mm->mmap_sem); [ 27.701597] lock(ashmem_mutex); [ 27.707758] lock(&mm->mmap_sem); [ 27.711493] [ 27.711493] *** DEADLOCK *** [ 27.711493] [ 27.717521] 1 lock held by syzkaller084976/3618: [ 27.722240] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 27.731280] [ 27.731280] stack backtrace: [ 27.735744] CPU: 0 PID: 3618 Comm: syzkaller084976 Not tainted 4.4.120-gd63fdf6 #28 [ 27.743502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.752829] 0000000000000000 9cae269eec8d0819 ffff8800b000f9b8 ffffffff81d0408d [ 27.760795] ffffffff851a0010 ffffffff851a0010 ffffffff851bd890 ffff8800b19db8f8 [ 27.768755] ffff8800b19db000 ffff8800b000fa00 ffffffff81233ba1 ffff8800b19db8f8 [ 27.776717] Call Trace: [ 27.779284] [] dump_stack+0xc1/0x124 [ 27.784614] [] print_circular_bug+0x271/0x310 [ 27.790726] [] __lock_acquire+0x371f/0x4b50 [ 27.796663] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 27.803646] [] ? mark_held_locks+0xaf/0x100 [ 27.809583] [] ? __lock_is_held+0xa1/0xf0 [ 27.815345] [] lock_acquire+0x15e/0x460 [ 27.820935] [] ? __might_fault+0xe4/0x1d0 [ 27.826702] [] __might_fault+0x14a/0x1d0 [ 27.832385] [] ? __might_fault+0xe4/0x1d0 [ 27.838157] [] ashmem_ioctl+0x3b4/0xfa0 [ 27.843751] [] ? mmap_region+0x3f9/0x1250 [ 27.849517] [] ? ashmem_shrink_scan+0x390/0x390 [ 27.855802] [] ? vm_mmap_pgoff+0x180/0x1c0 [ 27.861653] [] ? ashmem_shrink_scan+0x390/0x390 [ 27.867942] [] do_vfs_ioctl+0x7aa/0xee0 [ 27.873531] [] ? ioctl_preallocate+0x1f0/0x1f0 [ 27.879730] [] ? fput+0x20/0x150 [ 27.884714] [] ? SyS_mmap_pgoff+