[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 19.185990] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 21.248888] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available) [ 21.438556] random: sshd: uninitialized urandom read (32 bytes read, 38 bits of entropy available) [ 22.396133] random: sshd: uninitialized urandom read (32 bytes read, 109 bits of entropy available) [ 26.918659] random: sshd: uninitialized urandom read (32 bytes read, 118 bits of entropy available) Warning: Permanently added '10.128.0.5' (ECDSA) to the list of known hosts. [ 32.256939] random: sshd: uninitialized urandom read (32 bytes read, 121 bits of entropy available) 2018/03/16 19:29:45 parsed 1 programs 2018/03/16 19:29:45 executed programs: 0 [ 32.600305] IPVS: Creating netns size=2552 id=1 [ 32.630717] [ 32.632350] ====================================================== [ 32.638630] [ INFO: possible circular locking dependency detected ] [ 32.645003] 4.4.120-gd63fdf6 #29 Not tainted [ 32.649374] ------------------------------------------------------- [ 32.655744] syz-executor0/3807 is trying to acquire lock: [ 32.661244] (&mm->mmap_sem){++++++}, at: [] __might_fault+0xe4/0x1d0 [ 32.669832] [ 32.669832] but task is already holding lock: [ 32.675771] (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 32.684256] [ 32.684256] which lock already depends on the new lock. [ 32.684256] [ 32.692537] [ 32.692537] the existing dependency chain (in reverse order) is: [ 32.700124] -> #1 (ashmem_mutex){+.+.+.}: [ 32.704875] [] lock_acquire+0x15e/0x460 [ 32.711103] [] mutex_lock_nested+0xbb/0x850 [ 32.717685] [] ashmem_mmap+0x53/0x400 [ 32.723751] [] mmap_region+0x94f/0x1250 [ 32.729978] [] do_mmap+0x4fd/0x9d0 [ 32.735786] [] vm_mmap_pgoff+0x16e/0x1c0 [ 32.742100] [] SyS_mmap_pgoff+0x33f/0x560 [ 32.748512] [] do_fast_syscall_32+0x321/0x8a0 [ 32.755258] [] sysenter_flags_fixed+0xd/0x17 [ 32.761931] -> #0 (&mm->mmap_sem){++++++}: [ 32.766777] [] __lock_acquire+0x371f/0x4b50 [ 32.773355] [] lock_acquire+0x15e/0x460 [ 32.779582] [] __might_fault+0x14a/0x1d0 [ 32.785895] [] ashmem_ioctl+0x3b4/0xfa0 [ 32.792134] [] compat_ashmem_ioctl+0x3e/0x50 [ 32.798794] [] compat_SyS_ioctl+0x28a/0x2540 [ 32.805463] [] do_fast_syscall_32+0x321/0x8a0 [ 32.812212] [] sysenter_flags_fixed+0xd/0x17 [ 32.818875] [ 32.818875] other info that might help us debug this: [ 32.818875] [ 32.826983] Possible unsafe locking scenario: [ 32.826983] [ 32.833005] CPU0 CPU1 [ 32.837636] ---- ---- [ 32.842268] lock(ashmem_mutex); [ 32.845917] lock(&mm->mmap_sem); [ 32.852176] lock(ashmem_mutex); [ 32.858343] lock(&mm->mmap_sem); [ 32.862078] [ 32.862078] *** DEADLOCK *** [ 32.862078] [ 32.868104] 1 lock held by syz-executor0/3807: [ 32.872661] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 32.881701] [ 32.881701] stack backtrace: [ 32.886165] CPU: 1 PID: 3807 Comm: syz-executor0 Not tainted 4.4.120-gd63fdf6 #29 [ 32.893750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.903075] 0000000000000000 4f38b698663f088c ffff8801d8d478a8 ffffffff81d0408d [ 32.911036] ffffffff8519fb00 ffffffff8519fb00 ffffffff851beb20 ffff8800bb9c50f8 [ 32.919006] ffff8800bb9c4800 ffff8801d8d478f0 ffffffff81233ba1 ffff8800bb9c50f8 [ 32.926975] Call Trace: [ 32.929530] [] dump_stack+0xc1/0x124 [ 32.934863] [] print_circular_bug+0x271/0x310 [ 32.940973] [] __lock_acquire+0x371f/0x4b50 [ 32.946912] [] ? avc_has_extended_perms+0xe2/0xf30 [ 32.953667] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 32.960649] [] ? mark_held_locks+0xaf/0x100 [ 32.966588] [] ? __lock_is_held+0xa1/0xf0 [ 32.972353] [] lock_acquire+0x15e/0x460 [ 32.977951] [] ? __might_fault+0xe4/0x1d0 [ 32.983717] [] __might_fault+0x14a/0x1d0 [ 32.989397] [] ? __might_fault+0xe4/0x1d0 [ 32.995165] [] ashmem_ioctl+0x3b4/0xfa0 [ 33.000757] [] ? selinux_file_ioctl+0x363/0x570 [ 33.007042] [] ? selinux_capable+0x30/0x30 [ 33.012895] [] ? ashmem_shrink_scan+0x390/0x390 [ 33.019183] [] ? vma_set_page_prot+0x10b/0x150 [ 33.025381] [] ? exit_robust_list+0x240/0x240 [ 33.031495] [] compat_ashmem_ioctl+0x3e/0x50 [ 33.037520] [] compat_SyS_ioctl+0x28a/0x2540 [ 33.043549] [] ? vm_mmap_pgoff+0x180/0x1c0 [ 33.049401] [] ? ashmem_ioctl+0xfa0/0xfa0 [ 33.055178] [] ? compat_SyS_ppoll+0x420/0x420 [ 33.061291] [] ? vm_mmap_pgoff+0xdf/0x1c0 [ 33.067058] [] ? compat_SyS_futex+0x1f9/0x2a0 [ 33.073181] [] ? compat_SyS_get_robust_list+0x300/0x300 [ 33.080164] [