Starting mcstransd: [ 20.544866] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 25.048765] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available) [ 25.422882] random: sshd: uninitialized urandom read (32 bytes read, 40 bits of entropy available) [ 26.354388] random: nonblocking pool is initialized Warning: Permanently added '10.128.0.51' (ECDSA) to the list of known hosts. 2018/03/05 07:30:30 parsed 1 programs 2018/03/05 07:30:30 executed programs: 0 [ 32.388678] IPVS: Creating netns size=2552 id=1 [ 32.421818] [ 32.423481] ====================================================== [ 32.429778] [ INFO: possible circular locking dependency detected ] [ 32.436151] 4.4.119-g855ea74 #28 Not tainted [ 32.440525] ------------------------------------------------------- [ 32.446898] syz-executor0/3800 is trying to acquire lock: [ 32.452399] (&mm->mmap_sem){++++++}, at: [] __might_fault+0xe4/0x1d0 [ 32.460987] [ 32.460987] but task is already holding lock: [ 32.466927] (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 32.475423] [ 32.475423] which lock already depends on the new lock. [ 32.475423] [ 32.483704] [ 32.483704] the existing dependency chain (in reverse order) is: [ 32.491292] -> #1 (ashmem_mutex){+.+.+.}: [ 32.496052] [] lock_acquire+0x15e/0x460 [ 32.502286] [] mutex_lock_nested+0xbb/0x850 [ 32.508871] [] ashmem_mmap+0x53/0x400 [ 32.514928] [] mmap_region+0x94f/0x1250 [ 32.521158] [] do_mmap+0x4fd/0x9d0 [ 32.526954] [] vm_mmap_pgoff+0x16e/0x1c0 [ 32.533276] [] SyS_mmap_pgoff+0x33f/0x560 [ 32.539680] [] do_fast_syscall_32+0x321/0x8a0 [ 32.546443] [] sysenter_flags_fixed+0xd/0x17 [ 32.553116] -> #0 (&mm->mmap_sem){++++++}: [ 32.557971] [] __lock_acquire+0x371f/0x4b50 [ 32.564548] [] lock_acquire+0x15e/0x460 [ 32.570778] [] __might_fault+0x14a/0x1d0 [ 32.577098] [] ashmem_ioctl+0x3b4/0xfa0 [ 32.583336] [] compat_ashmem_ioctl+0x3e/0x50 [ 32.590003] [] compat_SyS_ioctl+0x28a/0x2540 [ 32.596673] [] do_fast_syscall_32+0x321/0x8a0 [ 32.603424] [] sysenter_flags_fixed+0xd/0x17 [ 32.610097] [ 32.610097] other info that might help us debug this: [ 32.610097] [ 32.618209] Possible unsafe locking scenario: [ 32.618209] [ 32.624246] CPU0 CPU1 [ 32.628881] ---- ---- [ 32.633517] lock(ashmem_mutex); [ 32.638327] lock(&mm->mmap_sem); [ 32.644581] lock(ashmem_mutex); [ 32.650746] lock(&mm->mmap_sem); [ 32.654486] [ 32.654486] *** DEADLOCK *** [ 32.654486] [ 32.660515] 1 lock held by syz-executor0/3800: [ 32.665060] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 32.674094] [ 32.674094] stack backtrace: [ 32.678559] CPU: 1 PID: 3800 Comm: syz-executor0 Not tainted 4.4.119-g855ea74 #28 [ 32.686147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.695473] 0000000000000000 b9e3092881e2448c ffff8800aca978a8 ffffffff81d0402d [ 32.703439] ffffffff851a0010 ffffffff851a0010 ffffffff851bf1e0 ffff8800bba808f8 [ 32.711409] ffff8800bba80000 ffff8800aca978f0 ffffffff81233ba1 ffff8800bba808f8 [ 32.719374] Call Trace: [ 32.721934] [] dump_stack+0xc1/0x124 [ 32.727265] [] print_circular_bug+0x271/0x310 [ 32.733379] [] __lock_acquire+0x371f/0x4b50 [ 32.739318] [] ? avc_has_extended_perms+0xe2/0xf30 [ 32.745865] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 32.752848] [] ? mark_held_locks+0xaf/0x100 [ 32.758785] [] ? __lock_is_held+0xa1/0xf0 [ 32.764550] [] lock_acquire+0x15e/0x460 [ 32.770144] [] ? __might_fault+0xe4/0x1d0 [ 32.775909] [] __might_fault+0x14a/0x1d0 [ 32.781585] [] ? __might_fault+0xe4/0x1d0 [ 32.787352] [] ashmem_ioctl+0x3b4/0xfa0 [ 32.792943] [] ? selinux_file_ioctl+0x363/0x570 [ 32.799231] [] ? selinux_capable+0x30/0x30 [ 32.805083] [] ? ashmem_shrink_scan+0x390/0x390 [ 32.811374] [] ? vma_set_page_prot+0x10b/0x150 [ 32.817575] [] ? exit_robust_list+0x240/0x240 [ 32.823697] [] compat_ashmem_ioctl+0x3e/0x50 [ 32.829725] [] compat_SyS_ioctl+0x28a/0x2540 [ 32.835752] [] ? vm_mmap_pgoff+0x180/0x1c0 [ 32.841603] [] ? ashmem_ioctl+0xfa0/0xfa0 [ 32.847367] [] ? compat_SyS_ppoll+0x420/0x420 [ 32.853482] [] ? vm_mmap_pgoff+0xdf/0x1c0 [ 32.859262] [] ? compat_SyS_futex+0x1f9/0x2a0 [ 32.865381] [] ? compat_SyS_get_robust_list+0x300/0x300 [ 32.872366] [<