Starting mcstransd: [ 21.381247] random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 26.176271] random: sshd: uninitialized urandom read (32 bytes read, 38 bits of entropy available) [ 26.645990] random: sshd: uninitialized urandom read (32 bytes read, 40 bits of entropy available) [ 27.622183] random: nonblocking pool is initialized Warning: Permanently added '10.128.0.63' (ECDSA) to the list of known hosts. 2018/03/24 17:45:53 parsed 1 programs 2018/03/24 17:45:53 executed programs: 0 [ 33.604474] IPVS: Creating netns size=2552 id=1 [ 33.635803] [ 33.637437] ====================================================== [ 33.643720] [ INFO: possible circular locking dependency detected ] [ 33.650104] 4.4.120-gd63fdf6 #29 Not tainted [ 33.654478] ------------------------------------------------------- [ 33.660850] syz-executor0/3810 is trying to acquire lock: [ 33.666352] (&mm->mmap_sem){++++++}, at: [] __might_fault+0xe4/0x1d0 [ 33.674961] [ 33.674961] but task is already holding lock: [ 33.680898] (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 33.689400] [ 33.689400] which lock already depends on the new lock. [ 33.689400] [ 33.697685] [ 33.697685] the existing dependency chain (in reverse order) is: [ 33.705276] -> #1 (ashmem_mutex){+.+.+.}: [ 33.710027] [] lock_acquire+0x15e/0x460 [ 33.716299] [] mutex_lock_nested+0xbb/0x850 [ 33.722888] [] ashmem_mmap+0x53/0x400 [ 33.728943] [] mmap_region+0x94f/0x1250 [ 33.735172] [] do_mmap+0x4fd/0x9d0 [ 33.740966] [] vm_mmap_pgoff+0x16e/0x1c0 [ 33.747284] [] SyS_mmap_pgoff+0x33f/0x560 [ 33.753688] [] do_fast_syscall_32+0x321/0x8a0 [ 33.760450] [] sysenter_flags_fixed+0xd/0x17 [ 33.767117] -> #0 (&mm->mmap_sem){++++++}: [ 33.771960] [] __lock_acquire+0x371f/0x4b50 [ 33.778537] [] lock_acquire+0x15e/0x460 [ 33.784775] [] __might_fault+0x14a/0x1d0 [ 33.791095] [] ashmem_ioctl+0x3b4/0xfa0 [ 33.797325] [] compat_ashmem_ioctl+0x3e/0x50 [ 33.803990] [] compat_SyS_ioctl+0x28a/0x2540 [ 33.810655] [] do_fast_syscall_32+0x321/0x8a0 [ 33.817405] [] sysenter_flags_fixed+0xd/0x17 [ 33.824074] [ 33.824074] other info that might help us debug this: [ 33.824074] [ 33.832191] Possible unsafe locking scenario: [ 33.832191] [ 33.838218] CPU0 CPU1 [ 33.842853] ---- ---- [ 33.847488] lock(ashmem_mutex); [ 33.851143] lock(&mm->mmap_sem); [ 33.857397] lock(ashmem_mutex); [ 33.863563] lock(&mm->mmap_sem); [ 33.867310] [ 33.867310] *** DEADLOCK *** [ 33.867310] [ 33.873345] 1 lock held by syz-executor0/3810: [ 33.877894] #0: (ashmem_mutex){+.+.+.}, at: [] ashmem_ioctl+0x367/0xfa0 [ 33.886954] [ 33.886954] stack backtrace: [ 33.891428] CPU: 1 PID: 3810 Comm: syz-executor0 Not tainted 4.4.120-gd63fdf6 #29 [ 33.899017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.908342] 0000000000000000 f0f15e4346d09ae4 ffff8801c46ef8a8 ffffffff81d0408d [ 33.916318] ffffffff8519fe60 ffffffff8519fe60 ffffffff851bf1e0 ffff8801c408d0f8 [ 33.924292] ffff8801c408c800 ffff8801c46ef8f0 ffffffff81233ba1 ffff8801c408d0f8 [ 33.932266] Call Trace: [ 33.934828] [] dump_stack+0xc1/0x124 [ 33.940160] [] print_circular_bug+0x271/0x310 [ 33.946276] [] __lock_acquire+0x371f/0x4b50 [ 33.952219] [] ? avc_has_extended_perms+0xe2/0xf30 [ 33.958774] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 33.965767] [] ? mark_held_locks+0xaf/0x100 [ 33.971722] [] ? __lock_is_held+0xa1/0xf0 [ 33.977490] [] lock_acquire+0x15e/0x460 [ 33.983083] [] ? __might_fault+0xe4/0x1d0 [ 33.988848] [] __might_fault+0x14a/0x1d0 [ 33.994529] [] ? __might_fault+0xe4/0x1d0 [ 34.000305] [] ashmem_ioctl+0x3b4/0xfa0 [ 34.005899] [] ? selinux_file_ioctl+0x363/0x570 [ 34.012190] [] ? selinux_capable+0x30/0x30 [ 34.018042] [] ? ashmem_shrink_scan+0x390/0x390 [ 34.024337] [] ? vma_set_page_prot+0x10b/0x150 [ 34.030539] [] ? exit_robust_list+0x240/0x240 [ 34.036668] [] compat_ashmem_ioctl+0x3e/0x50 [ 34.042697] [] compat_SyS_ioctl+0x28a/0x2540 [ 34.048744] [] ? vm_mmap_pgoff+0x180/0x1c0 [ 34.054607] [] ? ashmem_ioctl+0xfa0/0xfa0 [ 34.060386] [] ? compat_SyS_ppoll+0x420/0x420 [ 34.066505] [] ? vm_mmap_pgoff+0xdf/0x1c0 [ 34.072276] [] ? compat_SyS_futex+0x1f9/0x2a0 [ 34.078393] [] ? compat_SyS_get_robust_list+0x300/0x300 [ 34.085376] [