[   21.140997] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available)
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   25.199355] random: sshd: uninitialized urandom read (32 bytes read, 38 bits of entropy available)
[   25.668189] random: sshd: uninitialized urandom read (32 bytes read, 38 bits of entropy available)
[   26.601105] random: sshd: uninitialized urandom read (32 bytes read, 105 bits of entropy available)
[   26.787214] random: sshd: uninitialized urandom read (32 bytes read, 110 bits of entropy available)
Warning: Permanently added '10.128.15.196' (ECDSA) to the list of known hosts.
[   32.192086] random: sshd: uninitialized urandom read (32 bytes read, 118 bits of entropy available)
executing program
[   32.295776] 
[   32.297423] ======================================================
[   32.303709] [ INFO: possible circular locking dependency detected ]
[   32.310081] 4.4.118-g5f7f76a #24 Not tainted
[   32.314454] -------------------------------------------------------
[   32.320831] syzkaller815429/3792 is trying to acquire lock:
[   32.326508]  (&mm->mmap_sem){++++++}, at: [<ffffffff81495644>] __might_fault+0xe4/0x1d0
[   32.335096] 
[   32.335096] but task is already holding lock:
[   32.341033]  (ashmem_mutex){+.+.+.}, at: [<ffffffff82c627f7>] ashmem_ioctl+0x367/0xfa0
[   32.349531] 
[   32.349531] which lock already depends on the new lock.
[   32.349531] 
[   32.357814] 
[   32.357814] the existing dependency chain (in reverse order) is:
[   32.365400] 
-> #1 (ashmem_mutex){+.+.+.}:
[   32.370155]        [<ffffffff8123d7ce>] lock_acquire+0x15e/0x460
[   32.376398]        [<ffffffff8376948b>] mutex_lock_nested+0xbb/0x850
[   32.382976]        [<ffffffff82c613b3>] ashmem_mmap+0x53/0x400
[   32.389034]        [<ffffffff814b0e0f>] mmap_region+0x94f/0x1250
[   32.395265]        [<ffffffff814b1c0d>] do_mmap+0x4fd/0x9d0
[   32.401057]        [<ffffffff8147008e>] vm_mmap_pgoff+0x16e/0x1c0
[   32.407373]        [<ffffffff814afddf>] SyS_mmap_pgoff+0x33f/0x560
[   32.413775]        [<ffffffff8101beb6>] SyS_mmap+0x16/0x20
[   32.419485]        [<ffffffff83772a5f>] entry_SYSCALL_64_fastpath+0x1c/0x98
[   32.426668] 
-> #0 (&mm->mmap_sem){++++++}:
[   32.431509]        [<ffffffff8123ab2f>] __lock_acquire+0x371f/0x4b50
[   32.438084]        [<ffffffff8123d7ce>] lock_acquire+0x15e/0x460
[   32.444312]        [<ffffffff814956aa>] __might_fault+0x14a/0x1d0
[   32.450806]        [<ffffffff82c62844>] ashmem_ioctl+0x3b4/0xfa0
[   32.457050]        [<ffffffff81559d4a>] do_vfs_ioctl+0x7aa/0xee0
[   32.463279]        [<ffffffff8155a50f>] SyS_ioctl+0x8f/0xc0
[   32.469074]        [<ffffffff83772a5f>] entry_SYSCALL_64_fastpath+0x1c/0x98
[   32.476260] 
[   32.476260] other info that might help us debug this:
[   32.476260] 
[   32.484367]  Possible unsafe locking scenario:
[   32.484367] 
[   32.490401]        CPU0                    CPU1
[   32.495036]        ----                    ----
[   32.499669]   lock(ashmem_mutex);
[   32.503321]                                lock(&mm->mmap_sem);
[   32.509574]                                lock(ashmem_mutex);
[   32.515741]   lock(&mm->mmap_sem);
[   32.519490] 
[   32.519490]  *** DEADLOCK ***
[   32.519490] 
[   32.525515] 1 lock held by syzkaller815429/3792:
[   32.530232]  #0:  (ashmem_mutex){+.+.+.}, at: [<ffffffff82c627f7>] ashmem_ioctl+0x367/0xfa0
[   32.539276] 
[   32.539276] stack backtrace:
[   32.543740] CPU: 0 PID: 3792 Comm: syzkaller815429 Not tainted 4.4.118-g5f7f76a #24
[   32.551509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   32.560832]  0000000000000000 a336f7fc926736a2 ffff8800bac079b8 ffffffff81d0402d
[   32.568800]  ffffffff851a0010 ffffffff851a0010 ffffffff851be610 ffff8801c508a0f8
[   32.576774]  ffff8801c5089800 ffff8800bac07a00 ffffffff81233ba1 ffff8801c508a0f8
[   32.584740] Call Trace:
[   32.587297]  [<ffffffff81d0402d>] dump_stack+0xc1/0x124
[   32.592636]  [<ffffffff81233ba1>] print_circular_bug+0x271/0x310
[   32.598748]  [<ffffffff8123ab2f>] __lock_acquire+0x371f/0x4b50
[   32.604685]  [<ffffffff81237410>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   32.611667]  [<ffffffff812367ff>] ? mark_held_locks+0xaf/0x100
[   32.617606]  [<ffffffff81230151>] ? __lock_is_held+0xa1/0xf0
[   32.623376]  [<ffffffff8123d7ce>] lock_acquire+0x15e/0x460
[   32.628969]  [<ffffffff81495644>] ? __might_fault+0xe4/0x1d0
[   32.634734]  [<ffffffff814956aa>] __might_fault+0x14a/0x1d0
[   32.640413]  [<ffffffff81495644>] ? __might_fault+0xe4/0x1d0
[   32.646177]  [<ffffffff82c62844>] ashmem_ioctl+0x3b4/0xfa0
[   32.651768]  [<ffffffff814b08b9>] ? mmap_region+0x3f9/0x1250
[   32.657534]  [<ffffffff82c62490>] ? ashmem_shrink_scan+0x390/0x390
[   32.663821]  [<ffffffff814700a0>] ? vm_mmap_pgoff+0x180/0x1c0
[   32.669696]  [<ffffffff82c62490>] ? ashmem_shrink_scan+0x390/0x390
[   32.675983]  [<ffffffff81559d4a>] do_vfs_ioctl+0x7aa/0xee0
[   32.681572]  [<ffffffff815595a0>] ? ioctl_preallocate+0x1f0/0x1f0
[   32.687783]  [<ffffffff81523260>] ? fput+0x20/0x150
[   32.692768]  [<ffffffff814afb78>] ? SyS_mmap_pgoff+0