[   20.068919] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available)
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   24.817303] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available)
[   25.302339] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available)
[   26.266687] random: sshd: uninitialized urandom read (32 bytes read, 115 bits of entropy available)
[   26.439590] random: sshd: uninitialized urandom read (32 bytes read, 119 bits of entropy available)
Warning: Permanently added '10.128.0.57' (ECDSA) to the list of known hosts.
[   31.820387] random: sshd: uninitialized urandom read (32 bytes read, 126 bits of entropy available)
executing program
[   31.918242] 
[   31.919880] ======================================================
[   31.926163] [ INFO: possible circular locking dependency detected ]
[   31.932543] 4.4.118-g5f7f76a #25 Not tainted
[   31.936915] -------------------------------------------------------
[   31.943294] syzkaller701704/3774 is trying to acquire lock:
[   31.948975]  (&mm->mmap_sem){++++++}, at: [<ffffffff81495644>] __might_fault+0xe4/0x1d0
[   31.957567] 
[   31.957567] but task is already holding lock:
[   31.963510]  (ashmem_mutex){+.+.+.}, at: [<ffffffff82c627f7>] ashmem_ioctl+0x367/0xfa0
[   31.972000] 
[   31.972000] which lock already depends on the new lock.
[   31.972000] 
[   31.980284] 
[   31.980284] the existing dependency chain (in reverse order) is:
[   31.987871] 
-> #1 (ashmem_mutex){+.+.+.}:
[   31.992626]        [<ffffffff8123d7ce>] lock_acquire+0x15e/0x460
[   31.998854]        [<ffffffff8376948b>] mutex_lock_nested+0xbb/0x850
[   32.005432]        [<ffffffff82c613b3>] ashmem_mmap+0x53/0x400
[   32.011495]        [<ffffffff814b0e0f>] mmap_region+0x94f/0x1250
[   32.017723]        [<ffffffff814b1c0d>] do_mmap+0x4fd/0x9d0
[   32.023514]        [<ffffffff8147008e>] vm_mmap_pgoff+0x16e/0x1c0
[   32.029832]        [<ffffffff814afddf>] SyS_mmap_pgoff+0x33f/0x560
[   32.036238]        [<ffffffff81006d91>] do_fast_syscall_32+0x321/0x8a0
[   32.042990]        [<ffffffff837743ea>] sysenter_flags_fixed+0xd/0x17
[   32.049655] 
-> #0 (&mm->mmap_sem){++++++}:
[   32.054497]        [<ffffffff8123ab2f>] __lock_acquire+0x371f/0x4b50
[   32.061073]        [<ffffffff8123d7ce>] lock_acquire+0x15e/0x460
[   32.067301]        [<ffffffff814956aa>] __might_fault+0x14a/0x1d0
[   32.073625]        [<ffffffff82c62844>] ashmem_ioctl+0x3b4/0xfa0
[   32.079849]        [<ffffffff82c6346e>] compat_ashmem_ioctl+0x3e/0x50
[   32.086510]        [<ffffffff8161e57a>] compat_SyS_ioctl+0x28a/0x2540
[   32.093171]        [<ffffffff81006d91>] do_fast_syscall_32+0x321/0x8a0
[   32.099921]        [<ffffffff837743ea>] sysenter_flags_fixed+0xd/0x17
[   32.106586] 
[   32.106586] other info that might help us debug this:
[   32.106586] 
[   32.114695]  Possible unsafe locking scenario:
[   32.114695] 
[   32.120717]        CPU0                    CPU1
[   32.125349]        ----                    ----
[   32.129980]   lock(ashmem_mutex);
[   32.133639]                                lock(&mm->mmap_sem);
[   32.139899]                                lock(ashmem_mutex);
[   32.146063]   lock(&mm->mmap_sem);
[   32.149804] 
[   32.149804]  *** DEADLOCK ***
[   32.149804] 
[   32.155831] 1 lock held by syzkaller701704/3774:
[   32.160550]  #0:  (ashmem_mutex){+.+.+.}, at: [<ffffffff82c627f7>] ashmem_ioctl+0x367/0xfa0
[   32.169594] 
[   32.169594] stack backtrace:
[   32.174059] CPU: 0 PID: 3774 Comm: syzkaller701704 Not tainted 4.4.118-g5f7f76a #25
[   32.181819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   32.191144]  0000000000000000 701b6de7ff0dd68c ffff8801d8ef78a8 ffffffff81d0402d
[   32.199111]  ffffffff851a0010 ffffffff851a0010 ffffffff851bdbf0 ffff8800b611a0f8
[   32.207084]  ffff8800b6119800 ffff8801d8ef78f0 ffffffff81233ba1 ffff8800b611a0f8
[   32.215056] Call Trace:
[   32.217615]  [<ffffffff81d0402d>] dump_stack+0xc1/0x124
[   32.222954]  [<ffffffff81233ba1>] print_circular_bug+0x271/0x310
[   32.229074]  [<ffffffff8123ab2f>] __lock_acquire+0x371f/0x4b50
[   32.235021]  [<ffffffff81b4b4c2>] ? avc_has_extended_perms+0xe2/0xf30
[   32.241570]  [<ffffffff81237410>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   32.248550]  [<ffffffff812367ff>] ? mark_held_locks+0xaf/0x100
[   32.254489]  [<ffffffff81230151>] ? __lock_is_held+0xa1/0xf0
[   32.260252]  [<ffffffff8123d7ce>] lock_acquire+0x15e/0x460
[   32.265850]  [<ffffffff81495644>] ? __might_fault+0xe4/0x1d0
[   32.271618]  [<ffffffff814956aa>] __might_fault+0x14a/0x1d0
[   32.277380]  [<ffffffff81495644>] ? __might_fault+0xe4/0x1d0
[   32.283144]  [<ffffffff82c62844>] ashmem_ioctl+0x3b4/0xfa0
[   32.288736]  [<ffffffff81b5bea3>] ? selinux_file_ioctl+0x363/0x570
[   32.295022]  [<ffffffff814ab494>] ? vma_link+0xe4/0x170
[   32.300359]  [<ffffffff81b5bb40>] ? selinux_capable+0x30/0x30
[   32.306208]  [<ffffffff82c62490>] ? ashmem_shrink_scan+0x390/0x390
[   32.312496]  [<ffffffff814b047b>] ? vma_set_page_prot+0x10b/0x150
[   32.318697]  [<ffffffff814b08b9>] ? mmap_region+0x3f9/0x1250
[   32.324471]  [<ffffffff82c6346e>] compat_ashmem_ioctl+0x3e/0x50
[   32.330501]  [<ffffffff8161e57a>] compat_SyS_ioctl+0x28a/0x2540
[   32.336525]  [<ffffffff814700a0>] ? vm_mmap_pgoff+0x180/0x1c0
[   32.342377]  [<ffffffff82c63430>] ? ashmem_ioctl+0xfa0/0xfa0
[   32.348148]  [<ffffffff8161e2f0>] ? compat_SyS_ppoll+0x420/0x420
[   32.354262]  [<ffffffff8146ffff>] ? vm_mmap_pgoff+0xdf/0x1c0
[   32.360026]  [<ffffffff8146ff20>] ? vma_is_stack_for_task+0xa0/0xa0
[   32.366407]  [<ffffffff81523260>] ? fput