[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   22.029770] random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available)
[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   25.719430] random: sshd: uninitialized urandom read (32 bytes read, 38 bits of entropy available)
[   26.201211] random: sshd: uninitialized urandom read (32 bytes read, 38 bits of entropy available)
[   27.162925] random: sshd: uninitialized urandom read (32 bytes read, 118 bits of entropy available)
[   27.346792] random: sshd: uninitialized urandom read (32 bytes read, 124 bits of entropy available)
[   31.478160] random: nonblocking pool is initialized
Warning: Permanently added '10.128.15.207' (ECDSA) to the list of known hosts.
executing program
[   32.832783] 
[   32.834447] ======================================================
[   32.840732] [ INFO: possible circular locking dependency detected ]
[   32.847130] 4.4.118-g5f7f76a #24 Not tainted
[   32.851504] -------------------------------------------------------
[   32.857876] syzkaller058820/3796 is trying to acquire lock:
[   32.863557]  (&mm->mmap_sem){++++++}, at: [<ffffffff81495644>] __might_fault+0xe4/0x1d0
[   32.872152] 
[   32.872152] but task is already holding lock:
[   32.878093]  (ashmem_mutex){+.+.+.}, at: [<ffffffff82c627f7>] ashmem_ioctl+0x367/0xfa0
[   32.886604] 
[   32.886604] which lock already depends on the new lock.
[   32.886604] 
[   32.894886] 
[   32.894886] the existing dependency chain (in reverse order) is:
[   32.902475] 
-> #1 (ashmem_mutex){+.+.+.}:
[   32.907238]        [<ffffffff8123d7ce>] lock_acquire+0x15e/0x460
[   32.913474]        [<ffffffff8376948b>] mutex_lock_nested+0xbb/0x850
[   32.920055]        [<ffffffff82c613b3>] ashmem_mmap+0x53/0x400
[   32.926109]        [<ffffffff814b0e0f>] mmap_region+0x94f/0x1250
[   32.932341]        [<ffffffff814b1c0d>] do_mmap+0x4fd/0x9d0
[   32.938134]        [<ffffffff8147008e>] vm_mmap_pgoff+0x16e/0x1c0
[   32.944452]        [<ffffffff814afddf>] SyS_mmap_pgoff+0x33f/0x560
[   32.950859]        [<ffffffff8101beb6>] SyS_mmap+0x16/0x20
[   32.956577]        [<ffffffff83772a5f>] entry_SYSCALL_64_fastpath+0x1c/0x98
[   32.963762] 
-> #0 (&mm->mmap_sem){++++++}:
[   32.968610]        [<ffffffff8123ab2f>] __lock_acquire+0x371f/0x4b50
[   32.975200]        [<ffffffff8123d7ce>] lock_acquire+0x15e/0x460
[   32.981435]        [<ffffffff814956aa>] __might_fault+0x14a/0x1d0
[   32.987753]        [<ffffffff82c62844>] ashmem_ioctl+0x3b4/0xfa0
[   32.993982]        [<ffffffff81559d4a>] do_vfs_ioctl+0x7aa/0xee0
[   33.000230]        [<ffffffff8155a50f>] SyS_ioctl+0x8f/0xc0
[   33.006038]        [<ffffffff83772a5f>] entry_SYSCALL_64_fastpath+0x1c/0x98
[   33.013234] 
[   33.013234] other info that might help us debug this:
[   33.013234] 
[   33.021357]  Possible unsafe locking scenario:
[   33.021357] 
[   33.027382]        CPU0                    CPU1
[   33.032019]        ----                    ----
[   33.036652]   lock(ashmem_mutex);
[   33.040301]                                lock(&mm->mmap_sem);
[   33.046552]                                lock(ashmem_mutex);
[   33.052732]   lock(&mm->mmap_sem);
[   33.056475] 
[   33.056475]  *** DEADLOCK ***
[   33.056475] 
[   33.062508] 1 lock held by syzkaller058820/3796:
[   33.067230]  #0:  (ashmem_mutex){+.+.+.}, at: [<ffffffff82c627f7>] ashmem_ioctl+0x367/0xfa0
[   33.076281] 
[   33.076281] stack backtrace:
[   33.080758] CPU: 1 PID: 3796 Comm: syzkaller058820 Not tainted 4.4.118-g5f7f76a #24
[   33.088523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   33.097848]  0000000000000000 8175c68a41d66ed2 ffff8800b76879b8 ffffffff81d0402d
[   33.105825]  ffffffff851a0010 ffffffff851a0010 ffffffff851be610 ffff8801c53d38f8
[   33.113812]  ffff8801c53d3000 ffff8800b7687a00 ffffffff81233ba1 ffff8801c53d38f8
[   33.121776] Call Trace:
[   33.124341]  [<ffffffff81d0402d>] dump_stack+0xc1/0x124
[   33.129674]  [<ffffffff81233ba1>] print_circular_bug+0x271/0x310
[   33.135833]  [<ffffffff8123ab2f>] __lock_acquire+0x371f/0x4b50
[   33.141776]  [<ffffffff81237410>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   33.148761]  [<ffffffff812367ff>] ? mark_held_locks+0xaf/0x100
[   33.154703]  [<ffffffff81230151>] ? __lock_is_held+0xa1/0xf0
[   33.160469]  [<ffffffff8123d7ce>] lock_acquire+0x15e/0x460
[   33.166069]  [<ffffffff81495644>] ? __might_fault+0xe4/0x1d0
[   33.171873]  [<ffffffff814956aa>] __might_fault+0x14a/0x1d0
[   33.177554]  [<ffffffff81495644>] ? __might_fault+0xe4/0x1d0
[   33.183329]  [<ffffffff82c62844>] ashmem_ioctl+0x3b4/0xfa0
[   33.188922]  [<ffffffff814b08b9>] ? mmap_region+0x3f9/0x1250
[   33.194690]  [<ffffffff82c62490>] ? ashmem_shrink_scan+0x390/0x390
[   33.200982]  [<ffffffff814700a0>] ? vm_mmap_pgoff+0x180/0x1c0
[   33.206937]  [<ffffffff82c62490>] ? ashmem_shrink_scan+0x390/0x390
[   33.213231]  [<ffffffff81559d4a>] do_vfs_ioctl+0x7aa/0xee0
[   33.218835]  [<ffffffff815595a0>] ? ioctl_preallocate+0x1f0/0x1f0
[   33.225148]  [<ffffffff81523260>] ? fput+0x20/0x150
[   33.230136]  [<ffffffff814afb78>] ? SyS_mmap_pg