[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   19.228089] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available)
[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0
[   20.411408] random: sshd: uninitialized urandom read (32 bytes read, 35 bits of entropy available)

syzkaller login: [   20.748221] random: sshd: uninitialized urandom read (32 bytes read, 35 bits of entropy available)
[   21.683702] random: sshd: uninitialized urandom read (32 bytes read, 105 bits of entropy available)
[   21.854380] random: sshd: uninitialized urandom read (32 bytes read, 109 bits of entropy available)
Warning: Permanently added '10.128.0.36' (ECDSA) to the list of known hosts.
[   27.268915] random: sshd: uninitialized urandom read (32 bytes read, 118 bits of entropy available)
executing program
[   27.366018] 
[   27.367663] ======================================================
[   27.373951] [ INFO: possible circular locking dependency detected ]
[   27.380321] 4.4.120-gd63fdf6 #28 Not tainted
[   27.384691] -------------------------------------------------------
[   27.391059] syzkaller812725/3645 is trying to acquire lock:
[   27.396731]  (&mm->mmap_sem){++++++}, at: [<ffffffff81495684>] __might_fault+0xe4/0x1d0
[   27.405303] 
[   27.405303] but task is already holding lock:
[   27.411237]  (ashmem_mutex){+.+.+.}, at: [<ffffffff82c628a7>] ashmem_ioctl+0x367/0xfa0
[   27.419718] 
[   27.419718] which lock already depends on the new lock.
[   27.419718] 
[   27.427999] 
[   27.427999] the existing dependency chain (in reverse order) is:
[   27.435582] 
-> #1 (ashmem_mutex){+.+.+.}:
[   27.440324]        [<ffffffff8123d7ce>] lock_acquire+0x15e/0x460
[   27.446548]        [<ffffffff8376a39b>] mutex_lock_nested+0xbb/0x850
[   27.453124]        [<ffffffff82c61463>] ashmem_mmap+0x53/0x400
[   27.459175]        [<ffffffff814b0e4f>] mmap_region+0x94f/0x1250
[   27.465402]        [<ffffffff814b1c4d>] do_mmap+0x4fd/0x9d0
[   27.471193]        [<ffffffff814700ce>] vm_mmap_pgoff+0x16e/0x1c0
[   27.477512]        [<ffffffff814afe1f>] SyS_mmap_pgoff+0x33f/0x560
[   27.483918]        [<ffffffff8101beb6>] SyS_mmap+0x16/0x20
[   27.489621]        [<ffffffff8377395f>] entry_SYSCALL_64_fastpath+0x1c/0x98
[   27.496803] 
-> #0 (&mm->mmap_sem){++++++}:
[   27.501631]        [<ffffffff8123ab2f>] __lock_acquire+0x371f/0x4b50
[   27.508203]        [<ffffffff8123d7ce>] lock_acquire+0x15e/0x460
[   27.514444]        [<ffffffff814956ea>] __might_fault+0x14a/0x1d0
[   27.520754]        [<ffffffff82c628f4>] ashmem_ioctl+0x3b4/0xfa0
[   27.526980]        [<ffffffff81559daa>] do_vfs_ioctl+0x7aa/0xee0
[   27.533204]        [<ffffffff8155a56f>] SyS_ioctl+0x8f/0xc0
[   27.538997]        [<ffffffff8377395f>] entry_SYSCALL_64_fastpath+0x1c/0x98
[   27.546181] 
[   27.546181] other info that might help us debug this:
[   27.546181] 
[   27.554287]  Possible unsafe locking scenario:
[   27.554287] 
[   27.560310]        CPU0                    CPU1
[   27.564943]        ----                    ----
[   27.569575]   lock(ashmem_mutex);
[   27.573222]                                lock(&mm->mmap_sem);
[   27.579472]                                lock(ashmem_mutex);
[   27.585630]   lock(&mm->mmap_sem);
[   27.589364] 
[   27.589364]  *** DEADLOCK ***
[   27.589364] 
[   27.595391] 1 lock held by syzkaller812725/3645:
[   27.600108]  #0:  (ashmem_mutex){+.+.+.}, at: [<ffffffff82c628a7>] ashmem_ioctl+0x367/0xfa0
[   27.609146] 
[   27.609146] stack backtrace:
[   27.613608] CPU: 1 PID: 3645 Comm: syzkaller812725 Not tainted 4.4.120-gd63fdf6 #28
[   27.621368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.630688]  0000000000000000 2b6e861fe21cd542 ffff8800af03f9b8 ffffffff81d0408d
[   27.638644]  ffffffff8519fe60 ffffffff8519fe60 ffffffff851bdbf0 ffff8801ccc068f8
[   27.646602]  ffff8801ccc06000 ffff8800af03fa00 ffffffff81233ba1 ffff8801ccc068f8
[   27.654563] Call Trace:
[   27.657122]  [<ffffffff81d0408d>] dump_stack+0xc1/0x124
[   27.662459]  [<ffffffff81233ba1>] print_circular_bug+0x271/0x310
[   27.668571]  [<ffffffff8123ab2f>] __lock_acquire+0x371f/0x4b50
[   27.674508]  [<ffffffff81237410>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   27.681487]  [<ffffffff812367ff>] ? mark_held_locks+0xaf/0x100
[   27.687428]  [<ffffffff81230151>] ? __lock_is_held+0xa1/0xf0
[   27.693197]  [<ffffffff8123d7ce>] lock_acquire+0x15e/0x460
[   27.698788]  [<ffffffff81495684>] ? __might_fault+0xe4/0x1d0
[   27.704563]  [<ffffffff814956ea>] __might_fault+0x14a/0x1d0
[   27.710240]  [<ffffffff81495684>] ? __might_fault+0xe4/0x1d0
[   27.716002]  [<ffffffff82c628f4>] ashmem_ioctl+0x3b4/0xfa0
[   27.721597]  [<ffffffff814b08f9>] ? mmap_region+0x3f9/0x1250
[   27.727363]  [<ffffffff82c62540>] ? ashmem_shrink_scan+0x390/0x390
[   27.733657]  [<ffffffff814700e0>] ? vm_mmap_pgoff+0x180/0x1c0
[   27.739510]  [<ffffffff82c62540>] ? ashmem_shrink_scan+0x390/0x390
[   27.745797]  [<ffffffff81559daa>] do_vfs_ioctl+0x7aa/0xee0
[   27.751388]  [<ffffffff81559600>] ? ioctl_preallocate+0x1f0/0x1f0
[   27.757585]  [<ffffffff815232a0>] ? fput+0x20/0x150
[   27.762578]  [<ffffffff814afbb8>] ? SyS_mmap_pgoff+0xd8/0x5