[   20.824344] random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available)
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.
[   21.825575] random: sshd: uninitialized urandom read (32 bytes read, 35 bits of entropy available)

[   22.094764] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available)
Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   23.138120] random: sshd: uninitialized urandom read (32 bytes read, 117 bits of entropy available)
[   23.319383] random: sshd: uninitialized urandom read (32 bytes read, 123 bits of entropy available)
Warning: Permanently added '10.128.0.14' (ECDSA) to the list of known hosts.
[   28.710941] random: nonblocking pool is initialized
executing program
[   28.815092] 
[   28.816747] ======================================================
[   28.823029] [ INFO: possible circular locking dependency detected ]
[   28.829398] 4.4.120-gd63fdf6 #28 Not tainted
[   28.833769] -------------------------------------------------------
[   28.840138] syzkaller904115/3784 is trying to acquire lock:
[   28.846220]  (&mm->mmap_sem){++++++}, at: [<ffffffff81495684>] __might_fault+0xe4/0x1d0
[   28.854802] 
[   28.854802] but task is already holding lock:
[   28.860747]  (ashmem_mutex){+.+.+.}, at: [<ffffffff82c628a7>] ashmem_ioctl+0x367/0xfa0
[   28.869233] 
[   28.869233] which lock already depends on the new lock.
[   28.869233] 
[   28.877522] 
[   28.877522] the existing dependency chain (in reverse order) is:
[   28.885105] 
-> #1 (ashmem_mutex){+.+.+.}:
[   28.889846]        [<ffffffff8123d7ce>] lock_acquire+0x15e/0x460
[   28.896080]        [<ffffffff8376a39b>] mutex_lock_nested+0xbb/0x850
[   28.902653]        [<ffffffff82c61463>] ashmem_mmap+0x53/0x400
[   28.908705]        [<ffffffff814b0e4f>] mmap_region+0x94f/0x1250
[   28.914930]        [<ffffffff814b1c4d>] do_mmap+0x4fd/0x9d0
[   28.920718]        [<ffffffff814700ce>] vm_mmap_pgoff+0x16e/0x1c0
[   28.927029]        [<ffffffff814afe1f>] SyS_mmap_pgoff+0x33f/0x560
[   28.933428]        [<ffffffff8101beb6>] SyS_mmap+0x16/0x20
[   28.939135]        [<ffffffff8377395f>] entry_SYSCALL_64_fastpath+0x1c/0x98
[   28.946315] 
-> #0 (&mm->mmap_sem){++++++}:
[   28.951150]        [<ffffffff8123ab2f>] __lock_acquire+0x371f/0x4b50
[   28.957720]        [<ffffffff8123d7ce>] lock_acquire+0x15e/0x460
[   28.963944]        [<ffffffff814956ea>] __might_fault+0x14a/0x1d0
[   28.970253]        [<ffffffff82c628f4>] ashmem_ioctl+0x3b4/0xfa0
[   28.976480]        [<ffffffff81559daa>] do_vfs_ioctl+0x7aa/0xee0
[   28.982709]        [<ffffffff8155a56f>] SyS_ioctl+0x8f/0xc0
[   28.988497]        [<ffffffff8377395f>] entry_SYSCALL_64_fastpath+0x1c/0x98
[   28.995677] 
[   28.995677] other info that might help us debug this:
[   28.995677] 
[   29.003785]  Possible unsafe locking scenario:
[   29.003785] 
[   29.009812]        CPU0                    CPU1
[   29.014444]        ----                    ----
[   29.019079]   lock(ashmem_mutex);
[   29.022726]                                lock(&mm->mmap_sem);
[   29.028974]                                lock(ashmem_mutex);
[   29.035148]   lock(&mm->mmap_sem);
[   29.038881] 
[   29.038881]  *** DEADLOCK ***
[   29.038881] 
[   29.044905] 1 lock held by syzkaller904115/3784:
[   29.049630]  #0:  (ashmem_mutex){+.+.+.}, at: [<ffffffff82c628a7>] ashmem_ioctl+0x367/0xfa0
[   29.058663] 
[   29.058663] stack backtrace:
[   29.063126] CPU: 0 PID: 3784 Comm: syzkaller904115 Not tainted 4.4.120-gd63fdf6 #28
[   29.070885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   29.080205]  0000000000000000 a8b1fe7935ccc8fb ffff8801c45279b8 ffffffff81d0408d
[   29.088166]  ffffffff851a0010 ffffffff851a0010 ffffffff851bdf50 ffff8801c4f5e8f8
[   29.096126]  ffff8801c4f5e000 ffff8801c4527a00 ffffffff81233ba1 ffff8801c4f5e8f8
[   29.104084] Call Trace:
[   29.106639]  [<ffffffff81d0408d>] dump_stack+0xc1/0x124
[   29.111969]  [<ffffffff81233ba1>] print_circular_bug+0x271/0x310
[   29.118087]  [<ffffffff8123ab2f>] __lock_acquire+0x371f/0x4b50
[   29.124029]  [<ffffffff81237410>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   29.131007]  [<ffffffff812367ff>] ? mark_held_locks+0xaf/0x100
[   29.136946]  [<ffffffff81230151>] ? __lock_is_held+0xa1/0xf0
[   29.142711]  [<ffffffff8123d7ce>] lock_acquire+0x15e/0x460
[   29.148300]  [<ffffffff81495684>] ? __might_fault+0xe4/0x1d0
[   29.154064]  [<ffffffff814956ea>] __might_fault+0x14a/0x1d0
[   29.159738]  [<ffffffff81495684>] ? __might_fault+0xe4/0x1d0
[   29.165500]  [<ffffffff82c628f4>] ashmem_ioctl+0x3b4/0xfa0
[   29.171087]  [<ffffffff814b08f9>] ? mmap_region+0x3f9/0x1250
[   29.176849]  [<ffffffff82c62540>] ? ashmem_shrink_scan+0x390/0x390
[   29.183134]  [<ffffffff814700e0>] ? vm_mmap_pgoff+0x180/0x1c0
[   29.188983]  [<ffffffff82c62540>] ? ashmem_shrink_scan+0x390/0x390
[   29.195266]  [<ffffffff81559daa>] do_vfs_ioctl+0x7aa/0xee0
[   29.200854]  [<ffffffff81559600>] ? ioctl_preallocate+0x1f0/0x1f0
[   29.207054]  [<ffffffff815232a0>] ? fput+0x20/0x150
[   29.212036]  [<ffffffff814afbb8>] ? SyS_mmap_pgoff+0xd8