Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   10.429293] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   14.689569] random: sshd: uninitialized urandom read (32 bytes read)
[   14.714609] random: crng init done
Warning: Permanently added '10.128.10.19' (ECDSA) to the list of known hosts.
executing program
[   21.439191] 
[   21.440851] ======================================================
[   21.447139] [ INFO: possible circular locking dependency detected ]
[   21.453515] 4.9.125+ #37 Not tainted
[   21.457199] -------------------------------------------------------
[   21.463572] syz-executor633/2049 is trying to acquire lock:
[   21.469249]  (&sb->s_type->i_mutex_key#11){++++++}, at: [<ffffffff81448fdc>] shmem_fallocate+0x13c/0xb10

[   21.479324] but task is already holding lock:
[   21.483960]  (ashmem_mutex){+.+.+.}, at: [<ffffffff82175dd5>] ashmem_shrink_scan+0x55/0x3a0

[   21.492777] which lock already depends on the new lock.
[   21.492777] 
[   21.499761] 
[   21.499761] the existing dependency chain (in reverse order) is:
[   21.507351] 
-> #2 (ashmem_mutex){+.+.+.}:
[   21.512118]        lock_acquire+0x130/0x3e0
[   21.516416]        mutex_lock_nested+0xc0/0x870
[   21.521056]        ashmem_mmap+0x53/0x3f0
[   21.525178]        mmap_region+0x80c/0xf90
[   21.529386]        do_mmap+0x53d/0xbb0
[   21.533247]        vm_mmap_pgoff+0x168/0x1b0
[   21.537628]        SyS_mmap_pgoff+0xfe/0x1b0
[   21.542008]        SyS_mmap+0x16/0x20
[   21.545782]        do_syscall_64+0x19f/0x480
[   21.550167]        entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   21.555761] 
-> #1 (&mm->mmap_sem){++++++}:
[   21.560626]        lock_acquire+0x130/0x3e0
[   21.565033]        __might_fault+0x14a/0x1d0
[   21.569416]        filldir+0x192/0x350
[   21.573278]        dcache_readdir+0x130/0x5a0
[   21.577744]        iterate_dir+0x1ac/0x600
[   21.581953]        SyS_getdents+0x146/0x2a0
[   21.586247]        do_syscall_64+0x19f/0x480
[   21.590628]        entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   21.596220] 
-> #0 (&sb->s_type->i_mutex_key#11){++++++}:
[   21.602406]        __lock_acquire+0x3189/0x4a10
[   21.607050]        lock_acquire+0x130/0x3e0
[   21.611349]        down_write+0x41/0xa0
[   21.615297]        shmem_fallocate+0x13c/0xb10
[   21.619858]        ashmem_shrink_scan+0x1bd/0x3a0
[   21.624675]        ashmem_ioctl+0x2c3/0xf00
[   21.628975]        do_vfs_ioctl+0x1ac/0x11a0
[   21.633363]        SyS_ioctl+0x8f/0xc0
[   21.637221]        do_syscall_64+0x19f/0x480
[   21.641616]        entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   21.647211] 
[   21.647211] other info that might help us debug this:
[   21.647211] 
[   21.655332] Chain exists of:
  &sb->s_type->i_mutex_key#11 --> &mm->mmap_sem --> ashmem_mutex

[   21.665067]  Possible unsafe locking scenario:
[   21.665067] 
[   21.671093]        CPU0                    CPU1
[   21.675731]        ----                    ----
[   21.680373]   lock(ashmem_mutex);
[   21.684053]                                lock(&mm->mmap_sem);
[   21.690325]                                lock(ashmem_mutex);
[   21.696511]   lock(&sb->s_type->i_mutex_key#11);
[   21.701599] 
[   21.701599]  *** DEADLOCK ***
[   21.701599] 
[   21.707629] 1 lock held by syz-executor633/2049:
[   21.712492]  #0:  (ashmem_mutex){+.+.+.}, at: [<ffffffff82175dd5>] ashmem_shrink_scan+0x55/0x3a0
[   21.721885] 
[   21.721885] stack backtrace:
[   21.726357] CPU: 0 PID: 2049 Comm: syz-executor633 Not tainted 4.9.125+ #37
[   21.733431]  ffff8801ceb9f638 ffffffff81af0ae9 ffffffff83aa14e0 ffffffff83abf930
[   21.741432]  ffffffff83aaa600 ffff8801cece5010 ffff8801cece4740 ffff8801ceb9f680
[   21.749426]  ffffffff813e70fd 0000000000000001 00000000cece4ff0 0000000000000001
[   21.757495] Call Trace:
[   21.760064]  [<ffffffff81af0ae9>] dump_stack+0xc1/0x128
[   21.765409]  [<ffffffff813e70fd>] print_circular_bug.cold.36+0x2f7/0x432
[   21.772231]  [<ffffffff81202119>] __lock_acquire+0x3189/0x4a10
[   21.778177]  [<ffffffff811fef90>] ? trace_hardirqs_on+0x10/0x10
[   21.784211]  [<ffffffff8278b8ca>] ? _raw_spin_unlock_irqrestore+0x5a/0x70
[   21.791115]  [<ffffffff812044b0>] lock_acquire+0x130/0x3e0
[   21.796716]  [<ffffffff81448fdc>] ? shmem_fallocate+0x13c/0xb10
[   21.802750]  [<ffffffff827864e1>] down_write+0x41/0xa0
[   21.808167]  [<ffffffff81448fdc>] ? shmem_fallocate+0x13c/0xb10
[   21.814203]  [<ffffffff81448fdc>] shmem_fallocate+0x13c/0xb10
[   21.820211]  [<ffffffff819a0f37>] ? avc_has_perm_noaudit+0x197/0x2f0
[   21.826682]  [<ffffffff819a0e30>] ? avc_has_perm_noaudit+0x90/0x2f0
[   21.833170]  [<ffffffff81448ea0>] ? shmem_setattr+0x790/0x790
[   21.839049]  [<ffffffff811fef90>] ? trace_hardirqs_on+0x10/0x10
[   21.845081]  [<ffffffff819ae16e>] ? cred_has_capability+0x14e/0x2e0
[   21.851567]  [<ffffffff819ae020>] ? selinux_cred_prepare+0xa0/0xa0
[   21.857866]  [<ffffffff811fe987>] ? mark_held_locks+0xc7/0x130
[   21.863815]  [<ffffffff82780718>] ? mutex_trylock+0x258/0x3e0
[   21.869689]  [<ffffffff811fed7b>] ? trace_hardirqs_on_caller+0x38b/0x590
[   21.876504]  [<ffffffff811fef8d>] ? trace_hardirqs_on+0xd/0x10
[   21.882451]  [<ffffffff82175dd5>] ? ashmem_shrink_scan+0x55/0x3a0
[   21.888656]  [<ffffffff82175f3d>] ashmem_shrink_scan+0x1bd/0x3a0
[   21.894776]  [<ffffffff821763e3>] ashmem_ioctl+0x2c3/0xf00
[   21.900380]  [<ffffffff82176120>] ? ashmem_shrink_scan+0x3a0/0x3a0
[   21.906678]  [<ffffffff81b54ccc>] ? __this_cpu_preempt_check+0x1c/0x20
[   21.913327]  [<ffffffff81161eb5>] ? __might_sleep+0x95/0x1a0
[   21.919110]  [<ffffffff82176120>] ? ashmem_shrink_scan+0x3a0/0x3a0
[   21.925410]  [<ffffffff815270dc>] do_vfs_ioctl+0x1ac/0x11a0
[   21.931095]  [<ffffffff81526f30>] ? ioctl_preallocate+0x220/0x220
[   21.937303]  [<ffffffff819be1b0>] ? selinux_p