[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   16.147666] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available)
[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   20.953127] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available)
[   21.254869] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available)
[   22.126450] random: sshd: uninitialized urandom read (32 bytes read, 101 bits of entropy available)
[   22.304419] random: sshd: uninitialized urandom read (32 bytes read, 105 bits of entropy available)
Warning: Permanently added '10.128.0.11' (ECDSA) to the list of known hosts.
[   27.695110] random: sshd: uninitialized urandom read (32 bytes read, 113 bits of entropy available)
executing program
[   27.794126] 
[   27.795798] ======================================================
[   27.802093] [ INFO: possible circular locking dependency detected ]
[   27.808482] 4.4.113-ge70c132 #34 Not tainted
[   27.812860] -------------------------------------------------------
[   27.819232] syzkaller100514/3312 is trying to acquire lock:
[   27.824910]  (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [<ffffffff81462321>] shmem_file_llseek+0xf1/0x240
[   27.835181] 
[   27.835181] but task is already holding lock:
[   27.841121]  (ashmem_mutex){+.+.+.}, at: [<ffffffff82c60746>] ashmem_llseek+0x56/0x1f0
[   27.849630] 
[   27.849630] which lock already depends on the new lock.
[   27.849630] 
[   27.857917] 
[   27.857917] the existing dependency chain (in reverse order) is:
[   27.865508] 
-> #2 (ashmem_mutex){+.+.+.}:
[   27.870287]        [<ffffffff8123c77e>] lock_acquire+0x15e/0x460
[   27.876522]        [<ffffffff8376858b>] mutex_lock_nested+0xbb/0x850
[   27.883107]        [<ffffffff82c5fb93>] ashmem_mmap+0x53/0x400
[   27.889167]        [<ffffffff814afd6f>] mmap_region+0x94f/0x1250
[   27.895432]        [<ffffffff814b0b6d>] do_mmap+0x4fd/0x9d0
[   27.901241]        [<ffffffff8146efee>] vm_mmap_pgoff+0x16e/0x1c0
[   27.907562]        [<ffffffff814aed3f>] SyS_mmap_pgoff+0x33f/0x560
[   27.913983]        [<ffffffff8101beb6>] SyS_mmap+0x16/0x20
[   27.919694]        [<ffffffff83771b5f>] entry_SYSCALL_64_fastpath+0x1c/0x98
[   27.926887] 
-> #1 (&mm->mmap_sem){++++++}:
[   27.931734]        [<ffffffff8123c77e>] lock_acquire+0x15e/0x460
[   27.937969]        [<ffffffff8149460a>] __might_fault+0x14a/0x1d0
[   27.944288]        [<ffffffff81559642>] filldir+0x162/0x2d0
[   27.950271]        [<ffffffff81596c7e>] dcache_readdir+0x11e/0x7b0
[   27.956677]        [<ffffffff81559288>] iterate_dir+0x1c8/0x420
[   27.962825]        [<ffffffff81559f7a>] SyS_getdents+0x14a/0x270
[   27.969072]        [<ffffffff83771b5f>] entry_SYSCALL_64_fastpath+0x1c/0x98
[   27.976351] 
-> #0 (&sb->s_type->i_mutex_key#10){+.+.+.}:
[   27.982538]        [<ffffffff81239adf>] __lock_acquire+0x371f/0x4b50
[   27.989131]        [<ffffffff8123c77e>] lock_acquire+0x15e/0x460
[   27.995374]        [<ffffffff8376858b>] mutex_lock_nested+0xbb/0x850
[   28.001965]        [<ffffffff81462321>] shmem_file_llseek+0xf1/0x240
[   28.008559]        [<ffffffff8151b4c2>] vfs_llseek+0xa2/0xd0
[   28.014450]        [<ffffffff82c607d7>] ashmem_llseek+0xe7/0x1f0
[   28.020683]        [<ffffffff8151d2cb>] SyS_lseek+0xeb/0x170
[   28.026572]        [<ffffffff83771b5f>] entry_SYSCALL_64_fastpath+0x1c/0x98
[   28.033763] 
[   28.033763] other info that might help us debug this:
[   28.033763] 
[   28.041874] Chain exists of:
  &sb->s_type->i_mutex_key#10 --> &mm->mmap_sem --> ashmem_mutex

[   28.051613]  Possible unsafe locking scenario:
[   28.051613] 
[   28.057641]        CPU0                    CPU1
[   28.062277]        ----                    ----
[   28.066914]   lock(ashmem_mutex);
[   28.070574]                                lock(&mm->mmap_sem);
[   28.076854]                                lock(ashmem_mutex);
[   28.083068]   lock(&sb->s_type->i_mutex_key#10);
[   28.088160] 
[   28.088160]  *** DEADLOCK ***
[   28.088160] 
[   28.094189] 1 lock held by syzkaller100514/3312:
[   28.099011]  #0:  (ashmem_mutex){+.+.+.}, at: [<ffffffff82c60746>] ashmem_llseek+0x56/0x1f0
[   28.108074] 
[   28.108074] stack backtrace:
[   28.112546] CPU: 1 PID: 3312 Comm: syzkaller100514 Not tainted 4.4.113-ge70c132 #34
[   28.120320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   28.129646]  0000000000000000 6dda2dfb751b9936 ffff8801d169fad8 ffffffff81d0278d
[   28.137635]  ffffffff851a03b0 ffffffff851a9ef0 ffffffff851be140 ffff8801d1ab6798
[   28.145611]  ffff8801d1ab5f00 ffff8801d169fb20 ffffffff81232b51 ffff8801d1ab6798
[   28.153599] Call Trace:
[   28.156178]  [<ffffffff81d0278d>] dump_stack+0xc1/0x124
[   28.161532]  [<ffffffff81232b51>] print_circular_bug+0x271/0x310
[   28.167663]  [<ffffffff81239adf>] __lock_acquire+0x371f/0x4b50
[   28.173613]  [<ffffffff81410b23>] ? perf_event_mmap+0x93/0x910
[   28.179565]  [<ffffffff812363c0>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   28.186582]  [<ffffffff814aa3f4>] ? vma_link+0xe4/0x170
[   28.191921]  [<ffffffff8122f101>] ? __lock_is_held+0xa1/0xf0
[   28.197691]  [<ffffffff8123c77e>] lock_acquire+0x15e/0x460
[   28.203287]  [<ffffffff81462321>] ? shmem_file_llseek+0xf1/0x240
[   28.209415]  [<ffffffff81462321>] ? shmem_file_llseek+0xf1/0x240
[   28.215552]  [<ffffffff8376858b>] mutex_lock_nested+0xbb/0x850
[   28.221501]  [<ffffffff81462321>] ? shmem_file_llseek+0xf1/0x240
[   28.227617]  [<ffffffff83768aa4>] ? mutex_lock_nested+0x5d4/0x850
[   28.233820]  [<ffffffff837684d0>] ? __ww_mutex_lock+0x14f0/0x14f0
[   28.240023]  [<ffffffff83768a30>] ? mutex_lock_nested+0x560/0x850