[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting O[   16.703959] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available)
penBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   21.158794] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available)
[   21.679370] random: sshd: uninitialized urandom read (32 bytes read, 40 bits of entropy available)
[   22.635324] random: sshd: uninitialized urandom read (32 bytes read, 117 bits of entropy available)
[   22.805400] random: sshd: uninitialized urandom read (32 bytes read, 121 bits of entropy available)
Warning: Permanently added '10.128.15.245' (ECDSA) to the list of known hosts.
[   28.172499] random: nonblocking pool is initialized
executing program
[   28.276488] 
[   28.278147] ======================================================
[   28.284438] [ INFO: possible circular locking dependency detected ]
[   28.290810] 4.4.112-g3fc4284 #32 Not tainted
[   28.295190] -------------------------------------------------------
[   28.301566] syzkaller274914/3322 is trying to acquire lock:
[   28.307243]  (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [<ffffffff814627a1>] shmem_file_llseek+0xf1/0x240
[   28.317510] 
[   28.317510] but task is already holding lock:
[   28.323463]  (ashmem_mutex){+.+.+.}, at: [<ffffffff82c645f6>] ashmem_llseek+0x56/0x1f0
[   28.331968] 
[   28.331968] which lock already depends on the new lock.
[   28.331968] 
[   28.340253] 
[   28.340253] the existing dependency chain (in reverse order) is:
[   28.347929] 
-> #2 (ashmem_mutex){+.+.+.}:
[   28.352688]        [<ffffffff8123c7be>] lock_acquire+0x15e/0x460
[   28.358931]        [<ffffffff8376cc6b>] mutex_lock_nested+0xbb/0x850
[   28.365514]        [<ffffffff82c63a43>] ashmem_mmap+0x53/0x400
[   28.371576]        [<ffffffff814b047f>] mmap_region+0x94f/0x1250
[   28.377812]        [<ffffffff814b127d>] do_mmap+0x4fd/0x9d0
[   28.383609]        [<ffffffff8146f4be>] vm_mmap_pgoff+0x16e/0x1c0
[   28.389928]        [<ffffffff814af44f>] SyS_mmap_pgoff+0x33f/0x560
[   28.396348]        [<ffffffff8101beb6>] SyS_mmap+0x16/0x20
[   28.402061]        [<ffffffff837761d9>] entry_SYSCALL_64_fastpath+0x16/0x92
[   28.409252] 
-> #1 (&mm->mmap_sem){++++++}:
[   28.414091]        [<ffffffff8123c7be>] lock_acquire+0x15e/0x460
[   28.420324]        [<ffffffff81494c4a>] __might_fault+0x14a/0x1d0
[   28.426656]        [<ffffffff8155a742>] filldir+0x162/0x2d0
[   28.432455]        [<ffffffff81597ece>] dcache_readdir+0x11e/0x7b0
[   28.438862]        [<ffffffff8155a388>] iterate_dir+0x1c8/0x420
[   28.445008]        [<ffffffff8155b07a>] SyS_getdents+0x14a/0x270
[   28.451236]        [<ffffffff837761d9>] entry_SYSCALL_64_fastpath+0x16/0x92
[   28.458425] 
-> #0 (&sb->s_type->i_mutex_key#10){+.+.+.}:
[   28.464614]        [<ffffffff81239b1f>] __lock_acquire+0x371f/0x4b50
[   28.471192]        [<ffffffff8123c7be>] lock_acquire+0x15e/0x460
[   28.477420]        [<ffffffff8376cc6b>] mutex_lock_nested+0xbb/0x850
[   28.484005]        [<ffffffff814627a1>] shmem_file_llseek+0xf1/0x240
[   28.490580]        [<ffffffff8151c0d2>] vfs_llseek+0xa2/0xd0
[   28.496465]        [<ffffffff82c64687>] ashmem_llseek+0xe7/0x1f0
[   28.502694]        [<ffffffff8151dedb>] SyS_lseek+0xeb/0x170
[   28.508574]        [<ffffffff837761d9>] entry_SYSCALL_64_fastpath+0x16/0x92
[   28.515776] 
[   28.515776] other info that might help us debug this:
[   28.515776] 
[   28.523888] Chain exists of:
  &sb->s_type->i_mutex_key#10 --> &mm->mmap_sem --> ashmem_mutex

[   28.533606]  Possible unsafe locking scenario:
[   28.533606] 
[   28.539630]        CPU0                    CPU1
[   28.544266]        ----                    ----
[   28.548920]   lock(ashmem_mutex);
[   28.552575]                                lock(&mm->mmap_sem);
[   28.558832]                                lock(ashmem_mutex);
[   28.565010]   lock(&sb->s_type->i_mutex_key#10);
[   28.570086] 
[   28.570086]  *** DEADLOCK ***
[   28.570086] 
[   28.576126] 1 lock held by syzkaller274914/3322:
[   28.580848]  #0:  (ashmem_mutex){+.+.+.}, at: [<ffffffff82c645f6>] ashmem_llseek+0x56/0x1f0
[   28.589892] 
[   28.589892] stack backtrace:
[   28.594365] CPU: 1 PID: 3322 Comm: syzkaller274914 Not tainted 4.4.112-g3fc4284 #32
[   28.602127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   28.611454]  0000000000000000 018b6d96822d437d ffff8801d091fad8 ffffffff81d054ed
[   28.619435]  ffffffff8519e370 ffffffff851a8060 ffffffff851bc970 ffff8801d0d90898
[   28.627418]  ffff8801d0d90000 ffff8801d091fb20 ffffffff81232b91 ffff8801d0d90898
[   28.635387] Call Trace:
[   28.637948]  [<ffffffff81d054ed>] dump_stack+0xc1/0x124
[   28.643282]  [<ffffffff81232b91>] print_circular_bug+0x271/0x310
[   28.649398]  [<ffffffff81239b1f>] __lock_acquire+0x371f/0x4b50
[   28.655357]  [<ffffffff81410d73>] ? perf_event_mmap+0x93/0x910
[   28.661303]  [<ffffffff81236400>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   28.668299]  [<ffffffff814aab04>] ? vma_link+0xe4/0x170
[   28.673632]  [<ffffffff8122f131>] ? __lock_is_held+0xa1/0xf0
[   28.679399]  [<ffffffff8123c7be>] lock_acquire+0x15e/0x460
[   28.684990]  [<ffffffff814627a1>] ? shmem_file_llseek+0xf1/0x240
[   28.691101]  [<ffffffff814627a1>] ? shmem_file_llseek+0xf1/0x240
[   28.697216]  [<ffffffff8376cc6b>] mutex_lock_nested+0xbb/0x850
[   28.703156]  [<ffffffff814627a1>] ? shmem_file_llseek+0xf1/0x240
[   28.709283]  [<ffffffff8376d184>] ? mutex_lock_nested+0x5d4/0x850
[   28.715484]  [<ffffffff8376cbb0>] ? __ww_mutex_lock+0x14f0/0x14f0
[   28.721685]  [<ffffffff8376d110>] ? mutex_lock_nested+0x560/0x850
[   28.