[   15.744480] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available)
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   20.866055] random: sshd: uninitialized urandom read (32 bytes read, 38 bits of entropy available)
[   21.052324] random: sshd: uninitialized urandom read (32 bytes read, 38 bits of entropy available)
[   21.810177] random: sshd: uninitialized urandom read (32 bytes read, 79 bits of entropy available)
[   21.983918] random: sshd: uninitialized urandom read (32 bytes read, 84 bits of entropy available)
Warning: Permanently added '10.128.15.199' (ECDSA) to the list of known hosts.
[   27.364792] random: sshd: uninitialized urandom read (32 bytes read, 92 bits of entropy available)
executing program
[   27.455679] 
[   27.457319] ======================================================
[   27.463630] [ INFO: possible circular locking dependency detected ]
[   27.470002] 4.4.111-gc2f631b #27 Not tainted
[   27.474374] -------------------------------------------------------
[   27.480747] syzkaller039785/3314 is trying to acquire lock:
[   27.486431]  (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [<ffffffff814623f1>] shmem_file_llseek+0xf1/0x240
[   27.496688] 
[   27.496688] but task is already holding lock:
[   27.502627]  (ashmem_mutex){+.+.+.}, at: [<ffffffff82c63fc6>] ashmem_llseek+0x56/0x1f0
[   27.511114] 
[   27.511114] which lock already depends on the new lock.
[   27.511114] 
[   27.519397] 
[   27.519397] the existing dependency chain (in reverse order) is:
[   27.526983] 
-> #2 (ashmem_mutex){+.+.+.}:
[   27.531733]        [<ffffffff8123c7ee>] lock_acquire+0x15e/0x460
[   27.537963]        [<ffffffff8376c46b>] mutex_lock_nested+0xbb/0x850
[   27.544537]        [<ffffffff82c63413>] ashmem_mmap+0x53/0x400
[   27.550592]        [<ffffffff814aff5f>] mmap_region+0x94f/0x1250
[   27.556823]        [<ffffffff814b0d5d>] do_mmap+0x4fd/0x9d0
[   27.562619]        [<ffffffff8146f10e>] vm_mmap_pgoff+0x16e/0x1c0
[   27.568934]        [<ffffffff814aef2f>] SyS_mmap_pgoff+0x33f/0x560
[   27.575339]        [<ffffffff8101beb6>] SyS_mmap+0x16/0x20
[   27.581054]        [<ffffffff83775919>] entry_SYSCALL_64_fastpath+0x16/0x92
[   27.588239] 
-> #1 (&mm->mmap_sem){++++++}:
[   27.593074]        [<ffffffff8123c7ee>] lock_acquire+0x15e/0x460
[   27.599304]        [<ffffffff8149472a>] __might_fault+0x14a/0x1d0
[   27.605620]        [<ffffffff8155a222>] filldir+0x162/0x2d0
[   27.611416]        [<ffffffff815979ae>] dcache_readdir+0x11e/0x7b0
[   27.617819]        [<ffffffff81559e68>] iterate_dir+0x1c8/0x420
[   27.623965]        [<ffffffff8155ab5a>] SyS_getdents+0x14a/0x270
[   27.630191]        [<ffffffff83775919>] entry_SYSCALL_64_fastpath+0x16/0x92
[   27.637385] 
-> #0 (&sb->s_type->i_mutex_key#10){+.+.+.}:
[   27.643557]        [<ffffffff81239b4f>] __lock_acquire+0x371f/0x4b50
[   27.650133]        [<ffffffff8123c7ee>] lock_acquire+0x15e/0x460
[   27.656370]        [<ffffffff8376c46b>] mutex_lock_nested+0xbb/0x850
[   27.662951]        [<ffffffff814623f1>] shmem_file_llseek+0xf1/0x240
[   27.669525]        [<ffffffff8151bbb2>] vfs_llseek+0xa2/0xd0
[   27.675407]        [<ffffffff82c64057>] ashmem_llseek+0xe7/0x1f0
[   27.681639]        [<ffffffff8151d9bb>] SyS_lseek+0xeb/0x170
[   27.687520]        [<ffffffff83775919>] entry_SYSCALL_64_fastpath+0x16/0x92
[   27.694712] 
[   27.694712] other info that might help us debug this:
[   27.694712] 
[   27.702821] Chain exists of:
  &sb->s_type->i_mutex_key#10 --> &mm->mmap_sem --> ashmem_mutex

[   27.712516]  Possible unsafe locking scenario:
[   27.712516] 
[   27.718539]        CPU0                    CPU1
[   27.723173]        ----                    ----
[   27.727804]   lock(ashmem_mutex);
[   27.731452]                                lock(&mm->mmap_sem);
[   27.737700]                                lock(ashmem_mutex);
[   27.743863]   lock(&sb->s_type->i_mutex_key#10);
[   27.748926] 
[   27.748926]  *** DEADLOCK ***
[   27.748926] 
[   27.754953] 1 lock held by syzkaller039785/3314:
[   27.759675]  #0:  (ashmem_mutex){+.+.+.}, at: [<ffffffff82c63fc6>] ashmem_llseek+0x56/0x1f0
[   27.768708] 
[   27.768708] stack backtrace:
[   27.773171] CPU: 1 PID: 3314 Comm: syzkaller039785 Not tainted 4.4.111-gc2f631b #27
[   27.780933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.790255]  0000000000000000 98ff108ab5ab0687 ffff8801cc85fad8 ffffffff81d0513d
[   27.798225]  ffffffff8519d1c0 ffffffff851a6b50 ffffffff851bb2b0 ffff8800b5716798
[   27.806200]  ffff8800b5715f00 ffff8801cc85fb20 ffffffff81232bc1 ffff8800b5716798
[   27.814172] Call Trace:
[   27.816728]  [<ffffffff81d0513d>] dump_stack+0xc1/0x124
[   27.822057]  [<ffffffff81232bc1>] print_circular_bug+0x271/0x310
[   27.828169]  [<ffffffff81239b4f>] __lock_acquire+0x371f/0x4b50
[   27.834113]  [<ffffffff814109e3>] ? perf_event_mmap+0x93/0x910
[   27.840058]  [<ffffffff81236430>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   27.847045]  [<ffffffff8122f161>] ? __lock_is_held+0xa1/0xf0
[   27.852809]  [<ffffffff8123c7ee>] lock_acquire+0x15e/0x460
[   27.858408]  [<ffffffff814623f1>] ? shmem_file_llseek+0xf1/0x240
[   27.864524]  [<ffffffff814623f1>] ? shmem_file_llseek+0xf1/0x240
[   27.870641]  [<ffffffff8376c46b>] mutex_lock_nested+0xbb/0x850
[   27.876580]  [<ffffffff814623f1>] ? shmem_file_llseek+0xf1/0x240
[   27.882693]  [<ffffffff8376c984>] ? mutex_lock_nested+0x5d4/0x850
[   27.888891]  [<ffffffff8376c3b0>] ? __ww_mutex_lock+0x14f0/0x14f0
[   27.895091]  [<ffffffff8376c910>] ? mutex_lock_nested+0x560/0x850
[   27.901297]  [<ffffffff82c63fc6>] ? ashmem_llseek+0x56/0x1f0
[   27.