[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   23.055096] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   26.667048] random: sshd: uninitialized urandom read (32 bytes read, 38 bits of entropy available)
[   27.016721] random: sshd: uninitialized urandom read (32 bytes read, 38 bits of entropy available)
[   27.972836] random: sshd: uninitialized urandom read (32 bytes read, 112 bits of entropy available)
[   28.140449] random: sshd: uninitialized urandom read (32 bytes read, 116 bits of entropy available)
Warning: Permanently added '10.128.0.43' (ECDSA) to the list of known hosts.
[   33.525252] random: sshd: uninitialized urandom read (32 bytes read, 120 bits of entropy available)
executing program
[   33.622080] 
[   33.623721] ======================================================
[   33.630014] [ INFO: possible circular locking dependency detected ]
[   33.636406] 4.4.114-gfe09418 #3 Not tainted
[   33.640695] -------------------------------------------------------
[   33.647076] syzkaller513734/4055 is trying to acquire lock:
[   33.652761]  (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [<ffffffff814629b1>] shmem_file_llseek+0xf1/0x240
[   33.663037] 
[   33.663037] but task is already holding lock:
[   33.668992]  (ashmem_mutex){+.+.+.}, at: [<ffffffff82c60f76>] ashmem_llseek+0x56/0x1f0
[   33.677530] 
[   33.677530] which lock already depends on the new lock.
[   33.677530] 
[   33.686006] 
[   33.686006] the existing dependency chain (in reverse order) is:
[   33.693600] 
-> #2 (ashmem_mutex){+.+.+.}:
[   33.698357]        [<ffffffff8123ccde>] lock_acquire+0x15e/0x460
[   33.704592]        [<ffffffff83769e4b>] mutex_lock_nested+0xbb/0x850
[   33.711174]        [<ffffffff82c603c3>] ashmem_mmap+0x53/0x400
[   33.717244]        [<ffffffff814b03ff>] mmap_region+0x94f/0x1250
[   33.723485]        [<ffffffff814b11fd>] do_mmap+0x4fd/0x9d0
[   33.729287]        [<ffffffff8146f67e>] vm_mmap_pgoff+0x16e/0x1c0
[   33.735622]        [<ffffffff814af3cf>] SyS_mmap_pgoff+0x33f/0x560
[   33.742059]        [<ffffffff81006d74>] do_fast_syscall_32+0x314/0x890
[   33.748829]        [<ffffffff83774daa>] sysenter_flags_fixed+0xd/0x17
[   33.755502] 
-> #1 (&mm->mmap_sem){++++++}:
[   33.760363]        [<ffffffff8123ccde>] lock_acquire+0x15e/0x460
[   33.766593]        [<ffffffff81494c9a>] __might_fault+0x14a/0x1d0
[   33.772913]        [<ffffffff81559d02>] filldir+0x162/0x2d0
[   33.778730]        [<ffffffff8159734e>] dcache_readdir+0x11e/0x7b0
[   33.785139]        [<ffffffff81559948>] iterate_dir+0x1c8/0x420
[   33.791296]        [<ffffffff8155a63a>] SyS_getdents+0x14a/0x270
[   33.797529]        [<ffffffff8377341f>] entry_SYSCALL_64_fastpath+0x1c/0x98
[   33.804745] 
-> #0 (&sb->s_type->i_mutex_key#10){+.+.+.}:
[   33.810940]        [<ffffffff8123a03f>] __lock_acquire+0x371f/0x4b50
[   33.817526]        [<ffffffff8123ccde>] lock_acquire+0x15e/0x460
[   33.823768]        [<ffffffff83769e4b>] mutex_lock_nested+0xbb/0x850
[   33.830371]        [<ffffffff814629b1>] shmem_file_llseek+0xf1/0x240
[   33.836956]        [<ffffffff8151bb62>] vfs_llseek+0xa2/0xd0
[   33.842851]        [<ffffffff82c61007>] ashmem_llseek+0xe7/0x1f0
[   33.849087]        [<ffffffff8151dadb>] compat_SyS_lseek+0xeb/0x170
[   33.855592]        [<ffffffff81006d74>] do_fast_syscall_32+0x314/0x890
[   33.862353]        [<ffffffff83774daa>] sysenter_flags_fixed+0xd/0x17
[   33.869032] 
[   33.869032] other info that might help us debug this:
[   33.869032] 
[   33.877143] Chain exists of:
  &sb->s_type->i_mutex_key#10 --> &mm->mmap_sem --> ashmem_mutex

[   33.886982]  Possible unsafe locking scenario:
[   33.886982] 
[   33.893018]        CPU0                    CPU1
[   33.897655]        ----                    ----
[   33.902296]   lock(ashmem_mutex);
[   33.905953]                                lock(&mm->mmap_sem);
[   33.912235]                                lock(ashmem_mutex);
[   33.918441]   lock(&sb->s_type->i_mutex_key#10);
[   33.923538] 
[   33.923538]  *** DEADLOCK ***
[   33.923538] 
[   33.929568] 1 lock held by syzkaller513734/4055:
[   33.934291]  #0:  (ashmem_mutex){+.+.+.}, at: [<ffffffff82c60f76>] ashmem_llseek+0x56/0x1f0
[   33.943350] 
[   33.943350] stack backtrace:
[   33.947822] CPU: 0 PID: 4055 Comm: syzkaller513734 Not tainted 4.4.114-gfe09418 #3
[   33.955509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   33.964837]  0000000000000000 f8e20373113f5576 ffff8801d78e7a58 ffffffff81d02e6d
[   33.972833]  ffffffff851a0240 ffffffff851a9f30 ffffffff851be330 ffff8801d78808a0
[   33.980811]  ffff8801d7880000 ffff8801d78e7aa0 ffffffff812330b1 ffff8801d78808a0
[   33.988791] Call Trace:
[   33.991370]  [<ffffffff81d02e6d>] dump_stack+0xc1/0x124
[   33.996712]  [<ffffffff812330b1>] print_circular_bug+0x271/0x310
[   34.002842]  [<ffffffff8123a03f>] __lock_acquire+0x371f/0x4b50
[   34.008811]  [<ffffffff81236920>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   34.015809]  [<ffffffff8122f661>] ? __lock_is_held+0xa1/0xf0
[   34.021580]  [<ffffffff8123ccde>] lock_acquire+0x15e/0x460
[   34.027182]  [<ffffffff814629b1>] ? shmem_file_llseek+0xf1/0x240
[   34.033305]  [<ffffffff814629b1>] ? shmem_file_llseek+0xf1/0x240
[   34.039436]  [<ffffffff83769e4b>] mutex_lock_nested+0xbb/0x850
[   34.045383]  [<ffffffff814629b1>] ? shmem_file_llseek+0xf1/0x240
[   34.051499]  [<ffffffff8376a364>] ? mutex_lock_nested+0x5d4/0x850
[   34.057704]  [<ffffffff83769d90>] ? __ww_mutex_lock+0x14f0/0x14f0
[   34.063912]  [<ffffffff8376a2f0>] ? mutex_lock_nested+0x560/0x850
[   34.070121]  [<ffffffff82c60f76>] ? ashmem_llseek+0x56/0x1f0
[   34.075893]  [<ffffffff814629b1>] shmem_file_llseek+0xf1/0x240
[   34.081839]  [<ffffffff814628c0>] ? shmem_mmap+0x90/0x90
[   34.087261]  [<ffffffff8151bb62>] vfs_llseek+0xa2/0xd0
[   34.092514]  [<ffffffff82c61007>] ashmem_llseek+0xe7/0x1f0
[   34.098111]  [<ffffffff82c60f20>] ? ashmem_read+0x200/0x200
[   34.103797]  [<ffffffff8151dadb>] compat_SyS_lseek+0xeb/0x170
[   34.109656]  [<ffffffff8151d9f0>] ? SyS_lseek+0x170/0x170
[   34.115166]  [<ffffffff81006d74>] do_fast_syscall_32+0x314/0x890
[   34.121298]  [<ffffffff83774daa>]