[....] Starting OpenBSD Secure Shell server: sshd[   16.421191] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   21.499544] random: sshd: uninitialized urandom read (32 bytes read, 38 bits of entropy available)
[   21.914655] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available)
[   22.820828] random: sshd: uninitialized urandom read (32 bytes read, 120 bits of entropy available)
[   22.998152] random: sshd: uninitialized urandom read (32 bytes read, 125 bits of entropy available)
[   23.140423] random: nonblocking pool is initialized
Warning: Permanently added '10.128.0.5' (ECDSA) to the list of known hosts.
executing program
[   28.450734] 
[   28.452376] ======================================================
[   28.458656] [ INFO: possible circular locking dependency detected ]
[   28.465025] 4.4.110-g618a510 #22 Not tainted
[   28.469400] -------------------------------------------------------
[   28.475765] syzkaller761437/3320 is trying to acquire lock:
[   28.481436]  (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [<ffffffff814621b1>] shmem_file_llseek+0xf1/0x240
[   28.491672] 
[   28.491672] but task is already holding lock:
[   28.497605]  (ashmem_mutex){+.+.+.}, at: [<ffffffff82c63cc6>] ashmem_llseek+0x56/0x1f0
[   28.506076] 
[   28.506076] which lock already depends on the new lock.
[   28.506076] 
[   28.514354] 
[   28.514354] the existing dependency chain (in reverse order) is:
[   28.521938] 
-> #2 (ashmem_mutex){+.+.+.}:
[   28.526667]        [<ffffffff8123c71e>] lock_acquire+0x15e/0x460
[   28.532895]        [<ffffffff8376c16b>] mutex_lock_nested+0xbb/0x850
[   28.539465]        [<ffffffff82c63113>] ashmem_mmap+0x53/0x400
[   28.545509]        [<ffffffff814afd1f>] mmap_region+0x94f/0x1250
[   28.551730]        [<ffffffff814b0b1d>] do_mmap+0x4fd/0x9d0
[   28.557515]        [<ffffffff8146eece>] vm_mmap_pgoff+0x16e/0x1c0
[   28.563819]        [<ffffffff814aecef>] SyS_mmap_pgoff+0x33f/0x560
[   28.570216]        [<ffffffff8101beb6>] SyS_mmap+0x16/0x20
[   28.575921]        [<ffffffff83775619>] entry_SYSCALL_64_fastpath+0x16/0x92
[   28.583099] 
-> #1 (&mm->mmap_sem){++++++}:
[   28.587912]        [<ffffffff8123c71e>] lock_acquire+0x15e/0x460
[   28.594133]        [<ffffffff814944ea>] __might_fault+0x14a/0x1d0
[   28.600437]        [<ffffffff81559fe2>] filldir+0x162/0x2d0
[   28.606223]        [<ffffffff8159776e>] dcache_readdir+0x11e/0x7b0
[   28.612615]        [<ffffffff81559c28>] iterate_dir+0x1c8/0x420
[   28.618746]        [<ffffffff8155a91a>] SyS_getdents+0x14a/0x270
[   28.624965]        [<ffffffff83775619>] entry_SYSCALL_64_fastpath+0x16/0x92
[   28.632146] 
-> #0 (&sb->s_type->i_mutex_key#10){+.+.+.}:
[   28.638291]        [<ffffffff81239a7f>] __lock_acquire+0x371f/0x4b50
[   28.644858]        [<ffffffff8123c71e>] lock_acquire+0x15e/0x460
[   28.651078]        [<ffffffff8376c16b>] mutex_lock_nested+0xbb/0x850
[   28.657648]        [<ffffffff814621b1>] shmem_file_llseek+0xf1/0x240
[   28.664221]        [<ffffffff8151b972>] vfs_llseek+0xa2/0xd0
[   28.670095]        [<ffffffff82c63d57>] ashmem_llseek+0xe7/0x1f0
[   28.676312]        [<ffffffff8151d77b>] SyS_lseek+0xeb/0x170
[   28.682187]        [<ffffffff83775619>] entry_SYSCALL_64_fastpath+0x16/0x92
[   28.689375] 
[   28.689375] other info that might help us debug this:
[   28.689375] 
[   28.697490] Chain exists of:
  &sb->s_type->i_mutex_key#10 --> &mm->mmap_sem --> ashmem_mutex

[   28.707150]  Possible unsafe locking scenario:
[   28.707150] 
[   28.713169]        CPU0                    CPU1
[   28.717797]        ----                    ----
[   28.722425]   lock(ashmem_mutex);
[   28.726060]                                lock(&mm->mmap_sem);
[   28.732299]                                lock(ashmem_mutex);
[   28.738450]   lock(&sb->s_type->i_mutex_key#10);
[   28.743496] 
[   28.743496]  *** DEADLOCK ***
[   28.743496] 
[   28.749516] 1 lock held by syzkaller761437/3320:
[   28.754232]  #0:  (ashmem_mutex){+.+.+.}, at: [<ffffffff82c63cc6>] ashmem_llseek+0x56/0x1f0
[   28.763241] 
[   28.763241] stack backtrace:
[   28.767703] CPU: 0 PID: 3320 Comm: syzkaller761437 Not tainted 4.4.110-g618a510 #22
[   28.775458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   28.784775]  0000000000000000 aa5bfceb4eae887a ffff8800b0e27ad8 ffffffff81d04e3d
[   28.792718]  ffffffff8519d1c0 ffffffff851a7060 ffffffff851bb7c0 ffff8800b52d8898
[   28.800661]  ffff8800b52d8000 ffff8800b0e27b20 ffffffff81232af1 ffff8800b52d8898
[   28.808595] Call Trace:
[   28.811148]  [<ffffffff81d04e3d>] dump_stack+0xc1/0x124
[   28.816483]  [<ffffffff81232af1>] print_circular_bug+0x271/0x310
[   28.822592]  [<ffffffff81239a7f>] __lock_acquire+0x371f/0x4b50
[   28.828528]  [<ffffffff814107a3>] ? perf_event_mmap+0x93/0x910
[   28.834470]  [<ffffffff81236360>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   28.841445]  [<ffffffff8122f091>] ? __lock_is_held+0xa1/0xf0
[   28.847211]  [<ffffffff8123c71e>] lock_acquire+0x15e/0x460
[   28.852800]  [<ffffffff814621b1>] ? shmem_file_llseek+0xf1/0x240
[   28.858908]  [<ffffffff814621b1>] ? shmem_file_llseek+0xf1/0x240
[   28.865023]  [<ffffffff8376c16b>] mutex_lock_nested+0xbb/0x850
[   28.870956]  [<ffffffff814621b1>] ? shmem_file_llseek+0xf1/0x240
[   28.877063]  [<ffffffff8376c684>] ? mutex_lock_nested+0x5d4/0x850
[   28.883258]  [<ffffffff8376c0b0>] ? __ww_mutex_lock+0x14f0/0x14f0
[   28.889464]  [<ffffffff8376c610>] ? mutex_lock_nested+0x560/0x850
[   28.895659]  [<ffffffff82c63cc6>] ? ashmem_llseek+0x56/0x1f0
[   28.901428]