[ 22.425964] random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available)
[....] Starting file context maintaining daemon: restorecond�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 27.070308] random: sshd: uninitialized urandom read (32 bytes read, 40 bits of entropy available)
[ 27.376873] random: sshd: uninitialized urandom read (32 bytes read, 42 bits of entropy available)
[ 28.345109] random: sshd: uninitialized urandom read (32 bytes read, 106 bits of entropy available)
[ 28.522888] random: sshd: uninitialized urandom read (32 bytes read, 110 bits of entropy available)
Warning: Permanently added '10.128.0.46' (ECDSA) to the list of known hosts.
[ 33.933518] random: sshd: uninitialized urandom read (32 bytes read, 118 bits of entropy available)
executing program
[ 34.035114]
[ 34.036774] ======================================================
[ 34.043059] [ INFO: possible circular locking dependency detected ]
[ 34.049433] 4.4.114-ga81d322 #4 Not tainted
[ 34.053718] -------------------------------------------------------
[ 34.060088] syzkaller539241/4046 is trying to acquire lock:
[ 34.065762] (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [<ffffffff81463491>] shmem_file_llseek+0xf1/0x240
[ 34.076030]
[ 34.076030] but task is already holding lock:
[ 34.081968] (ashmem_mutex){+.+.+.}, at: [<ffffffff82c61a56>] ashmem_llseek+0x56/0x1f0
[ 34.090462]
[ 34.090462] which lock already depends on the new lock.
[ 34.090462]
[ 34.098744]
[ 34.098744] the existing dependency chain (in reverse order) is:
[ 34.106332]
-> #2 (ashmem_mutex){+.+.+.}:
[ 34.111086] [<ffffffff8123d7be>] lock_acquire+0x15e/0x460
[ 34.117320] [<ffffffff8376a92b>] mutex_lock_nested+0xbb/0x850
[ 34.123899] [<ffffffff82c60ea3>] ashmem_mmap+0x53/0x400
[ 34.129969] [<ffffffff814b0edf>] mmap_region+0x94f/0x1250
[ 34.136200] [<ffffffff814b1cdd>] do_mmap+0x4fd/0x9d0
[ 34.141993] [<ffffffff8147015e>] vm_mmap_pgoff+0x16e/0x1c0
[ 34.148311] [<ffffffff814afeaf>] SyS_mmap_pgoff+0x33f/0x560
[ 34.154721] [<ffffffff8101beb6>] SyS_mmap+0x16/0x20
[ 34.160445] [<ffffffff83773edf>] entry_SYSCALL_64_fastpath+0x1c/0x98
[ 34.167632]
-> #1 (&mm->mmap_sem){++++++}:
[ 34.172475] [<ffffffff8123d7be>] lock_acquire+0x15e/0x460
[ 34.178713] [<ffffffff8149577a>] __might_fault+0x14a/0x1d0
[ 34.185031] [<ffffffff8155a7e2>] filldir+0x162/0x2d0
[ 34.190828] [<ffffffff81597e2e>] dcache_readdir+0x11e/0x7b0
[ 34.197256] [<ffffffff8155a428>] iterate_dir+0x1c8/0x420
[ 34.203407] [<ffffffff8155b11a>] SyS_getdents+0x14a/0x270
[ 34.209636] [<ffffffff83773edf>] entry_SYSCALL_64_fastpath+0x1c/0x98
[ 34.216832]
-> #0 (&sb->s_type->i_mutex_key#10){+.+.+.}:
[ 34.223006] [<ffffffff8123ab1f>] __lock_acquire+0x371f/0x4b50
[ 34.229583] [<ffffffff8123d7be>] lock_acquire+0x15e/0x460
[ 34.235817] [<ffffffff8376a92b>] mutex_lock_nested+0xbb/0x850
[ 34.242399] [<ffffffff81463491>] shmem_file_llseek+0xf1/0x240
[ 34.249007] [<ffffffff8151c642>] vfs_llseek+0xa2/0xd0
[ 34.254894] [<ffffffff82c61ae7>] ashmem_llseek+0xe7/0x1f0
[ 34.261142] [<ffffffff8151e44b>] SyS_lseek+0xeb/0x170
[ 34.267037] [<ffffffff83773edf>] entry_SYSCALL_64_fastpath+0x1c/0x98
[ 34.274228]
[ 34.274228] other info that might help us debug this:
[ 34.274228]
[ 34.282343] Chain exists of:
&sb->s_type->i_mutex_key#10 --> &mm->mmap_sem --> ashmem_mutex
[ 34.292054] Possible unsafe locking scenario:
[ 34.292054]
[ 34.298079] CPU0 CPU1
[ 34.302714] ---- ----
[ 34.307366] lock(ashmem_mutex);
[ 34.311022] lock(&mm->mmap_sem);
[ 34.317297] lock(ashmem_mutex);
[ 34.323472] lock(&sb->s_type->i_mutex_key#10);
[ 34.328551]
[ 34.328551] *** DEADLOCK ***
[ 34.328551]
[ 34.334581] 1 lock held by syzkaller539241/4046:
[ 34.339303] #0: (ashmem_mutex){+.+.+.}, at: [<ffffffff82c61a56>] ashmem_llseek+0x56/0x1f0
[ 34.348373]
[ 34.348373] stack backtrace:
[ 34.352842] CPU: 0 PID: 4046 Comm: syzkaller539241 Not tainted 4.4.114-ga81d322 #4
[ 34.360534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 34.369869] 0000000000000000 929849d1f523ab01 ffff8800b9777ad8 ffffffff81d0394d
[ 34.377841] ffffffff851a0240 ffffffff851a9f30 ffffffff851be9f0 ffff8801d729e8f8
[ 34.385808] ffff8801d729e000 ffff8800b9777b20 ffffffff81233b91 ffff8801d729e8f8
[ 34.393774] Call Trace:
[ 34.396342] [<ffffffff81d0394d>] dump_stack+0xc1/0x124
[ 34.401679] [<ffffffff81233b91>] print_circular_bug+0x271/0x310
[ 34.407791] [<ffffffff8123ab1f>] __lock_acquire+0x371f/0x4b50
[ 34.413732] [<ffffffff81411c73>] ? perf_event_mmap+0x93/0x910
[ 34.419679] [<ffffffff81237400>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 34.426664] [<ffffffff814ab564>] ? vma_link+0xe4/0x170
[ 34.431997] [<ffffffff81230141>] ? __lock_is_held+0xa1/0xf0
[ 34.437762] [<ffffffff8123d7be>] lock_acquire+0x15e/0x460
[ 34.443359] [<ffffffff81463491>] ? shmem_file_llseek+0xf1/0x240
[ 34.449474] [<ffffffff81463491>] ? shmem_file_llseek+0xf1/0x240
[ 34.455592] [<ffffffff8376a92b>] mutex_lock_nested+0xbb/0x850
[ 34.461532] [<ffffffff81463491>] ? shmem_file_llseek+0xf1/0x240
[ 34.467651] [<ffffffff8376ae44>] ? mutex_lock_nested+0x5d4/0x850
[ 34.473856] [<ffffffff8376a870>] ? __ww_mutex_lock+0x14f0/0x14f0
[ 34.480067] [<ffffffff8376add0>] ? mutex_lock_nested+0x560/0x850
[ 34.48