[   20.232410] random: sshd: uninitialized urandom read (32 bytes read, 31 bits of entropy available)
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.
[   21.060398] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available)
[   21.400245] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available)

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   22.456795] random: sshd: uninitialized urandom read (32 bytes read, 105 bits of entropy available)
[   22.679463] random: sshd: uninitialized urandom read (32 bytes read, 109 bits of entropy available)
Warning: Permanently added '10.128.15.237' (ECDSA) to the list of known hosts.
[   28.100811] random: sshd: uninitialized urandom read (32 bytes read, 117 bits of entropy available)
executing program
[   28.213167] 
[   28.214849] ======================================================
[   28.221161] [ INFO: possible circular locking dependency detected ]
[   28.231388] 4.4.112-gca0ebb4 #22 Not tainted
[   28.235781] -------------------------------------------------------
[   28.242171] syzkaller008408/3323 is trying to acquire lock:
[   28.247863]  (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [<ffffffff814627a1>] shmem_file_llseek+0xf1/0x240
[   28.258214] 
[   28.258214] but task is already holding lock:
[   28.264162]  (ashmem_mutex){+.+.+.}, at: [<ffffffff82c64806>] ashmem_llseek+0x56/0x1f0
[   28.272692] 
[   28.272692] which lock already depends on the new lock.
[   28.272692] 
[   28.280999] 
[   28.280999] the existing dependency chain (in reverse order) is:
[   28.296507] 
-> #2 (ashmem_mutex){+.+.+.}:
[   28.302953]        [<ffffffff8123c7be>] lock_acquire+0x15e/0x460
[   28.309338]        [<ffffffff8376ce7b>] mutex_lock_nested+0xbb/0x850
[   28.315970]        [<ffffffff82c63c53>] ashmem_mmap+0x53/0x400
[   28.322089]        [<ffffffff814b047f>] mmap_region+0x94f/0x1250
[   28.328351]        [<ffffffff814b127d>] do_mmap+0x4fd/0x9d0
[   28.334269]        [<ffffffff8146f4be>] vm_mmap_pgoff+0x16e/0x1c0
[   28.340616]        [<ffffffff814af44f>] SyS_mmap_pgoff+0x33f/0x560
[   28.347068]        [<ffffffff81006d84>] do_fast_syscall_32+0x314/0x890
[   28.353962]        [<ffffffff83777d6a>] sysenter_flags_fixed+0xd/0x17
[   28.361610] 
-> #1 (&mm->mmap_sem){++++++}:
[   28.367320]        [<ffffffff8123c7be>] lock_acquire+0x15e/0x460
[   28.373577]        [<ffffffff81494c4a>] __might_fault+0x14a/0x1d0
[   28.379916]        [<ffffffff8155a742>] filldir+0x162/0x2d0
[   28.385747]        [<ffffffff81597ece>] dcache_readdir+0x11e/0x7b0
[   28.392173]        [<ffffffff8155a388>] iterate_dir+0x1c8/0x420
[   28.398343]        [<ffffffff8155b07a>] SyS_getdents+0x14a/0x270
[   28.404640]        [<ffffffff837763d9>] entry_SYSCALL_64_fastpath+0x16/0x92
[   28.411857] 
-> #0 (&sb->s_type->i_mutex_key#10){+.+.+.}:
[   28.418158]        [<ffffffff81239b1f>] __lock_acquire+0x371f/0x4b50
[   28.425897]        [<ffffffff8123c7be>] lock_acquire+0x15e/0x460
[   28.432171]        [<ffffffff8376ce7b>] mutex_lock_nested+0xbb/0x850
[   28.440287]        [<ffffffff814627a1>] shmem_file_llseek+0xf1/0x240
[   28.446899]        [<ffffffff8151c0d2>] vfs_llseek+0xa2/0xd0
[   28.452802]        [<ffffffff82c64897>] ashmem_llseek+0xe7/0x1f0
[   28.459049]        [<ffffffff8151e04b>] compat_SyS_lseek+0xeb/0x170
[   28.465605]        [<ffffffff81006d84>] do_fast_syscall_32+0x314/0x890
[   28.472388]        [<ffffffff83777d6a>] sysenter_flags_fixed+0xd/0x17
[   28.479111] 
[   28.479111] other info that might help us debug this:
[   28.479111] 
[   28.489868] Chain exists of:
  &sb->s_type->i_mutex_key#10 --> &mm->mmap_sem --> ashmem_mutex

[   28.504116]  Possible unsafe locking scenario:
[   28.504116] 
[   28.510177]        CPU0                    CPU1
[   28.514823]        ----                    ----
[   28.519464]   lock(ashmem_mutex);
[   28.523152]                                lock(&mm->mmap_sem);
[   28.529557]                                lock(ashmem_mutex);
[   28.535864]   lock(&sb->s_type->i_mutex_key#10);
[   28.540990] 
[   28.540990]  *** DEADLOCK ***
[   28.540990] 
[   28.547750] 1 lock held by syzkaller008408/3323:
[   28.552505]  #0:  (ashmem_mutex){+.+.+.}, at: [<ffffffff82c64806>] ashmem_llseek+0x56/0x1f0
[   28.568119] 
[   28.568119] stack backtrace:
[   28.572601] CPU: 1 PID: 3323 Comm: syzkaller008408 Not tainted 4.4.112-gca0ebb4 #22
[   28.580819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   28.591933]  0000000000000000 58661873ae2e734c ffff8800b44b7a58 ffffffff81d056fd
[   28.601689]  ffffffff8519e880 ffffffff851a7eb0 ffffffff851bc460 ffff8800b5df2058
[   28.617807]  ffff8800b5df17c0 ffff8800b44b7aa0 ffffffff81232b91 ffff8800b5df2058
[   28.628923] Call Trace:
[   28.633261]  [<ffffffff81d056fd>] dump_stack+0xc1/0x124
[   28.639551]  [<ffffffff81232b91>] print_circular_bug+0x271/0x310
[   28.645962]  [<ffffffff81239b1f>] __lock_acquire+0x371f/0x4b50
[   28.654088]  [<ffffffff81236400>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   28.661400]  [<ffffffff8122f131>] ? __lock_is_held+0xa1/0xf0
[   28.667378]  [<ffffffff8123c7be>] lock_acquire+0x15e/0x460
[   28.673013]  [<ffffffff814627a1>] ? shmem_file_llseek+0xf1/0x240
[   28.679149]  [<ffffffff814627a1>] ? shmem_file_llseek+0xf1/0x240
[   28.685317]  [<ffffffff8376ce7b>] mutex_lock_nested+0xbb/0x850
[   28.691286]  [<ffffffff814627a1>] ? shmem_file_llseek+0xf1/0x240
[   28.697518]  [<ffffffff8376d394>] ? mutex_lock_nested+0x5d4/0x850
[   28.703740]  [<ffffffff8376cdc0>] ? __ww_mutex_lock+0x14f0/0x14f0
[   28.709967]  [<ffffffff8376d320>] ? mutex_lock_nested+0x560/0x850
[   28.716193]  [<ffffffff82c64806>] ? ashmem_llseek+0x56/0x1f0
[   28.721986]  [<ffffffff814627a1>] shmem_file_llseek+0xf1/0x240
[   28.727955]  [<ffffffff814626b0>] ? shmem_mmap+0x90/0x90
[   28.733419]  [<ffffffff8151c0d2>] vfs_llseek+0xa2/0xd0
[   28.738687]  [<ffffffff82c64897>] ashmem_llseek+0xe7/0x1f0
[   28.744315]  [<ffffffff82c647b0>] ? ashmem_read+0x200/0x200
[   28.750023]  [<ffffffff8151e04b>] compat_SyS_lseek+0xeb/0x170
[   28.755908]  [<ffffffff8151df60>] ? SyS_lseek+0x170/0x170
[   28.761439]  [<ffffffff81006d84>] do_fast_syscall_