[   11.422733] random: sshd: uninitialized urandom read (32 bytes read)
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   16.290869] random: sshd: uninitialized urandom read (32 bytes read)
[   16.492753] audit: type=1400 audit(1537672729.900:6): avc:  denied  { map } for  pid=1759 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   16.534459] random: sshd: uninitialized urandom read (32 bytes read)
[   16.983237] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.34' (ECDSA) to the list of known hosts.
[   22.648179] urandom_read: 1 callbacks suppressed
[   22.648183] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   22.740243] audit: type=1400 audit(1537672736.150:7): avc:  denied  { map } for  pid=1777 comm="syz-executor580" path="/root/syz-executor580834810" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   22.839588] 
[   22.841259] ======================================================
[   22.847546] WARNING: possible circular locking dependency detected
[   22.853856] 4.14.71+ #8 Not tainted
[   22.857589] ------------------------------------------------------
[   22.863980] syz-executor580/1780 is trying to acquire lock:
[   22.869672]  (&p->lock){+.+.}, at: [<ffffffff873d06c4>] seq_read+0xd4/0x11d0
[   22.876841] 
[   22.876841] but task is already holding lock:
[   22.882785]  (&pipe->mutex/1){+.+.}, at: [<ffffffff873726d8>] pipe_lock+0x58/0x70
[   22.890490] 
[   22.890490] which lock already depends on the new lock.
[   22.890490] 
[   22.898783] 
[   22.898783] the existing dependency chain (in reverse order) is:
[   22.906393] 
[   22.906393] -> #2 (&pipe->mutex/1){+.+.}:
[   22.912048]        __mutex_lock+0xf5/0x1480
[   22.916347]        fifo_open+0x156/0x9d0
[   22.920387]        do_dentry_open+0x426/0xda0
[   22.924859]        vfs_open+0x11c/0x210
[   22.928805]        path_openat+0x4eb/0x23a0
[   22.933166]        do_filp_open+0x197/0x270
[   22.937467]        do_open_execat+0x10d/0x5b0
[   22.941942]        do_execveat_common.isra.14+0x6cb/0x1d60
[   22.947543]        SyS_execve+0x34/0x40
[   22.951534]        do_syscall_64+0x19b/0x4b0
[   22.955923]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   22.961687] 
[   22.961687] -> #1 (&sig->cred_guard_mutex){+.+.}:
[   22.967995]        __mutex_lock+0xf5/0x1480
[   22.972289]        lock_trace+0x3f/0xc0
[   22.976240]        proc_pid_personality+0x17/0xc0
[   22.981121]        proc_single_show+0xf1/0x160
[   22.985685]        traverse+0x32b/0x8a0
[   22.989631]        seq_read+0xc94/0x11d0
[   22.993661]        do_iter_read+0x3cc/0x580
[   22.997959]        vfs_readv+0xe6/0x150
[   23.001910]        default_file_splice_read+0x495/0x860
[   23.007246]        do_splice_to+0x102/0x150
[   23.011542]        splice_direct_to_actor+0x21d/0x750
[   23.016704]        do_splice_direct+0x17b/0x220
[   23.021465]        do_sendfile+0x4a1/0xb50
[   23.025674]        SyS_sendfile64+0xab/0x140
[   23.030055]        do_syscall_64+0x19b/0x4b0
[   23.034435]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   23.040115] 
[   23.040115] -> #0 (&p->lock){+.+.}:
[   23.045197]        lock_acquire+0x10f/0x380
[   23.049491]        __mutex_lock+0xf5/0x1480
[   23.053787]        seq_read+0xd4/0x11d0
[   23.057747]        proc_reg_read+0xef/0x170
[   23.062039]        do_iter_read+0x3cc/0x580
[   23.066330]        vfs_readv+0xe6/0x150
[   23.070276]        default_file_splice_read+0x495/0x860
[   23.075611]        do_splice_to+0x102/0x150
[   23.079906]        SyS_splice+0xf4d/0x12a0
[   23.084115]        do_syscall_64+0x19b/0x4b0
[   23.088499]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   23.094176] 
[   23.094176] other info that might help us debug this:
[   23.094176] 
[   23.102291] Chain exists of:
[   23.102291]   &p->lock --> &sig->cred_guard_mutex --> &pipe->mutex/1
[   23.102291] 
[   23.113234]  Possible unsafe locking scenario:
[   23.113234] 
[   23.119267]        CPU0                    CPU1
[   23.123916]        ----                    ----
[   23.128559]   lock(&pipe->mutex/1);
[   23.132160]                                lock(&sig->cred_guard_mutex);
[   23.138969]                                lock(&pipe->mutex/1);
[   23.145085]   lock(&p->lock);
[   23.148307] 
[   23.148307]  *** DEADLOCK ***
[   23.148307] 
[   23.154339] 1 lock held by syz-executor580/1780:
[   23.159065]  #0:  (&pipe->mutex/1){+.+.}, at: [<ffffffff873726d8>] pipe_lock+0x58/0x70
[   23.167107] 
[   23.167107] stack backtrace:
[   23.171580] CPU: 0 PID: 1780 Comm: syz-executor580 Not tainted 4.14.71+ #8
[   23.178565] Call Trace:
[   23.181135]  dump_stack+0xb9/0x11b
[   23.184655]  print_circular_bug.isra.18.cold.43+0x2d3/0x40c
[   23.190340]  ? save_trace+0xd6/0x250
[   23.194026]  __lock_acquire+0x2ff9/0x4320
[   23.198148]  ? trace_hardirqs_on+0x10/0x10
[   23.202437]  ? __read_once_size_nocheck.constprop.4+0x10/0x10
[   23.208305]  ? __lock_acquire+0x619/0x4320
[   23.212516]  ? __bfs+0x1ab/0x540
[   23.215864]  ? __lock_acquire+0x619/0x4320
[   23.220077]  lock_acquire+0x10f/0x380
[   23.223856]  ? seq_read+0xd4/0x11d0
[   23.227457]  ? seq_read+0xd4/0x11d0
[   23.231056]  __mutex_lock+0xf5/0x1480
[   23.234830]  ? seq_read+0xd4/0x11d0
[   23.238430]  ? seq_read+0xd4/0x11d0
[   23.242033]  ? trace_hardirqs_on+0x10/0x10
[   23.246242]  ? __ww_mutex_wakeup_for_backoff+0x240/0x240
[   23.251669]  ? __is_insn_slot_addr+0x112/0x1f0
[   23.256228]  ? lock_downgrade+0x560/0x560
[   23.260404]  ? mark_held_locks+0xc2/0x130
[   23.264533]  ? get_page_from_freelist+0x756/0x1ea0
[   23.269500]  ? kasan_unpoison_shadow+0x30/0x40
[   23.274073]  ? get_page_from_freelist+0x113c/0x1ea0
[   23.279116]  ? seq_read+0xd4/0x11d0
[   23.282768]  seq_read+0xd4/0x11d0
[   23.286213]  ? __fsnotify_parent+0xb1/0x300
[   23.290607]  ? seq_lseek+0x3d0/0x3d0
[   23.294306]  ? __inode_security_revalidate+0xd5/0x120
[   23.299471]  ? avc_policy_seqno+0x5/0x10
[   23.303599]  ? seq_lseek+0x3d0/0x3d0
[   23.307290]  proc_reg_read+0xef/0x170
[   23.311116]  ? rw_verify_area+0xdd/0x280
[   23.315160]  do_iter_read+0x3cc/0x580
[   23.318939]  vfs_readv+0xe6/0x150
[   23.322366]  ? compat_rw_copy_check_uvector+0x320/0x320
[   23.327706]  ? kasan_unpoison_shadow+0x30/0x40
[   23.332264]  ? kasan_kmalloc+0x76/0xc0
[   23.336130]  ? iov_iter_get_pages_alloc+0x2c8/0xe40
[   23.341118]  ? iov_iter_get_pages+0xc80/0xc80
[   23.345586]  ? wake_up_q+0xed/0x150
[   23.349190]  default_file_splice_read+0x495/0x860
[   23.354007]  ? trace_hardirqs_on+0x10/0x10
[   23.358220]  ? do_splice_direct+0x220/0x220
[   23.362520]  ? trace_hardirqs_on_caller+0x381/0x520
[   23.367513]  ? fsnotify+0x639/0x12d0
[   23.371274]  ? lock_acquire+0x10f/0x380
[   23.375244]  ? __fsnotify_parent+0xb1/0x300
[   23.379573]  ? __fsnotify_update_child_dentry_flags.part.0+0x2e0/0x2e0
[   23.386220]  ? __inode_security_revalidate+0xd5/0x120
[   23.391386]  ? avc_policy_seqno+0x5/0x10
[   23.395419]  ? security_file_permission+0x88/0x1e0
[   23.400324]  ? do_splice_direct+0x220/0x220
[   23.404616]  do_splice_to+0x102/0x150
[   23.408391]  SyS_splice+0xf4d/0x12a0
[   23.412084]  ? fput+0xa/0x130
[   23.415164]  ? compat_SyS_vmsplice+0x150/0x150
[   23.419717]  ? do_syscall_64+0x43/0x4b0
[   23.423664]  ? compat_SyS_vmsplice+0x150/0x150
[   23.428222]  do_syscall_64+0x19b/0x4b0
[   23.432092]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   23.437254] RIP: 0033:0x4457e9
[   23.440415] RSP: 002b:00007f7d6f0e3d08 EFLAGS: 00000216 ORIG_RAX: 0000000000000113
[   23.448091] RAX: ffffffffffffffda RBX: 00000000006dac68 RCX: 00000000004457e9
[   23.455331] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000004
[   23.462574] RBP: 00000000006dac60 R08: 0000000000000200 R09: 0000000000000000
[   23.469825] R10: 0000000000000000 R11: 0000000000000216 R12: 00000000006dac6c
[   23.477067] R13: 00007f7d6f0e3d20 R14: 706d67692f74656e R15: 00000000006dad4c