[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   38.816752] random: sshd: uninitialized urandom read (32 bytes read)
[   39.051948] kauditd_printk_skb: 9 callbacks suppressed
[   39.051957] audit: type=1400 audit(1555739884.943:35): avc:  denied  { map } for  pid=7328 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   39.107848] random: sshd: uninitialized urandom read (32 bytes read)
[   39.685986] random: sshd: uninitialized urandom read (32 bytes read)
[   39.895604] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.1.37' (ECDSA) to the list of known hosts.
[   45.435424] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   45.557119] audit: type=1400 audit(1555739891.443:36): avc:  denied  { map } for  pid=7342 comm="syz-executor080" path="/root/syz-executor080901305" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   45.585327] audit: type=1400 audit(1555739891.473:37): avc:  denied  { map } for  pid=7342 comm="syz-executor080" path="/dev/usbmon0" dev="devtmpfs" ino=15245 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usbmon_device_t:s0 tclass=chr_file permissive=1
[   45.588995] 
[   45.612561] ======================================================
[   45.618865] WARNING: possible circular locking dependency detected
[   45.625159] 4.14.112 #2 Not tainted
[   45.628771] ------------------------------------------------------
[   45.635062] syz-executor080/7343 is trying to acquire lock:
[   45.640744]  (&mm->mmap_sem){++++}, at: [<ffffffff817b9800>] __might_fault+0xe0/0x1d0
[   45.648757] 
[   45.648757] but task is already holding lock:
[   45.654702]  (&rp->fetch_lock){+.+.}, at: [<ffffffff83f7db9d>] mon_bin_read+0x5d/0x5e0
[   45.662759] 
[   45.662759] which lock already depends on the new lock.
[   45.662759] 
[   45.671063] 
[   45.671063] the existing dependency chain (in reverse order) is:
[   45.678656] 
[   45.678656] -> #1 (&rp->fetch_lock){+.+.}:
[   45.684370]        lock_acquire+0x16f/0x430
[   45.688705]        __mutex_lock+0xe8/0x1470
[   45.693004]        mutex_lock_nested+0x16/0x20
[   45.697567]        mon_bin_vma_fault+0x6f/0x280
[   45.702211]        __do_fault+0x109/0x390
[   45.706331]        __handle_mm_fault+0xde6/0x3470
[   45.711148]        handle_mm_fault+0x293/0x7c0
[   45.715702]        __get_user_pages+0x465/0x1250
[   45.720451]        populate_vma_page_range+0x18e/0x230
[   45.725714]        __mm_populate+0x198/0x2c0
[   45.730113]        vm_mmap_pgoff+0x1be/0x1d0
[   45.734498]        SyS_mmap_pgoff+0x3ca/0x520
[   45.738972]        SyS_mmap+0x16/0x20
[   45.742758]        do_syscall_64+0x1eb/0x630
[   45.747150]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   45.752862] 
[   45.752862] -> #0 (&mm->mmap_sem){++++}:
[   45.758384]        __lock_acquire+0x2c89/0x45e0
[   45.763034]        lock_acquire+0x16f/0x430
[   45.767332]        __might_fault+0x143/0x1d0
[   45.771735]        _copy_to_user+0x2c/0xd0
[   45.775944]        mon_bin_read+0x2fb/0x5e0
[   45.780248]        __vfs_read+0x107/0x6b0
[   45.784371]        vfs_read+0x137/0x350
[   45.788318]        SyS_read+0xb8/0x180
[   45.792184]        do_syscall_64+0x1eb/0x630
[   45.796583]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   45.802266] 
[   45.802266] other info that might help us debug this:
[   45.802266] 
[   45.810398]  Possible unsafe locking scenario:
[   45.810398] 
[   45.816435]        CPU0                    CPU1
[   45.821073]        ----                    ----
[   45.825710]   lock(&rp->fetch_lock);
[   45.829398]                                lock(&mm->mmap_sem);
[   45.835444]                                lock(&rp->fetch_lock);
[   45.841649]   lock(&mm->mmap_sem);
[   45.845163] 
[   45.845163]  *** DEADLOCK ***
[   45.845163] 
[   45.851200] 1 lock held by syz-executor080/7343:
[   45.855926]  #0:  (&rp->fetch_lock){+.+.}, at: [<ffffffff83f7db9d>] mon_bin_read+0x5d/0x5e0
[   45.864397] 
[   45.864397] stack backtrace:
[   45.868880] CPU: 1 PID: 7343 Comm: syz-executor080 Not tainted 4.14.112 #2
[   45.875887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   45.885238] Call Trace:
[   45.887808]  dump_stack+0x138/0x19c
[   45.891418]  print_circular_bug.isra.0.cold+0x1cc/0x28f
[   45.896772]  __lock_acquire+0x2c89/0x45e0
[   45.900917]  ? remove_wait_queue+0x10f/0x190
[   45.905306]  ? trace_hardirqs_on+0x10/0x10
[   45.909533]  ? save_trace+0x290/0x290
[   45.913312]  lock_acquire+0x16f/0x430
[   45.917090]  ? __might_fault+0xe0/0x1d0
[   45.921056]  __might_fault+0x143/0x1d0
[   45.924920]  ? __might_fault+0xe0/0x1d0
[   45.928885]  _copy_to_user+0x2c/0xd0
[   45.932587]  mon_bin_read+0x2fb/0x5e0
[   45.936363]  __vfs_read+0x107/0x6b0
[   45.939976]  ? __fsnotify_update_child_dentry_flags.part.0+0x300/0x300
[   45.946640]  ? mon_bin_fetch+0x2e0/0x2e0
[   45.950681]  ? vfs_copy_file_range+0xa40/0xa40
[   45.955264]  ? __inode_security_revalidate+0xd6/0x130
[   45.960531]  ? avc_policy_seqno+0x9/0x20
[   45.964580]  ? selinux_file_permission+0x85/0x480
[   45.969397]  ? security_file_permission+0x8f/0x1f0
[   45.974306]  ? rw_verify_area+0xea/0x2b0
[   45.978349]  vfs_read+0x137/0x350
[   45.981792]  SyS_read+0xb8/0x180
[   45.985151]  ? kernel_write+0x120/0x120
[   45.989101]  ? do_syscall_64+0x53/0x630
[   45.993068]  ? kernel_write+0x120/0x120
[   45.997040]  do_syscall_64+0x1eb/0x630
[   46.000921]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   46.005755]  entry_SYSCALL_64_after_