[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   19.482810] random: sshd: uninitialized urandom read (32 bytes read)
[   19.928713] audit: type=1400 audit(1553570527.867:6): avc:  denied  { map } for  pid=1757 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   20.008612] random: sshd: uninitialized urandom read (32 bytes read)
[   20.515145] random: sshd: uninitialized urandom read (32 bytes read)
[   20.711489] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.158' (ECDSA) to the list of known hosts.
[   26.262335] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   26.358917] audit: type=1400 audit(1553570534.297:7): avc:  denied  { map } for  pid=1769 comm="syz-executor677" path="/root/syz-executor677385038" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   26.460872] 
[   26.462538] ======================================================
[   26.468836] WARNING: possible circular locking dependency detected
[   26.475141] 4.14.108+ #37 Not tainted
[   26.478925] ------------------------------------------------------
[   26.485228] syz-executor677/1773 is trying to acquire lock:
[   26.490913]  (&p->lock){+.+.}, at: [<ffffffff9bfcf95d>] seq_read+0xcd/0x1180
[   26.498168] 
[   26.498168] but task is already holding lock:
[   26.504126]  (&pipe->mutex/1){+.+.}, at: [<ffffffff9bf71cd8>] pipe_lock+0x58/0x70
[   26.511742] 
[   26.511742] which lock already depends on the new lock.
[   26.511742] 
[   26.520118] 
[   26.520118] the existing dependency chain (in reverse order) is:
[   26.527724] 
[   26.527724] -> #2 (&pipe->mutex/1){+.+.}:
[   26.533467] 
[   26.533467] -> #1 (&sig->cred_guard_mutex){+.+.}:
[   26.539764] 
[   26.539764] -> #0 (&p->lock){+.+.}:
[   26.544848] 
[   26.544848] other info that might help us debug this:
[   26.544848] 
[   26.553014] Chain exists of:
[   26.553014]   &p->lock --> &sig->cred_guard_mutex --> &pipe->mutex/1
[   26.553014] 
[   26.563902]  Possible unsafe locking scenario:
[   26.563902] 
[   26.569949]        CPU0                    CPU1
[   26.576132]        ----                    ----
[   26.585308]   lock(&pipe->mutex/1);
[   26.589328]                                lock(&sig->cred_guard_mutex);
[   26.596156]                                lock(&pipe->mutex/1);
[   26.602398]   lock(&p->lock);
[   26.605486] 
[   26.605486]  *** DEADLOCK ***
[   26.605486] 
[   26.611540] 1 lock held by syz-executor677/1773:
[   26.616275]  #0:  (&pipe->mutex/1){+.+.}, at: [<ffffffff9bf71cd8>] pipe_lock+0x58/0x70
[   26.624499] 
[   26.624499] stack backtrace:
[   26.628990] CPU: 1 PID: 1773 Comm: syz-executor677 Not tainted 4.14.108+ #37
[   26.636151] Call Trace:
[   26.638726]  dump_stack+0xb9/0x10e
[   26.642249]  print_circular_bug.isra.0.cold+0x2dc/0x425
[   26.647590]  ? __lock_acquire+0x2d83/0x3fa0
[   26.651906]  ? deref_stack_reg+0xaa/0xe0
[   26.655946]  ? trace_hardirqs_on+0x10/0x10
[   26.660421]  ? deref_stack_reg+0xaa/0xe0
[   26.664464]  ? __lock_acquire+0x56a/0x3fa0
[   26.668676]  ? deref_stack_reg+0xaa/0xe0
[   26.672742]  ? lock_acquire+0x10f/0x380
[   26.676699]  ? seq_read+0xcd/0x1180
[   26.680409]  ? seq_read+0xcd/0x1180
[   26.684464]  ? __mutex_lock+0xf7/0x1430
[   26.688416]  ? seq_read+0xcd/0x1180
[   26.692025]  ? __read_once_size_nocheck.constprop.0+0x10/0x10
[   26.697887]  ? seq_read+0xcd/0x1180
[   26.701500]  ? __ww_mutex_wakeup_for_backoff+0x210/0x210
[   26.707125]  ? mark_held_locks+0xa6/0xf0
[   26.711176]  ? get_page_from_freelist+0x85e/0x1d60
[   26.716099]  ? kasan_unpoison_shadow+0x30/0x40
[   26.720718]  ? get_page_from_freelist+0x110d/0x1d60
[   26.725717]  ? seq_read+0xcd/0x1180
[   26.729429]  ? seq_read+0xcd/0x1180
[   26.733044]  ? __fsnotify_inode_delete+0x20/0x20
[   26.737783]  ? seq_lseek+0x3d0/0x3d0
[   26.741485]  ? __inode_security_revalidate+0xcf/0x120
[   26.746755]  ? avc_policy_seqno+0x5/0x10
[   26.750800]  ? seq_lseek+0x3d0/0x3d0
[   26.754498]  ? proc_reg_read+0xf5/0x160
[   26.758456]  ? do_iter_read+0x3e8/0x5b0
[   26.762410]  ? vfs_readv+0xe6/0x150
[   26.766015]  ? compat_rw_copy_check_uvector+0x300/0x300
[   26.771377]  ? iov_iter_get_pages_alloc+0x2ca/0xe70
[   26.776384]  ? iov_iter_get_pages+0xca0/0xca0
[   26.780860]  ? default_file_splice_read+0x48a/0x860
[   26.785856]  ? drop_futex_key_refs.isra.0+0x17/0xa0
[   26.790954]  ? futex_wake+0x14b/0x430
[   26.794735]  ? do_splice_direct+0x240/0x240
[   26.799050]  ? kasan_slab_free+0x11a/0x190
[   26.803264]  ? fsnotify+0x8b0/0x1150
[   26.806959]  ? __fsnotify_inode_delete+0x20/0x20
[   26.811711]  ? __fsnotify_update_child_dentry_flags.part.0+0x2e0/0x2e0
[   26.818362]  ? __inode_security_revalidate+0xcf/0x120
[   26.823532]  ? avc_policy_seqno+0x5/0x10
[   26.827573]  ? security_file_permission+0x88/0x1e0
[   26.832481]  ? rw_verify_area+0xe1/0x290
[   26.836619]  ? do_splice_direct+0x240/0x240
[   26.840924]  ? do_splice_to+0xfd/0x150
[   26.844789]  ? SyS_splice+0xf17/0x1230
[   26.848671]  ? do_futex+0x17f0/0x17f0
[   26.852453]  ? compat_SyS_vmsplice+0x150/0x150
[   26.857016]  ? do_syscall_64+0x43/0x4b0
[   26.860969]  ? compat_SyS_vmsplice+0x150/0x150
[   26.865529]  ? do_syscall_64+0x19b/0x4b0
[   26.869922]  ? entry_SYSCALL_64_after_hwframe+0x42/0xb7