[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 19.482810] random: sshd: uninitialized urandom read (32 bytes read) [ 19.928713] audit: type=1400 audit(1553570527.867:6): avc: denied { map } for pid=1757 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 20.008612] random: sshd: uninitialized urandom read (32 bytes read) [ 20.515145] random: sshd: uninitialized urandom read (32 bytes read) [ 20.711489] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.158' (ECDSA) to the list of known hosts. [ 26.262335] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 26.358917] audit: type=1400 audit(1553570534.297:7): avc: denied { map } for pid=1769 comm="syz-executor677" path="/root/syz-executor677385038" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 26.460872] [ 26.462538] ====================================================== [ 26.468836] WARNING: possible circular locking dependency detected [ 26.475141] 4.14.108+ #37 Not tainted [ 26.478925] ------------------------------------------------------ [ 26.485228] syz-executor677/1773 is trying to acquire lock: [ 26.490913] (&p->lock){+.+.}, at: [] seq_read+0xcd/0x1180 [ 26.498168] [ 26.498168] but task is already holding lock: [ 26.504126] (&pipe->mutex/1){+.+.}, at: [] pipe_lock+0x58/0x70 [ 26.511742] [ 26.511742] which lock already depends on the new lock. [ 26.511742] [ 26.520118] [ 26.520118] the existing dependency chain (in reverse order) is: [ 26.527724] [ 26.527724] -> #2 (&pipe->mutex/1){+.+.}: [ 26.533467] [ 26.533467] -> #1 (&sig->cred_guard_mutex){+.+.}: [ 26.539764] [ 26.539764] -> #0 (&p->lock){+.+.}: [ 26.544848] [ 26.544848] other info that might help us debug this: [ 26.544848] [ 26.553014] Chain exists of: [ 26.553014] &p->lock --> &sig->cred_guard_mutex --> &pipe->mutex/1 [ 26.553014] [ 26.563902] Possible unsafe locking scenario: [ 26.563902] [ 26.569949] CPU0 CPU1 [ 26.576132] ---- ---- [ 26.585308] lock(&pipe->mutex/1); [ 26.589328] lock(&sig->cred_guard_mutex); [ 26.596156] lock(&pipe->mutex/1); [ 26.602398] lock(&p->lock); [ 26.605486] [ 26.605486] *** DEADLOCK *** [ 26.605486] [ 26.611540] 1 lock held by syz-executor677/1773: [ 26.616275] #0: (&pipe->mutex/1){+.+.}, at: [] pipe_lock+0x58/0x70 [ 26.624499] [ 26.624499] stack backtrace: [ 26.628990] CPU: 1 PID: 1773 Comm: syz-executor677 Not tainted 4.14.108+ #37 [ 26.636151] Call Trace: [ 26.638726] dump_stack+0xb9/0x10e [ 26.642249] print_circular_bug.isra.0.cold+0x2dc/0x425 [ 26.647590] ? __lock_acquire+0x2d83/0x3fa0 [ 26.651906] ? deref_stack_reg+0xaa/0xe0 [ 26.655946] ? trace_hardirqs_on+0x10/0x10 [ 26.660421] ? deref_stack_reg+0xaa/0xe0 [ 26.664464] ? __lock_acquire+0x56a/0x3fa0 [ 26.668676] ? deref_stack_reg+0xaa/0xe0 [ 26.672742] ? lock_acquire+0x10f/0x380 [ 26.676699] ? seq_read+0xcd/0x1180 [ 26.680409] ? seq_read+0xcd/0x1180 [ 26.684464] ? __mutex_lock+0xf7/0x1430 [ 26.688416] ? seq_read+0xcd/0x1180 [ 26.692025] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 26.697887] ? seq_read+0xcd/0x1180 [ 26.701500] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 26.707125] ? mark_held_locks+0xa6/0xf0 [ 26.711176] ? get_page_from_freelist+0x85e/0x1d60 [ 26.716099] ? kasan_unpoison_shadow+0x30/0x40 [ 26.720718] ? get_page_from_freelist+0x110d/0x1d60 [ 26.725717] ? seq_read+0xcd/0x1180 [ 26.729429] ? seq_read+0xcd/0x1180 [ 26.733044] ? __fsnotify_inode_delete+0x20/0x20 [ 26.737783] ? seq_lseek+0x3d0/0x3d0 [ 26.741485] ? __inode_security_revalidate+0xcf/0x120 [ 26.746755] ? avc_policy_seqno+0x5/0x10 [ 26.750800] ? seq_lseek+0x3d0/0x3d0 [ 26.754498] ? proc_reg_read+0xf5/0x160 [ 26.758456] ? do_iter_read+0x3e8/0x5b0 [ 26.762410] ? vfs_readv+0xe6/0x150 [ 26.766015] ? compat_rw_copy_check_uvector+0x300/0x300 [ 26.771377] ? iov_iter_get_pages_alloc+0x2ca/0xe70 [ 26.776384] ? iov_iter_get_pages+0xca0/0xca0 [ 26.780860] ? default_file_splice_read+0x48a/0x860 [ 26.785856] ? drop_futex_key_refs.isra.0+0x17/0xa0 [ 26.790954] ? futex_wake+0x14b/0x430 [ 26.794735] ? do_splice_direct+0x240/0x240 [ 26.799050] ? kasan_slab_free+0x11a/0x190 [ 26.803264] ? fsnotify+0x8b0/0x1150 [ 26.806959] ? __fsnotify_inode_delete+0x20/0x20 [ 26.811711] ? __fsnotify_update_child_dentry_flags.part.0+0x2e0/0x2e0 [ 26.818362] ? __inode_security_revalidate+0xcf/0x120 [ 26.823532] ? avc_policy_seqno+0x5/0x10 [ 26.827573] ? security_file_permission+0x88/0x1e0 [ 26.832481] ? rw_verify_area+0xe1/0x290 [ 26.836619] ? do_splice_direct+0x240/0x240 [ 26.840924] ? do_splice_to+0xfd/0x150 [ 26.844789] ? SyS_splice+0xf17/0x1230 [ 26.848671] ? do_futex+0x17f0/0x17f0 [ 26.852453] ? compat_SyS_vmsplice+0x150/0x150 [ 26.857016] ? do_syscall_64+0x43/0x4b0 [ 26.860969] ? compat_SyS_vmsplice+0x150/0x150 [ 26.865529] ? do_syscall_64+0x19b/0x4b0 [ 26.869922] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7