[   11.529418] random: sshd: uninitialized urandom read (32 bytes read)
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   25.886482] random: sshd: uninitialized urandom read (32 bytes read)
[   26.212276] audit: type=1400 audit(1542144219.618:6): avc:  denied  { map } for  pid=1761 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   26.251844] random: sshd: uninitialized urandom read (32 bytes read)
[   26.654218] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.34' (ECDSA) to the list of known hosts.
[   32.339436] urandom_read: 1 callbacks suppressed
[   32.339440] random: sshd: uninitialized urandom read (32 bytes read)
[   32.440777] audit: type=1400 audit(1542144225.848:7): avc:  denied  { map } for  pid=1779 comm="syz-executor316" path="/root/syz-executor316239602" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   32.467569] audit: type=1400 audit(1542144225.868:8): avc:  denied  { map } for  pid=1779 comm="syz-executor316" path="/dev/ashmem" dev="devtmpfs" ino=1082 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1
[   32.468860] 
[   32.468862] ======================================================
[   32.468863] WARNING: possible circular locking dependency detected
[   32.468866] 4.14.80+ #5 Not tainted
[   32.468867] ------------------------------------------------------
[   32.468869] syz-executor316/1779 is trying to acquire lock:
[   32.468870]  (cpu_hotplug_lock.rw_sem){++++}, at: [<ffffffffb146074a>] lru_add_drain_all+0xa/0x20
[   32.468882] 
[   32.468882] but task is already holding lock:
[   32.468882]  (&sb->s_type->i_mutex_key#10){+.+.}, at: [<ffffffffb1481392>] shmem_add_seals+0x132/0x1230
[   32.468890] 
[   32.468890] which lock already depends on the new lock.
[   32.468890] 
[   32.468892] 
[   32.468892] the existing dependency chain (in reverse order) is:
[   32.468892] 
[   32.468892] -> #5 (&sb->s_type->i_mutex_key#10){+.+.}:
[   32.468901]        down_write+0x34/0x90
[   32.468905]        shmem_fallocate+0x149/0xb20
[   32.468909]        ashmem_shrink_scan+0x1b6/0x4e0
[   32.468911]        ashmem_ioctl+0x2cc/0xe20
[   32.468916]        do_vfs_ioctl+0x1a0/0x1030
[   32.468919]        SyS_ioctl+0x7e/0xb0
[   32.468923]        do_syscall_64+0x19b/0x4b0
[   32.468927]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   32.468928] 
[   32.468928] -> #4 (ashmem_mutex){+.+.}:
[   32.468933]        __mutex_lock+0xf5/0x1480
[   32.468936]        ashmem_mmap+0x4c/0x430
[   32.468941]        mmap_region+0x836/0xfb0
[   32.468944]        do_mmap+0x551/0xb80
[   32.468947]        vm_mmap_pgoff+0x180/0x1d0
[   32.468950]        SyS_mmap_pgoff+0xf8/0x1a0
[   32.468953]        do_syscall_64+0x19b/0x4b0
[   32.468956]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   32.468957] 
[   32.468957] -> #3 (&mm->mmap_sem){++++}:
[   32.468963]        __might_fault+0x137/0x1b0
[   32.468967]        _copy_from_user+0x27/0x100
[   32.468970]        memdup_user+0x50/0x90
[   32.468973]        strndup_user+0x5b/0xf0
[   32.468977]        perf_ioctl+0x961/0x1bb0
[   32.468980]        do_vfs_ioctl+0x1a0/0x1030
[   32.468984]        SyS_ioctl+0x7e/0xb0
[   32.468986]        do_syscall_64+0x19b/0x4b0
[   32.468990]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   32.468990] 
[   32.468990] -> #2 (&cpuctx_mutex){+.+.}:
[   32.468996]        __mutex_lock+0xf5/0x1480
[   32.468999]        perf_event_init_cpu+0xab/0x150
[   32.469005]        perf_event_init+0x295/0x2d4
[   32.469008]        start_kernel+0x441/0x739
[   32.469013]        secondary_startup_64+0xa5/0xb0
[   32.469014] 
[   32.469014] -> #1 (pmus_lock){+.+.}:
[   32.469019]        __mutex_lock+0xf5/0x1480
[   32.469022]        perf_event_init_cpu+0x2c/0x150
[   32.469027]        cpuhp_invoke_callback+0x1b5/0x1960
[   32.469030]        _cpu_up+0x22c/0x520
[   32.469033]        do_cpu_up+0x13f/0x180
[   32.469036]        smp_init+0x137/0x14b
[   32.469038]        kernel_init_freeable+0x186/0x39f
[   32.469043]        kernel_init+0xc/0x157
[   32.469046]        ret_from_fork+0x3a/0x50
[   32.469046] 
[   32.469046] -> #0 (cpu_hotplug_lock.rw_sem){++++}:
[   32.469053]        lock_acquire+0x10f/0x380
[   32.469056]        cpus_read_lock+0x39/0xb0
[   32.469059]        lru_add_drain_all+0xa/0x20
[   32.469062]        shmem_add_seals+0x4db/0x1230
[   32.469065]        shmem_fcntl+0xea/0x120
[   32.469068]        do_fcntl+0x966/0xea0
[   32.469071]        SyS_fcntl+0xc7/0x100
[   32.469074]        do_syscall_64+0x19b/0x4b0
[   32.469089]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   32.469090] 
[   32.469090] other info that might help us debug this:
[   32.469090] 
[   32.469091] Chain exists of:
[   32.469091]   cpu_hotplug_lock.rw_sem --> ashmem_mutex --> &sb->s_type->i_mutex_key#10
[   32.469091] 
[   32.469097]  Possible unsafe locking scenario:
[   32.469097] 
[   32.469098]        CPU0                    CPU1
[   32.469099]        ----                    ----
[   32.469100]   lock(&sb->s_type->i_mutex_key#10);
[   32.469103]                                lock(ashmem_mutex);
[   32.469105]                                lock(&sb->s_type->i_mutex_key#10);
[   32.469107]   lock(cpu_hotplug_lock.rw_sem);
[   32.469110] 
[   32.469110]  *** DEADLOCK ***
[   32.469110] 
[   32.469112] 1 lock held by syz-executor316/1779:
[   32.469113]  #0:  (&sb->s_type->i_mutex_key#10){+.+.}, at: [<ffffffffb1481392>] shmem_add_seals+0x132/0x1230
[   32.469121] 
[   32.469121] stack backtrace:
[   32.469124] CPU: 1 PID: 1779 Comm: syz-executor316 Not tainted 4.14.80+ #5
[   32.469126] Call Trace:
[   32.469132]  dump_stack+0xb9/0x11b
[   32.469137]  print_circular_bug.isra.18.cold.43+0x2d3/0x40c
[   32.469141]  ? save_trace+0xd6/0x250
[   32.469145]  __lock_acquire+0x2ff9/0x4320
[   32.469148]  ? __lock_acquire+0x619/0x4320
[   32.469154]  ? trace_hardirqs_on+0x10/0x10
[   32.469158]  ? pagevec_lru_move_fn+0x140/0x210
[   32.469163]  ? _raw_spin_unlock_irqrestore+0x54/0x70
[   32.469169]  lock_acquire+0x10f/0x380
[   32.469172]  ? lru_add_drain_all+0xa/0x20
[   32.469176]  cpus_read_lock+0x39/0xb0
[   32.469180]  ? lru_add_drain_all+0xa/0x20
[   32.469182]  lru_add_drain_all+0xa/0x20
[   32.469186]  shmem_add_seals+0x4db/0x1230
[   32.469191]  ? shmem_file_llseek+0x230/0x230
[   32.469196]  ? do_sendfile+0x1d1/0xb50
[   32.469200]  shmem_fcntl+0xea/0x120
[   32.469204]  do_fcntl+0x966/0xea0
[   32.469208]  ? f_getown+0xa0/0xa0
[   32.469213]  ? __might_fault+0x177/0x1b0
[   32.469218]  ? selinux_file_fcntl+0xfa/0x160
[   32.469223]  SyS_fcntl+0xc7/0x100
[   32.469226]  ? do_fcntl+0xea0/0xea0
[   32.469230]  do_syscall_64+0x19b/0x4b0
[   32.469235]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   32.469237] RIP: 0033:0x43ff79
[   32.469239] RSP: 002b:00007ffd95b61058 EFLAGS: 00000207 ORIG_RAX: 0000000000000048
[   32.469249] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ff79
[   32.469251] RDX: 0000000000000008 RSI: 0000000000000409 RDI: 0000000000000007
[   32.469253] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   32.469256] R10