[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   22.185825] random: sshd: uninitialized urandom read (32 bytes read)
[   22.532385] audit: type=1400 audit(1546208637.904:6): avc:  denied  { map } for  pid=1764 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   22.566501] random: sshd: uninitialized urandom read (32 bytes read)
[   23.087272] random: sshd: uninitialized urandom read (32 bytes read)
[   23.242675] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.92' (ECDSA) to the list of known hosts.
[   28.759063] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   28.850314] audit: type=1400 audit(1546208644.224:7): avc:  denied  { map } for  pid=1776 comm="syz-executor225" path="/root/syz-executor225115656" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   28.899940] 
[   28.901607] ======================================================
[   28.907901] WARNING: possible circular locking dependency detected
[   28.914297] 4.14.91+ #30 Not tainted
[   28.917985] ------------------------------------------------------
[   28.924291] syz-executor225/1778 is trying to acquire lock:
[   28.929998]  (&pipe->mutex/1){+.+.}, at: [<ffffffffb2379406>] fifo_open+0x156/0x9d0
[   28.937780] 
[   28.937780] but task is already holding lock:
[   28.943729]  (&sig->cred_guard_mutex){+.+.}, at: [<ffffffffb237384e>] prepare_bprm_creds+0x4e/0x110
[   28.952905] 
[   28.952905] which lock already depends on the new lock.
[   28.952905] 
[   28.961204] 
[   28.961204] the existing dependency chain (in reverse order) is:
[   28.968802] 
[   28.968802] -> #1 (&sig->cred_guard_mutex){+.+.}:
[   28.975116]        __mutex_lock+0xf5/0x1480
[   28.979417]        proc_pid_attr_write+0x16b/0x280
[   28.984425]        __vfs_write+0xf4/0x5c0
[   28.988549]        __kernel_write+0xf3/0x330
[   28.992933]        write_pipe_buf+0x192/0x250
[   28.997534]        __splice_from_pipe+0x324/0x740
[   29.002359]        splice_from_pipe+0xcf/0x130
[   29.006925]        default_file_splice_write+0x37/0x80
[   29.012178]        SyS_splice+0xd06/0x12a0
[   29.016530]        do_syscall_64+0x19b/0x4b0
[   29.020920]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   29.026708] 
[   29.026708] -> #0 (&pipe->mutex/1){+.+.}:
[   29.032330]        lock_acquire+0x10f/0x380
[   29.036630]        __mutex_lock+0xf5/0x1480
[   29.040988]        fifo_open+0x156/0x9d0
[   29.045036]        do_dentry_open+0x426/0xda0
[   29.049580]        vfs_open+0x11c/0x210
[   29.053543]        path_openat+0x5f9/0x2930
[   29.057851]        do_filp_open+0x197/0x270
[   29.062153]        do_open_execat+0x10d/0x5b0
[   29.066757]        do_execveat_common.isra.14+0x6cb/0x1d60
[   29.072363]        SyS_execve+0x34/0x40
[   29.076314]        do_syscall_64+0x19b/0x4b0
[   29.080707]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   29.086518] 
[   29.086518] other info that might help us debug this:
[   29.086518] 
[   29.094647]  Possible unsafe locking scenario:
[   29.094647] 
[   29.100794]        CPU0                    CPU1
[   29.105435]        ----                    ----
[   29.110078]   lock(&sig->cred_guard_mutex);
[   29.114373]                                lock(&pipe->mutex/1);
[   29.120493]                                lock(&sig->cred_guard_mutex);
[   29.127416]   lock(&pipe->mutex/1);
[   29.131021] 
[   29.131021]  *** DEADLOCK ***
[   29.131021] 
[   29.137195] 1 lock held by syz-executor225/1778:
[   29.141932]  #0:  (&sig->cred_guard_mutex){+.+.}, at: [<ffffffffb237384e>] prepare_bprm_creds+0x4e/0x110
[   29.151739] 
[   29.151739] stack backtrace:
[   29.156215] CPU: 1 PID: 1778 Comm: syz-executor225 Not tainted 4.14.91+ #30
[   29.163289] Call Trace:
[   29.165888]  dump_stack+0xb9/0x11b
[   29.169423]  print_circular_bug.isra.18.cold.43+0x2d3/0x40c
[   29.175110]  ? save_trace+0xd6/0x250
[   29.178804]  __lock_acquire+0x2ff9/0x4320
[   29.182932]  ? check_preemption_disabled+0x34/0x1e0
[   29.187936]  ? trace_hardirqs_on+0x10/0x10
[   29.192147]  ? trace_hardirqs_on_caller+0x381/0x520
[   29.197141]  ? _raw_spin_unlock_irqrestore+0x41/0x70
[   29.202230]  ? __kmalloc+0x153/0x340
[   29.205938]  ? alloc_pipe_info+0x15b/0x370
[   29.210148]  ? fifo_open+0x1ef/0x9d0
[   29.213922]  ? do_dentry_open+0x426/0xda0
[   29.218058]  ? vfs_open+0x11c/0x210
[   29.221711]  ? path_openat+0x5f9/0x2930
[   29.225676]  ? do_filp_open+0x197/0x270
[   29.229630]  lock_acquire+0x10f/0x380
[   29.233410]  ? fifo_open+0x156/0x9d0
[   29.237207]  ? fifo_open+0x156/0x9d0
[   29.240898]  __mutex_lock+0xf5/0x1480
[   29.244676]  ? fifo_open+0x156/0x9d0
[   29.248369]  ? fifo_open+0x156/0x9d0
[   29.252060]  ? fsnotify+0x773/0x1200
[   29.255755]  ? __ww_mutex_wakeup_for_backoff+0x240/0x240
[   29.261183]  ? fs_reclaim_acquire+0x10/0x10
[   29.265488]  ? fifo_open+0x284/0x9d0
[   29.269176]  ? lock_downgrade+0x560/0x560
[   29.273323]  ? lock_acquire+0x10f/0x380
[   29.277279]  ? fifo_open+0x243/0x9d0
[   29.280969]  ? debug_mutex_init+0x28/0x53
[   29.285091]  ? fifo_open+0x156/0x9d0
[   29.288780]  fifo_open+0x156/0x9d0
[   29.292329]  do_dentry_open+0x426/0xda0
[   29.296385]  ? pipe_release+0x240/0x240
[   29.300454]  vfs_open+0x11c/0x210
[   29.303890]  path_openat+0x5f9/0x2930
[   29.307672]  ? path_mountpoint+0x9a0/0x9a0
[   29.311884]  ? kasan_kmalloc.part.1+0xa9/0xd0
[   29.316363]  ? kasan_kmalloc.part.1+0x4f/0xd0
[   29.320837]  ? __kmalloc_track_caller+0x104/0x300
[   29.325664]  ? kmemdup+0x20/0x50
[   29.329011]  ? security_prepare_creds+0x7c/0xb0
[   29.333808]  ? prepare_creds+0x225/0x2a0
[   29.337966]  ? prepare_exec_creds+0xc/0xe0
[   29.342178]  ? prepare_bprm_creds+0x62/0x110
[   29.346560]  ? do_execveat_common.isra.14+0x2cd/0x1d60
[   29.351978]  ? SyS_execve+0x34/0x40
[   29.355588]  ? do_syscall_64+0x19b/0x4b0
[   29.359836]  do_filp_open+0x197/0x270
[   29.363619]  ? may_open_dev+0xd0/0xd0
[   29.367403]  ? trace_hardirqs_on+0x10/0x10
[   29.371762]  ? fs_reclaim_acquire+0x10/0x10
[   29.376076]  ? rcu_read_lock_sched_held+0x102/0x120
[   29.381075]  do_open_execat+0x10d/0x5b0
[   29.385032]  ? setup_arg_pages+0x720/0x720
[   29.389244]  ? do_execveat_common.isra.14+0x68d/0x1d60
[   29.394498]  ? lock_downgrade+0x560/0x560
[   29.398623]  ? lock_acquire+0x10f/0x380
[   29.402572]  ? check_preemption_disabled+0x34/0x1e0
[   29.407565]  do_execveat_common.isra.14+0x6cb/0x1d60
[   29.412664]  ? prepare_bprm_creds+0x110/0x110
[   29.417262]  ? getname_flags+0x222/0x540
[   29.421314]  SyS_execve+0x34/0x40
[   29.424740]  ? setup_new_exec+0x770/0x770
[   29.428887]  do_syscall_64+0x19b/0x4b0
[   29.432758]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   29.437922] RIP: 0033:0x445709
[   29.441087] RSP: 002b:00007fcfa1e00da8 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
[   29.449002] RAX: ffffffffffffffda RBX: 000000000