[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 22.189392] random: sshd: uninitialized urandom read (32 bytes read) [ 22.376927] audit: type=1400 audit(1546402302.294:6): avc: denied { map } for pid=1764 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 22.406218] random: sshd: uninitialized urandom read (32 bytes read) [ 22.887133] random: sshd: uninitialized urandom read (32 bytes read) [ 44.592567] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.64' (ECDSA) to the list of known hosts. [ 50.317465] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 50.416318] audit: type=1400 audit(1546402330.334:7): avc: denied { map } for pid=1794 comm="syz-executor026" path="/root/syz-executor026357975" dev="sda1" ino=16461 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 50.419389] [ 50.444053] ====================================================== [ 50.450340] WARNING: possible circular locking dependency detected [ 50.456634] 4.14.91+ #1 Not tainted [ 50.460249] ------------------------------------------------------ [ 50.466542] syz-executor026/1794 is trying to acquire lock: [ 50.472218] (&pipe->mutex/1){+.+.}, at: [] fifo_open+0x156/0x9b0 [ 50.480009] [ 50.480009] but task is already holding lock: [ 50.485961] (&sig->cred_guard_mutex){+.+.}, at: [] prepare_bprm_creds+0x51/0x110 [ 50.495122] [ 50.495122] which lock already depends on the new lock. [ 50.495122] [ 50.503407] [ 50.503407] the existing dependency chain (in reverse order) is: [ 50.510998] [ 50.510998] -> #1 (&sig->cred_guard_mutex){+.+.}: [ 50.517288] [ 50.517288] -> #0 (&pipe->mutex/1){+.+.}: [ 50.522887] [ 50.522887] other info that might help us debug this: [ 50.522887] [ 50.530997] Possible unsafe locking scenario: [ 50.530997] [ 50.537021] CPU0 CPU1 [ 50.541658] ---- ---- [ 50.546292] lock(&sig->cred_guard_mutex); [ 50.550583] lock(&pipe->mutex/1); [ 50.556698] lock(&sig->cred_guard_mutex); [ 50.563509] lock(&pipe->mutex/1); [ 50.567134] [ 50.567134] *** DEADLOCK *** [ 50.567134] [ 50.573166] 1 lock held by syz-executor026/1794: [ 50.577891] #0: (&sig->cred_guard_mutex){+.+.}, at: [] prepare_bprm_creds+0x51/0x110 [ 50.587485] [ 50.587485] stack backtrace: [ 50.591954] CPU: 0 PID: 1794 Comm: syz-executor026 Not tainted 4.14.91+ #1 [ 50.598932] Call Trace: [ 50.601495] dump_stack+0xb9/0x10e [ 50.605008] print_circular_bug.isra.0.cold+0x2dc/0x425 [ 50.610342] ? __lock_acquire+0x2d83/0x3fa0 [ 50.614641] ? trace_hardirqs_on+0x10/0x10 [ 50.618852] ? _raw_spin_unlock_irqrestore+0x41/0x70 [ 50.623931] ? __lock_acquire+0x56a/0x3fa0 [ 50.628138] ? do_filp_open+0x1a1/0x280 [ 50.632086] ? lock_acquire+0x10f/0x380 [ 50.636032] ? fifo_open+0x156/0x9b0 [ 50.639719] ? fifo_open+0x156/0x9b0 [ 50.643402] ? __mutex_lock+0xf7/0x1430 [ 50.647349] ? fifo_open+0x156/0x9b0 [ 50.651036] ? fifo_open+0x156/0x9b0 [ 50.654725] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 50.660150] ? fifo_open+0x284/0x9b0 [ 50.663835] ? lock_downgrade+0x5d0/0x5d0 [ 50.667956] ? lock_acquire+0x10f/0x380 [ 50.671902] ? fifo_open+0x243/0x9b0 [ 50.675586] ? debug_mutex_init+0x28/0x53 [ 50.679705] ? fifo_open+0x156/0x9b0 [ 50.683392] ? fifo_open+0x156/0x9b0 [ 50.687079] ? do_dentry_open+0x41b/0xd60 [ 50.691196] ? pipe_release+0x240/0x240 [ 50.695142] ? vfs_open+0x105/0x230 [ 50.698740] ? path_openat+0xb6b/0x2b70 [ 50.702687] ? path_mountpoint+0x9a0/0x9a0 [ 50.706896] ? kasan_kmalloc.part.0+0xa6/0xd0 [ 50.711362] ? kasan_kmalloc.part.0+0x4f/0xd0 [ 50.715829] ? kmemdup+0x23/0x50 [ 50.719182] ? selinux_cred_prepare+0x3e/0x90 [ 50.723651] ? do_filp_open+0x1a1/0x280 [ 50.727595] ? prepare_bprm_creds+0x66/0x110 [ 50.731975] ? may_open_dev+0xe0/0xe0 [ 50.735760] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 50.741191] ? rcu_read_lock_sched_held+0x10a/0x130 [ 50.746178] ? do_open_execat+0xf7/0x5c0 [ 50.750212] ? setup_arg_pages+0x710/0x710 [ 50.754419] ? do_execveat_common.isra.0+0x674/0x1c30 [ 50.759578] ? lock_acquire+0x10f/0x380 [ 50.763599] ? do_execveat_common.isra.0+0x422/0x1c30 [ 50.768778] ? check_preemption_disabled+0x35/0x1f0 [ 50.773777] ? do_execveat_common.isra.0+0x6b3/0x1c30 [ 50.778942] ? prepare_bprm_creds+0x110/0x110 [ 50.783413] ? getname_flags+0x22e/0x550 [ 50.787448] ? SyS_execve+0x34/0x40 [ 50.791064] ? setup_new_exec+0x770/0x770 [ 50.795192] ? do_syscall_64+0x19b/0x4b0 [ 50.799227] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7