[....] Starting OpenBSD Secure Shell server: sshd[   11.068536] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   34.757144] random: sshd: uninitialized urandom read (32 bytes read)
[   34.937561] audit: type=1400 audit(1540593754.375:6): avc:  denied  { map } for  pid=1771 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   34.980819] random: sshd: uninitialized urandom read (32 bytes read)
[   35.447809] random: sshd: uninitialized urandom read (32 bytes read)
[   42.054671] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.115' (ECDSA) to the list of known hosts.
[   48.007280] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   48.101118] audit: type=1400 audit(1540593767.545:7): avc:  denied  { map } for  pid=1789 comm="syz-executor421" path="/root/syz-executor421494026" dev="sda1" ino=16461 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   48.151703] 
[   48.153394] ======================================================
[   48.159690] WARNING: possible circular locking dependency detected
[   48.165985] 4.14.78+ #26 Not tainted
[   48.169669] ------------------------------------------------------
[   48.176071] syz-executor421/1790 is trying to acquire lock:
[   48.181880]  (&pipe->mutex/1){+.+.}, at: [<ffffffff8e575cc6>] fifo_open+0x156/0x9d0
[   48.189790] 
[   48.189790] but task is already holding lock:
[   48.195837]  (&sig->cred_guard_mutex){+.+.}, at: [<ffffffff8e57010e>] prepare_bprm_creds+0x4e/0x110
[   48.205014] 
[   48.205014] which lock already depends on the new lock.
[   48.205014] 
[   48.213329] 
[   48.213329] the existing dependency chain (in reverse order) is:
[   48.221069] 
[   48.221069] -> #1 (&sig->cred_guard_mutex){+.+.}:
[   48.228613]        __mutex_lock+0xf5/0x1480
[   48.232920]        proc_pid_attr_write+0x16b/0x280
[   48.237827]        __vfs_write+0xf4/0x5c0
[   48.241951]        __kernel_write+0xf3/0x330
[   48.246346]        write_pipe_buf+0x192/0x250
[   48.250819]        __splice_from_pipe+0x324/0x740
[   48.255776]        splice_from_pipe+0xcf/0x130
[   48.260342]        default_file_splice_write+0x37/0x80
[   48.265677]        SyS_splice+0xd06/0x12a0
[   48.269956]        do_syscall_64+0x19b/0x4b0
[   48.274352]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   48.280045] 
[   48.280045] -> #0 (&pipe->mutex/1){+.+.}:
[   48.285811]        lock_acquire+0x10f/0x380
[   48.290120]        __mutex_lock+0xf5/0x1480
[   48.294427]        fifo_open+0x156/0x9d0
[   48.298467]        do_dentry_open+0x426/0xda0
[   48.302957]        vfs_open+0x11c/0x210
[   48.307066]        path_openat+0x4eb/0x23a0
[   48.311432]        do_filp_open+0x197/0x270
[   48.315736]        do_open_execat+0x10d/0x5b0
[   48.320216]        do_execveat_common.isra.14+0x6cb/0x1d60
[   48.325813]        SyS_execve+0x34/0x40
[   48.329760]        do_syscall_64+0x19b/0x4b0
[   48.334146]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   48.339826] 
[   48.339826] other info that might help us debug this:
[   48.339826] 
[   48.347945]  Possible unsafe locking scenario:
[   48.347945] 
[   48.353977]        CPU0                    CPU1
[   48.358720]        ----                    ----
[   48.363359]   lock(&sig->cred_guard_mutex);
[   48.367658]                                lock(&pipe->mutex/1);
[   48.375050]                                lock(&sig->cred_guard_mutex);
[   48.381862]   lock(&pipe->mutex/1);
[   48.385464] 
[   48.385464]  *** DEADLOCK ***
[   48.385464] 
[   48.391502] 1 lock held by syz-executor421/1790:
[   48.396235]  #0:  (&sig->cred_guard_mutex){+.+.}, at: [<ffffffff8e57010e>] prepare_bprm_creds+0x4e/0x110
[   48.405924] 
[   48.405924] stack backtrace:
[   48.410412] CPU: 0 PID: 1790 Comm: syz-executor421 Not tainted 4.14.78+ #26
[   48.417493] Call Trace:
[   48.420072]  dump_stack+0xb9/0x11b
[   48.423604]  print_circular_bug.isra.18.cold.43+0x2d3/0x40c
[   48.429412]  ? save_trace+0xd6/0x250
[   48.433109]  __lock_acquire+0x2ff9/0x4320
[   48.437239]  ? check_preemption_disabled+0x34/0x160
[   48.442235]  ? trace_hardirqs_on+0x10/0x10
[   48.446446]  ? trace_hardirqs_on_caller+0x381/0x520
[   48.451438]  ? _raw_spin_unlock_irqrestore+0x41/0x70
[   48.456516]  ? __lock_acquire+0x619/0x4320
[   48.460725]  ? alloc_pipe_info+0x15b/0x370
[   48.464948]  ? fifo_open+0x1ef/0x9d0
[   48.468636]  ? do_dentry_open+0x426/0xda0
[   48.472762]  ? vfs_open+0x11c/0x210
[   48.476366]  ? path_openat+0x4eb/0x23a0
[   48.480318]  lock_acquire+0x10f/0x380
[   48.484097]  ? fifo_open+0x156/0x9d0
[   48.487782]  ? fifo_open+0x156/0x9d0
[   48.491473]  __mutex_lock+0xf5/0x1480
[   48.495249]  ? fifo_open+0x156/0x9d0
[   48.498936]  ? fifo_open+0x156/0x9d0
[   48.502626]  ? dput.part.6+0x3b3/0x710
[   48.506490]  ? __ww_mutex_wakeup_for_backoff+0x240/0x240
[   48.512029]  ? fs_reclaim_acquire+0x10/0x10
[   48.516330]  ? fifo_open+0x284/0x9d0
[   48.520025]  ? lock_downgrade+0x560/0x560
[   48.524158]  ? lock_acquire+0x10f/0x380
[   48.528109]  ? fifo_open+0x243/0x9d0
[   48.531799]  ? debug_mutex_init+0x28/0x53
[   48.535921]  ? fifo_open+0x156/0x9d0
[   48.539611]  fifo_open+0x156/0x9d0
[   48.543600]  do_dentry_open+0x426/0xda0
[   48.547546]  ? pipe_release+0x240/0x240
[   48.551571]  vfs_open+0x11c/0x210
[   48.555009]  path_openat+0x4eb/0x23a0
[   48.558794]  ? path_mountpoint+0x9a0/0x9a0
[   48.563006]  ? kasan_kmalloc.part.1+0xa9/0xd0
[   48.567474]  ? kasan_kmalloc.part.1+0x4f/0xd0
[   48.571946]  ? __kmalloc_track_caller+0x104/0x300
[   48.576766]  ? kmemdup+0x20/0x50
[   48.580112]  ? security_prepare_creds+0x7c/0xb0
[   48.584860]  ? prepare_creds+0x225/0x2a0
[   48.588897]  ? prepare_exec_creds+0xc/0xe0
[   48.593112]  ? prepare_bprm_creds+0x62/0x110
[   48.597512]  ? do_execveat_common.isra.14+0x2cd/0x1d60
[   48.602767]  ? SyS_execve+0x34/0x40
[   48.606372]  ? do_syscall_64+0x19b/0x4b0
[   48.610416]  do_filp_open+0x197/0x270
[   48.614193]  ? may_open_dev+0xd0/0xd0
[   48.617980]  ? trace_hardirqs_on+0x10/0x10
[   48.622281]  ? fs_reclaim_acquire+0x10/0x10
[   48.627027]  ? rcu_read_lock_sched_held+0x102/0x120
[   48.632025]  do_open_execat+0x10d/0x5b0
[   48.635981]  ? setup_arg_pages+0x720/0x720
[   48.640318]  ? do_execveat_common.isra.14+0x68d/0x1d60
[   48.645701]  ? lock_downgrade+0x560/0x560
[   48.649827]  ? lock_acquire+0x10f/0x380
[   48.653781]  ? check_preemption_disabled+0x34/0x160
[   48.659556]  do_execveat_common.isra.14+0x6cb/0x1d60
[   48.664640]  ? prepare_bprm_creds+0x110/0x110
[   48.670340]  ? getname_flags+0x222/0x540
[   48.674380]  SyS_execve+0x34/0x40
[   48.677811]  ? setup_new_exec+0x770/0x770
[   48.682160]  do_syscall_64+0x19b/0x4b0
[   48.686028]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   48.691191] RIP: 0033:0x445719
[   48.694368] RSP: 002b:00007fd87f352da8 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
[   48.702049] RAX: ffffffffffffff