[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 29.471902] random: sshd: uninitialized urandom read (32 bytes read) [ 29.848794] audit: type=1400 audit(1546907725.720:6): avc: denied { map } for pid=1765 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 29.879272] random: sshd: uninitialized urandom read (32 bytes read) [ 30.387508] random: sshd: uninitialized urandom read (32 bytes read) [ 30.533108] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.26' (ECDSA) to the list of known hosts. [ 36.085740] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 36.176175] audit: type=1400 audit(1546907732.050:7): avc: denied { map } for pid=1783 comm="syz-executor089" path="/root/syz-executor089516930" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 36.229620] [ 36.231237] ====================================================== [ 36.237526] WARNING: possible circular locking dependency detected [ 36.243815] 4.14.91+ #3 Not tainted [ 36.247416] ------------------------------------------------------ [ 36.253705] syz-executor089/1785 is trying to acquire lock: [ 36.259385] (&pipe->mutex/1){+.+.}, at: [] fifo_open+0x156/0x9b0 [ 36.267164] [ 36.267164] but task is already holding lock: [ 36.273107] (&sig->cred_guard_mutex){+.+.}, at: [] prepare_bprm_creds+0x51/0x110 [ 36.282268] [ 36.282268] which lock already depends on the new lock. [ 36.282268] [ 36.290558] [ 36.290558] the existing dependency chain (in reverse order) is: [ 36.298153] [ 36.298153] -> #1 (&sig->cred_guard_mutex){+.+.}: [ 36.304593] [ 36.304593] -> #0 (&pipe->mutex/1){+.+.}: [ 36.310201] [ 36.310201] other info that might help us debug this: [ 36.310201] [ 36.318319] Possible unsafe locking scenario: [ 36.318319] [ 36.324353] CPU0 CPU1 [ 36.328999] ---- ---- [ 36.333641] lock(&sig->cred_guard_mutex); [ 36.337940] lock(&pipe->mutex/1); [ 36.344070] lock(&sig->cred_guard_mutex); [ 36.350886] lock(&pipe->mutex/1); [ 36.354489] [ 36.354489] *** DEADLOCK *** [ 36.354489] [ 36.360522] 1 lock held by syz-executor089/1785: [ 36.365248] #0: (&sig->cred_guard_mutex){+.+.}, at: [] prepare_bprm_creds+0x51/0x110 [ 36.374845] [ 36.374845] stack backtrace: [ 36.379426] CPU: 1 PID: 1785 Comm: syz-executor089 Not tainted 4.14.91+ #3 [ 36.386407] Call Trace: [ 36.388970] dump_stack+0xb9/0x10e [ 36.392484] print_circular_bug.isra.0.cold+0x2dc/0x425 [ 36.397818] ? __lock_acquire+0x2d83/0x3fa0 [ 36.402116] ? trace_hardirqs_on+0x10/0x10 [ 36.406324] ? _raw_spin_unlock_irqrestore+0x41/0x70 [ 36.411401] ? __lock_acquire+0x56a/0x3fa0 [ 36.415612] ? do_filp_open+0x1a1/0x280 [ 36.419559] ? lock_acquire+0x10f/0x380 [ 36.423513] ? fifo_open+0x156/0x9b0 [ 36.427205] ? fifo_open+0x156/0x9b0 [ 36.430897] ? __mutex_lock+0xf7/0x1430 [ 36.434841] ? fifo_open+0x156/0x9b0 [ 36.438571] ? fifo_open+0x156/0x9b0 [ 36.442267] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 36.447695] ? fifo_open+0x284/0x9b0 [ 36.451387] ? lock_downgrade+0x5d0/0x5d0 [ 36.455525] ? lock_acquire+0x10f/0x380 [ 36.459471] ? fifo_open+0x243/0x9b0 [ 36.463188] ? debug_mutex_init+0x28/0x53 [ 36.467312] ? fifo_open+0x156/0x9b0 [ 36.470996] ? fifo_open+0x156/0x9b0 [ 36.474685] ? do_dentry_open+0x41b/0xd60 [ 36.478813] ? pipe_release+0x240/0x240 [ 36.482767] ? vfs_open+0x105/0x230 [ 36.486369] ? path_openat+0xb6b/0x2b70 [ 36.490319] ? path_mountpoint+0x9a0/0x9a0 [ 36.494527] ? kasan_kmalloc.part.0+0xa6/0xd0 [ 36.498998] ? kasan_kmalloc.part.0+0x4f/0xd0 [ 36.503466] ? kmemdup+0x23/0x50 [ 36.506931] ? selinux_cred_prepare+0x3e/0x90 [ 36.511415] ? do_filp_open+0x1a1/0x280 [ 36.515363] ? prepare_bprm_creds+0x66/0x110 [ 36.519744] ? may_open_dev+0xe0/0xe0 [ 36.523526] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 36.528956] ? rcu_read_lock_sched_held+0x10a/0x130 [ 36.533952] ? do_open_execat+0xf7/0x5c0 [ 36.537987] ? setup_arg_pages+0x710/0x710 [ 36.542193] ? do_execveat_common.isra.0+0x674/0x1c30 [ 36.547367] ? lock_acquire+0x10f/0x380 [ 36.551328] ? do_execveat_common.isra.0+0x422/0x1c30 [ 36.556507] ? check_preemption_disabled+0x35/0x1f0 [ 36.561495] ? do_execveat_common.isra.0+0x6b3/0x1c30 [ 36.566675] ? prepare_bprm_creds+0x110/0x110 [ 36.571144] ? getname_flags+0x22e/0x550 [ 36.575176] ? SyS_execve+0x34/0x40 [ 36.578775] ? setup_new_exec+