[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   29.471902] random: sshd: uninitialized urandom read (32 bytes read)
[   29.848794] audit: type=1400 audit(1546907725.720:6): avc:  denied  { map } for  pid=1765 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   29.879272] random: sshd: uninitialized urandom read (32 bytes read)
[   30.387508] random: sshd: uninitialized urandom read (32 bytes read)
[   30.533108] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.26' (ECDSA) to the list of known hosts.
[   36.085740] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   36.176175] audit: type=1400 audit(1546907732.050:7): avc:  denied  { map } for  pid=1783 comm="syz-executor089" path="/root/syz-executor089516930" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   36.229620] 
[   36.231237] ======================================================
[   36.237526] WARNING: possible circular locking dependency detected
[   36.243815] 4.14.91+ #3 Not tainted
[   36.247416] ------------------------------------------------------
[   36.253705] syz-executor089/1785 is trying to acquire lock:
[   36.259385]  (&pipe->mutex/1){+.+.}, at: [<ffffffffab971a86>] fifo_open+0x156/0x9b0
[   36.267164] 
[   36.267164] but task is already holding lock:
[   36.273107]  (&sig->cred_guard_mutex){+.+.}, at: [<ffffffffab96bea1>] prepare_bprm_creds+0x51/0x110
[   36.282268] 
[   36.282268] which lock already depends on the new lock.
[   36.282268] 
[   36.290558] 
[   36.290558] the existing dependency chain (in reverse order) is:
[   36.298153] 
[   36.298153] -> #1 (&sig->cred_guard_mutex){+.+.}:
[   36.304593] 
[   36.304593] -> #0 (&pipe->mutex/1){+.+.}:
[   36.310201] 
[   36.310201] other info that might help us debug this:
[   36.310201] 
[   36.318319]  Possible unsafe locking scenario:
[   36.318319] 
[   36.324353]        CPU0                    CPU1
[   36.328999]        ----                    ----
[   36.333641]   lock(&sig->cred_guard_mutex);
[   36.337940]                                lock(&pipe->mutex/1);
[   36.344070]                                lock(&sig->cred_guard_mutex);
[   36.350886]   lock(&pipe->mutex/1);
[   36.354489] 
[   36.354489]  *** DEADLOCK ***
[   36.354489] 
[   36.360522] 1 lock held by syz-executor089/1785:
[   36.365248]  #0:  (&sig->cred_guard_mutex){+.+.}, at: [<ffffffffab96bea1>] prepare_bprm_creds+0x51/0x110
[   36.374845] 
[   36.374845] stack backtrace:
[   36.379426] CPU: 1 PID: 1785 Comm: syz-executor089 Not tainted 4.14.91+ #3
[   36.386407] Call Trace:
[   36.388970]  dump_stack+0xb9/0x10e
[   36.392484]  print_circular_bug.isra.0.cold+0x2dc/0x425
[   36.397818]  ? __lock_acquire+0x2d83/0x3fa0
[   36.402116]  ? trace_hardirqs_on+0x10/0x10
[   36.406324]  ? _raw_spin_unlock_irqrestore+0x41/0x70
[   36.411401]  ? __lock_acquire+0x56a/0x3fa0
[   36.415612]  ? do_filp_open+0x1a1/0x280
[   36.419559]  ? lock_acquire+0x10f/0x380
[   36.423513]  ? fifo_open+0x156/0x9b0
[   36.427205]  ? fifo_open+0x156/0x9b0
[   36.430897]  ? __mutex_lock+0xf7/0x1430
[   36.434841]  ? fifo_open+0x156/0x9b0
[   36.438571]  ? fifo_open+0x156/0x9b0
[   36.442267]  ? __ww_mutex_wakeup_for_backoff+0x210/0x210
[   36.447695]  ? fifo_open+0x284/0x9b0
[   36.451387]  ? lock_downgrade+0x5d0/0x5d0
[   36.455525]  ? lock_acquire+0x10f/0x380
[   36.459471]  ? fifo_open+0x243/0x9b0
[   36.463188]  ? debug_mutex_init+0x28/0x53
[   36.467312]  ? fifo_open+0x156/0x9b0
[   36.470996]  ? fifo_open+0x156/0x9b0
[   36.474685]  ? do_dentry_open+0x41b/0xd60
[   36.478813]  ? pipe_release+0x240/0x240
[   36.482767]  ? vfs_open+0x105/0x230
[   36.486369]  ? path_openat+0xb6b/0x2b70
[   36.490319]  ? path_mountpoint+0x9a0/0x9a0
[   36.494527]  ? kasan_kmalloc.part.0+0xa6/0xd0
[   36.498998]  ? kasan_kmalloc.part.0+0x4f/0xd0
[   36.503466]  ? kmemdup+0x23/0x50
[   36.506931]  ? selinux_cred_prepare+0x3e/0x90
[   36.511415]  ? do_filp_open+0x1a1/0x280
[   36.515363]  ? prepare_bprm_creds+0x66/0x110
[   36.519744]  ? may_open_dev+0xe0/0xe0
[   36.523526]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[   36.528956]  ? rcu_read_lock_sched_held+0x10a/0x130
[   36.533952]  ? do_open_execat+0xf7/0x5c0
[   36.537987]  ? setup_arg_pages+0x710/0x710
[   36.542193]  ? do_execveat_common.isra.0+0x674/0x1c30
[   36.547367]  ? lock_acquire+0x10f/0x380
[   36.551328]  ? do_execveat_common.isra.0+0x422/0x1c30
[   36.556507]  ? check_preemption_disabled+0x35/0x1f0
[   36.561495]  ? do_execveat_common.isra.0+0x6b3/0x1c30
[   36.566675]  ? prepare_bprm_creds+0x110/0x110
[   36.571144]  ? getname_flags+0x22e/0x550
[   36.575176]  ? SyS_execve+0x34/0x40
[   36.578775]  ? setup_new_exec+