[ 10.412828] random: sshd: uninitialized urandom read (32 bytes read) [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 31.772285] random: sshd: uninitialized urandom read (32 bytes read) [ 32.064221] audit: type=1400 audit(1547200691.963:6): avc: denied { map } for pid=1769 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 32.105781] random: sshd: uninitialized urandom read (32 bytes read) [ 32.554626] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.95' (ECDSA) to the list of known hosts. [ 38.476767] urandom_read: 1 callbacks suppressed [ 38.476772] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 38.572780] audit: type=1400 audit(1547200698.473:7): avc: denied { map } for pid=1781 comm="syz-executor993" path="/root/syz-executor993754193" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 38.575548] [ 38.600674] ====================================================== [ 38.606991] WARNING: possible circular locking dependency detected [ 38.613287] 4.14.92+ #5 Not tainted [ 38.616897] ------------------------------------------------------ [ 38.623302] syz-executor993/1781 is trying to acquire lock: [ 38.629179] (&pipe->mutex/1){+.+.}, at: [] fifo_open+0x156/0x9b0 [ 38.637067] [ 38.637067] but task is already holding lock: [ 38.643013] (&sig->cred_guard_mutex){+.+.}, at: [] prepare_bprm_creds+0x51/0x110 [ 38.652438] [ 38.652438] which lock already depends on the new lock. [ 38.652438] [ 38.660793] [ 38.660793] the existing dependency chain (in reverse order) is: [ 38.668406] [ 38.668406] -> #1 (&sig->cred_guard_mutex){+.+.}: [ 38.674699] [ 38.674699] -> #0 (&pipe->mutex/1){+.+.}: [ 38.680504] [ 38.680504] other info that might help us debug this: [ 38.680504] [ 38.688635] Possible unsafe locking scenario: [ 38.688635] [ 38.694665] CPU0 CPU1 [ 38.699366] ---- ---- [ 38.704010] lock(&sig->cred_guard_mutex); [ 38.708478] lock(&pipe->mutex/1); [ 38.714679] lock(&sig->cred_guard_mutex); [ 38.721658] lock(&pipe->mutex/1); [ 38.725329] [ 38.725329] *** DEADLOCK *** [ 38.725329] [ 38.731365] 1 lock held by syz-executor993/1781: [ 38.736168] #0: (&sig->cred_guard_mutex){+.+.}, at: [] prepare_bprm_creds+0x51/0x110 [ 38.745792] [ 38.745792] stack backtrace: [ 38.750265] CPU: 0 PID: 1781 Comm: syz-executor993 Not tainted 4.14.92+ #5 [ 38.757468] Call Trace: [ 38.760043] dump_stack+0xb9/0x10e [ 38.763562] print_circular_bug.isra.0.cold+0x2dc/0x425 [ 38.768897] ? __lock_acquire+0x2d83/0x3fa0 [ 38.773199] ? trace_hardirqs_on+0x10/0x10 [ 38.777412] ? _raw_spin_unlock_irqrestore+0x41/0x70 [ 38.782685] ? __lock_acquire+0x56a/0x3fa0 [ 38.786899] ? do_filp_open+0x1a1/0x280 [ 38.790846] ? lock_acquire+0x10f/0x380 [ 38.794793] ? fifo_open+0x156/0x9b0 [ 38.798668] ? fifo_open+0x156/0x9b0 [ 38.802362] ? __mutex_lock+0xf7/0x1430 [ 38.806417] ? fifo_open+0x156/0x9b0 [ 38.810113] ? ___slab_alloc.constprop.0+0x224/0x470 [ 38.815188] ? fifo_open+0x156/0x9b0 [ 38.818877] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 38.824298] ? fifo_open+0x284/0x9b0 [ 38.827991] ? lock_downgrade+0x5d0/0x5d0 [ 38.832109] ? lock_acquire+0x10f/0x380 [ 38.836052] ? fifo_open+0x243/0x9b0 [ 38.839768] ? debug_mutex_init+0x28/0x53 [ 38.843893] ? fifo_open+0x156/0x9b0 [ 38.847680] ? fifo_open+0x156/0x9b0 [ 38.851501] ? do_dentry_open+0x41b/0xd60 [ 38.855719] ? pipe_release+0x240/0x240 [ 38.859674] ? vfs_open+0x105/0x230 [ 38.863279] ? path_openat+0xb6b/0x2b70 [ 38.867225] ? path_mountpoint+0x9a0/0x9a0 [ 38.871491] ? kasan_kmalloc.part.0+0xa6/0xd0 [ 38.875962] ? kasan_kmalloc.part.0+0x4f/0xd0 [ 38.880488] ? kmemdup+0x23/0x50 [ 38.883829] ? selinux_cred_prepare+0x3e/0x90 [ 38.888294] ? do_filp_open+0x1a1/0x280 [ 38.892237] ? prepare_bprm_creds+0x66/0x110 [ 38.896631] ? may_open_dev+0xe0/0xe0 [ 38.900406] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 38.905827] ? rcu_read_lock_sched_held+0x10a/0x130 [ 38.910919] ? do_open_execat+0xf7/0x5c0 [ 38.914954] ? setup_arg_pages+0x710/0x710 [ 38.919165] ? do_execveat_common.isra.0+0x674/0x1c30 [ 38.924329] ? lock_acquire+0x10f/0x380 [ 38.928279] ? do_execveat_common.isra.0+0x422/0x1c30 [ 38.933464] ? check_preemption_disabled+0x35/0x1f0 [ 38.938459] ? do_execveat_common.isra.0+0x6b3/0x1c30 [ 38.943776] ? prepare_bprm_creds+0x110/0x110 [ 38.948444] ? getname_flags+0x22e/0x550 [ 38.952533] ? SyS_execve+0x34/0x40 [ 38.956172] ? setup_new_exec+0x770/0x770 [ 38.960295] ? do_syscall_64+0x19b/0x4b0 [ 38.964327] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7