[   10.412828] random: sshd: uninitialized urandom read (32 bytes read)
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   31.772285] random: sshd: uninitialized urandom read (32 bytes read)
[   32.064221] audit: type=1400 audit(1547200691.963:6): avc:  denied  { map } for  pid=1769 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   32.105781] random: sshd: uninitialized urandom read (32 bytes read)
[   32.554626] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.95' (ECDSA) to the list of known hosts.
[   38.476767] urandom_read: 1 callbacks suppressed
[   38.476772] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   38.572780] audit: type=1400 audit(1547200698.473:7): avc:  denied  { map } for  pid=1781 comm="syz-executor993" path="/root/syz-executor993754193" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   38.575548] 
[   38.600674] ======================================================
[   38.606991] WARNING: possible circular locking dependency detected
[   38.613287] 4.14.92+ #5 Not tainted
[   38.616897] ------------------------------------------------------
[   38.623302] syz-executor993/1781 is trying to acquire lock:
[   38.629179]  (&pipe->mutex/1){+.+.}, at: [<ffffffff81771ac6>] fifo_open+0x156/0x9b0
[   38.637067] 
[   38.637067] but task is already holding lock:
[   38.643013]  (&sig->cred_guard_mutex){+.+.}, at: [<ffffffff8176bee1>] prepare_bprm_creds+0x51/0x110
[   38.652438] 
[   38.652438] which lock already depends on the new lock.
[   38.652438] 
[   38.660793] 
[   38.660793] the existing dependency chain (in reverse order) is:
[   38.668406] 
[   38.668406] -> #1 (&sig->cred_guard_mutex){+.+.}:
[   38.674699] 
[   38.674699] -> #0 (&pipe->mutex/1){+.+.}:
[   38.680504] 
[   38.680504] other info that might help us debug this:
[   38.680504] 
[   38.688635]  Possible unsafe locking scenario:
[   38.688635] 
[   38.694665]        CPU0                    CPU1
[   38.699366]        ----                    ----
[   38.704010]   lock(&sig->cred_guard_mutex);
[   38.708478]                                lock(&pipe->mutex/1);
[   38.714679]                                lock(&sig->cred_guard_mutex);
[   38.721658]   lock(&pipe->mutex/1);
[   38.725329] 
[   38.725329]  *** DEADLOCK ***
[   38.725329] 
[   38.731365] 1 lock held by syz-executor993/1781:
[   38.736168]  #0:  (&sig->cred_guard_mutex){+.+.}, at: [<ffffffff8176bee1>] prepare_bprm_creds+0x51/0x110
[   38.745792] 
[   38.745792] stack backtrace:
[   38.750265] CPU: 0 PID: 1781 Comm: syz-executor993 Not tainted 4.14.92+ #5
[   38.757468] Call Trace:
[   38.760043]  dump_stack+0xb9/0x10e
[   38.763562]  print_circular_bug.isra.0.cold+0x2dc/0x425
[   38.768897]  ? __lock_acquire+0x2d83/0x3fa0
[   38.773199]  ? trace_hardirqs_on+0x10/0x10
[   38.777412]  ? _raw_spin_unlock_irqrestore+0x41/0x70
[   38.782685]  ? __lock_acquire+0x56a/0x3fa0
[   38.786899]  ? do_filp_open+0x1a1/0x280
[   38.790846]  ? lock_acquire+0x10f/0x380
[   38.794793]  ? fifo_open+0x156/0x9b0
[   38.798668]  ? fifo_open+0x156/0x9b0
[   38.802362]  ? __mutex_lock+0xf7/0x1430
[   38.806417]  ? fifo_open+0x156/0x9b0
[   38.810113]  ? ___slab_alloc.constprop.0+0x224/0x470
[   38.815188]  ? fifo_open+0x156/0x9b0
[   38.818877]  ? __ww_mutex_wakeup_for_backoff+0x210/0x210
[   38.824298]  ? fifo_open+0x284/0x9b0
[   38.827991]  ? lock_downgrade+0x5d0/0x5d0
[   38.832109]  ? lock_acquire+0x10f/0x380
[   38.836052]  ? fifo_open+0x243/0x9b0
[   38.839768]  ? debug_mutex_init+0x28/0x53
[   38.843893]  ? fifo_open+0x156/0x9b0
[   38.847680]  ? fifo_open+0x156/0x9b0
[   38.851501]  ? do_dentry_open+0x41b/0xd60
[   38.855719]  ? pipe_release+0x240/0x240
[   38.859674]  ? vfs_open+0x105/0x230
[   38.863279]  ? path_openat+0xb6b/0x2b70
[   38.867225]  ? path_mountpoint+0x9a0/0x9a0
[   38.871491]  ? kasan_kmalloc.part.0+0xa6/0xd0
[   38.875962]  ? kasan_kmalloc.part.0+0x4f/0xd0
[   38.880488]  ? kmemdup+0x23/0x50
[   38.883829]  ? selinux_cred_prepare+0x3e/0x90
[   38.888294]  ? do_filp_open+0x1a1/0x280
[   38.892237]  ? prepare_bprm_creds+0x66/0x110
[   38.896631]  ? may_open_dev+0xe0/0xe0
[   38.900406]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[   38.905827]  ? rcu_read_lock_sched_held+0x10a/0x130
[   38.910919]  ? do_open_execat+0xf7/0x5c0
[   38.914954]  ? setup_arg_pages+0x710/0x710
[   38.919165]  ? do_execveat_common.isra.0+0x674/0x1c30
[   38.924329]  ? lock_acquire+0x10f/0x380
[   38.928279]  ? do_execveat_common.isra.0+0x422/0x1c30
[   38.933464]  ? check_preemption_disabled+0x35/0x1f0
[   38.938459]  ? do_execveat_common.isra.0+0x6b3/0x1c30
[   38.943776]  ? prepare_bprm_creds+0x110/0x110
[   38.948444]  ? getname_flags+0x22e/0x550
[   38.952533]  ? SyS_execve+0x34/0x40
[   38.956172]  ? setup_new_exec+0x770/0x770
[   38.960295]  ? do_syscall_64+0x19b/0x4b0
[   38.964327]  ? entry_SYSCALL_64_after_hwframe+0x42/0xb7