[....] Starting OpenBSD Secure Shell server: sshd[ 11.251186] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 41.523197] random: sshd: uninitialized urandom read (32 bytes read) [ 41.949054] audit: type=1400 audit(1553307826.741:6): avc: denied { map } for pid=1777 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 42.011777] random: sshd: uninitialized urandom read (32 bytes read) [ 42.533438] random: sshd: uninitialized urandom read (32 bytes read) [ 42.704290] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.202' (ECDSA) to the list of known hosts. [ 48.298021] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 48.393820] audit: type=1400 audit(1553307833.191:7): avc: denied { map } for pid=1789 comm="syz-executor142" path="/root/syz-executor142915877" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 48.397837] [ 48.421862] ====================================================== [ 48.428211] WARNING: possible circular locking dependency detected [ 48.434787] 4.14.107+ #34 Not tainted [ 48.438782] ------------------------------------------------------ [ 48.445082] syz-executor142/1789 is trying to acquire lock: [ 48.450889] (&pipe->mutex/1){+.+.}, at: [] fifo_open+0x156/0x9b0 [ 48.458678] [ 48.458678] but task is already holding lock: [ 48.464642] (&sig->cred_guard_mutex){+.+.}, at: [] prepare_bprm_creds+0x51/0x110 [ 48.473909] [ 48.473909] which lock already depends on the new lock. [ 48.473909] [ 48.482432] [ 48.482432] the existing dependency chain (in reverse order) is: [ 48.490136] [ 48.490136] -> #1 (&sig->cred_guard_mutex){+.+.}: [ 48.496447] [ 48.496447] -> #0 (&pipe->mutex/1){+.+.}: [ 48.502067] [ 48.502067] other info that might help us debug this: [ 48.502067] [ 48.510386] Possible unsafe locking scenario: [ 48.510386] [ 48.516422] CPU0 CPU1 [ 48.521367] ---- ---- [ 48.526020] lock(&sig->cred_guard_mutex); [ 48.530646] lock(&pipe->mutex/1); [ 48.536822] lock(&sig->cred_guard_mutex); [ 48.543969] lock(&pipe->mutex/1); [ 48.547625] [ 48.547625] *** DEADLOCK *** [ 48.547625] [ 48.553861] 1 lock held by syz-executor142/1789: [ 48.558859] #0: (&sig->cred_guard_mutex){+.+.}, at: [] prepare_bprm_creds+0x51/0x110 [ 48.568485] [ 48.568485] stack backtrace: [ 48.573076] CPU: 0 PID: 1789 Comm: syz-executor142 Not tainted 4.14.107+ #34 [ 48.580282] Call Trace: [ 48.582928] dump_stack+0xb9/0x10e [ 48.586471] print_circular_bug.isra.0.cold+0x2dc/0x425 [ 48.591825] ? __lock_acquire+0x2d83/0x3fa0 [ 48.596517] ? trace_hardirqs_on+0x10/0x10 [ 48.600944] ? _raw_spin_unlock_irqrestore+0x41/0x70 [ 48.606197] ? __lock_acquire+0x56a/0x3fa0 [ 48.610436] ? do_filp_open+0x1a1/0x280 [ 48.614441] ? lock_acquire+0x10f/0x380 [ 48.618495] ? fifo_open+0x156/0x9b0 [ 48.622426] ? fifo_open+0x156/0x9b0 [ 48.626128] ? __mutex_lock+0xf7/0x1430 [ 48.630098] ? fifo_open+0x156/0x9b0 [ 48.633856] ? fifo_open+0x156/0x9b0 [ 48.637564] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 48.643010] ? fifo_open+0x284/0x9b0 [ 48.646936] ? lock_downgrade+0x5d0/0x5d0 [ 48.651080] ? lock_acquire+0x10f/0x380 [ 48.655195] ? fifo_open+0x243/0x9b0 [ 48.658949] ? debug_mutex_init+0x28/0x53 [ 48.663209] ? fifo_open+0x156/0x9b0 [ 48.666905] ? fifo_open+0x156/0x9b0 [ 48.670693] ? do_dentry_open+0x41b/0xd60 [ 48.674823] ? pipe_release+0x240/0x240 [ 48.679139] ? vfs_open+0x105/0x230 [ 48.682762] ? path_openat+0xb6b/0x2b70 [ 48.686723] ? path_mountpoint+0x9a0/0x9a0 [ 48.691328] ? kasan_kmalloc.part.0+0xa6/0xd0 [ 48.695811] ? kasan_kmalloc.part.0+0x4f/0xd0 [ 48.700299] ? kmemdup+0x23/0x50 [ 48.703658] ? selinux_cred_prepare+0x3e/0x90 [ 48.708147] ? do_filp_open+0x1a1/0x280 [ 48.712101] ? prepare_bprm_creds+0x66/0x110 [ 48.716582] ? may_open_dev+0xe0/0xe0 [ 48.720647] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 48.726087] ? rcu_read_lock_sched_held+0x10a/0x130 [ 48.731110] ? do_open_execat+0xf7/0x5c0 [ 48.735255] ? setup_arg_pages+0x710/0x710 [ 48.739475] ? do_execveat_common.isra.0+0x674/0x1c30 [ 48.744660] ? lock_acquire+0x10f/0x380 [ 48.748634] ? do_execveat_common.isra.0+0x422/0x1c30 [ 48.754129] ? check_preemption_disabled+0x35/0x1f0 [ 48.759136] ? do_execveat_common.isra.0+0x6b3/0x1c30 [ 48.764329] ? prepare_bprm_creds+0x110/0x110 [ 48.768871] ? getname_flags+0x22e/0x550 [ 48.772922] ? SyS_execve+0x34/0x40 [ 48.776621] ? setup_new_exec+0x770/0x770 [ 48.780843] ? do_syscall_64+0x19b/0x4b0 [ 48.784894] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7