[   11.098225] random: sshd: uninitialized urandom read (32 bytes read)
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   18.787499] random: sshd: uninitialized urandom read (32 bytes read)
[   19.185569] audit: type=1400 audit(1543209227.628:6): avc:  denied  { map } for  pid=1765 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   19.222117] random: sshd: uninitialized urandom read (32 bytes read)
[   19.616076] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.45' (ECDSA) to the list of known hosts.
[   25.684528] urandom_read: 1 callbacks suppressed
[   25.684531] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   25.778035] audit: type=1400 audit(1543209234.218:7): avc:  denied  { map } for  pid=1783 comm="syz-executor697" path="/root/syz-executor697362538" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   25.828249] 
[   25.829985] ======================================================
[   25.836286] WARNING: possible circular locking dependency detected
[   25.842572] 4.14.83+ #9 Not tainted
[   25.846167] ------------------------------------------------------
[   25.852458] syz-executor697/1784 is trying to acquire lock:
[   25.858137]  (&pipe->mutex/1){+.+.}, at: [<ffffffff943761c6>] fifo_open+0x156/0x9d0
[   25.865913] 
[   25.865913] but task is already holding lock:
[   25.871874]  (&sig->cred_guard_mutex){+.+.}, at: [<ffffffff9437060e>] prepare_bprm_creds+0x4e/0x110
[   25.881032] 
[   25.881032] which lock already depends on the new lock.
[   25.881032] 
[   25.889319] 
[   25.889319] the existing dependency chain (in reverse order) is:
[   25.896908] 
[   25.896908] -> #1 (&sig->cred_guard_mutex){+.+.}:
[   25.903203]        __mutex_lock+0xf5/0x1480
[   25.907695]        proc_pid_attr_write+0x16b/0x280
[   25.912675]        __vfs_write+0xf4/0x5c0
[   25.916809]        __kernel_write+0xf3/0x330
[   25.921213]        write_pipe_buf+0x192/0x250
[   25.925679]        __splice_from_pipe+0x324/0x740
[   25.930491]        splice_from_pipe+0xcf/0x130
[   25.935044]        default_file_splice_write+0x37/0x80
[   25.940293]        SyS_splice+0xd06/0x12a0
[   25.944500]        do_syscall_64+0x19b/0x4b0
[   25.948883]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   25.954567] 
[   25.954567] -> #0 (&pipe->mutex/1){+.+.}:
[   25.960180]        lock_acquire+0x10f/0x380
[   25.964487]        __mutex_lock+0xf5/0x1480
[   25.968785]        fifo_open+0x156/0x9d0
[   25.972893]        do_dentry_open+0x426/0xda0
[   25.977374]        vfs_open+0x11c/0x210
[   25.981326]        path_openat+0x4eb/0x23a0
[   25.985619]        do_filp_open+0x197/0x270
[   25.990092]        do_open_execat+0x10d/0x5b0
[   25.994659]        do_execveat_common.isra.14+0x6cb/0x1d60
[   26.000257]        SyS_execve+0x34/0x40
[   26.004203]        do_syscall_64+0x19b/0x4b0
[   26.008583]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   26.014264] 
[   26.014264] other info that might help us debug this:
[   26.014264] 
[   26.022457]  Possible unsafe locking scenario:
[   26.022457] 
[   26.028487]        CPU0                    CPU1
[   26.033126]        ----                    ----
[   26.037763]   lock(&sig->cred_guard_mutex);
[   26.042052]                                lock(&pipe->mutex/1);
[   26.048170]                                lock(&sig->cred_guard_mutex);
[   26.055052]   lock(&pipe->mutex/1);
[   26.058819] 
[   26.058819]  *** DEADLOCK ***
[   26.058819] 
[   26.064879] 1 lock held by syz-executor697/1784:
[   26.069636]  #0:  (&sig->cred_guard_mutex){+.+.}, at: [<ffffffff9437060e>] prepare_bprm_creds+0x4e/0x110
[   26.079418] 
[   26.079418] stack backtrace:
[   26.084095] CPU: 0 PID: 1784 Comm: syz-executor697 Not tainted 4.14.83+ #9
[   26.091078] Call Trace:
[   26.093659]  dump_stack+0xb9/0x11b
[   26.097189]  print_circular_bug.isra.18.cold.43+0x2d3/0x40c
[   26.102882]  ? save_trace+0xd6/0x250
[   26.106572]  __lock_acquire+0x2ff9/0x4320
[   26.110823]  ? check_preemption_disabled+0x34/0x1e0
[   26.115842]  ? trace_hardirqs_on+0x10/0x10
[   26.120203]  ? trace_hardirqs_on_caller+0x381/0x520
[   26.125195]  ? _raw_spin_unlock_irqrestore+0x41/0x70
[   26.130279]  ? __lock_acquire+0x619/0x4320
[   26.134493]  ? alloc_pipe_info+0x15b/0x370
[   26.138701]  ? fifo_open+0x1ef/0x9d0
[   26.142515]  ? do_dentry_open+0x426/0xda0
[   26.146740]  ? vfs_open+0x11c/0x210
[   26.150343]  ? path_openat+0x4eb/0x23a0
[   26.154298]  lock_acquire+0x10f/0x380
[   26.158068]  ? fifo_open+0x156/0x9d0
[   26.161757]  ? fifo_open+0x156/0x9d0
[   26.165615]  __mutex_lock+0xf5/0x1480
[   26.169394]  ? fifo_open+0x156/0x9d0
[   26.173080]  ? fifo_open+0x156/0x9d0
[   26.176783]  ? dput.part.6+0x3b3/0x710
[   26.180652]  ? __ww_mutex_wakeup_for_backoff+0x240/0x240
[   26.186077]  ? fs_reclaim_acquire+0x10/0x10
[   26.190372]  ? fifo_open+0x284/0x9d0
[   26.194056]  ? lock_downgrade+0x560/0x560
[   26.198174]  ? lock_acquire+0x10f/0x380
[   26.202245]  ? fifo_open+0x243/0x9d0
[   26.205931]  ? debug_mutex_init+0x28/0x53
[   26.210049]  ? fifo_open+0x156/0x9d0
[   26.213742]  fifo_open+0x156/0x9d0
[   26.217362]  do_dentry_open+0x426/0xda0
[   26.221315]  ? pipe_release+0x240/0x240
[   26.225262]  vfs_open+0x11c/0x210
[   26.228779]  path_openat+0x4eb/0x23a0
[   26.232552]  ? path_mountpoint+0x9a0/0x9a0
[   26.236759]  ? kasan_kmalloc.part.1+0xa9/0xd0
[   26.241227]  ? kasan_kmalloc.part.1+0x4f/0xd0
[   26.245715]  ? __kmalloc_track_caller+0x104/0x300
[   26.250544]  ? kmemdup+0x20/0x50
[   26.253888]  ? security_prepare_creds+0x7c/0xb0
[   26.258529]  ? prepare_creds+0x225/0x2a0
[   26.262562]  ? prepare_exec_creds+0xc/0xe0
[   26.266773]  ? prepare_bprm_creds+0x62/0x110
[   26.271157]  ? do_execveat_common.isra.14+0x2cd/0x1d60
[   26.276406]  ? SyS_execve+0x34/0x40
[   26.280005]  ? do_syscall_64+0x19b/0x4b0
[   26.284048]  do_filp_open+0x197/0x270
[   26.287841]  ? may_open_dev+0xd0/0xd0
[   26.291619]  ? trace_hardirqs_on+0x10/0x10
[   26.295832]  ? fs_reclaim_acquire+0x10/0x10
[   26.300432]  ? rcu_read_lock_sched_held+0x102/0x120
[   26.305441]  do_open_execat+0x10d/0x5b0
[   26.309403]  ? setup_arg_pages+0x720/0x720
[   26.313680]  ? do_execveat_common.isra.14+0x68d/0x1d60
[   26.318942]  ? lock_downgrade+0x560/0x560
[   26.323081]  ? lock_acquire+0x10f/0x380
[   26.327179]  ? check_preemption_disabled+0x34/0x1e0
[   26.332173]  do_execveat_common.isra.14+0x6cb/0x1d60
[   26.337256]  ? prepare_bprm_creds+0x110/0x110
[   26.341724]  ? getname_flags+0x222/0x540
[   26.345765]  SyS_execve+0x34/0x40
[   26.349206]  ? setup_new_exec+0x770/0x770
[   26.353327]  do_syscall_64+0x19b/0x4b0
[   26.357190]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   26.362351] RIP: 0033:0x445759
[   26.365580] RSP: 002b:00007f6315636da8 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
[   26.373267] RAX: ffffffffffffffda RBX: 00000000006dac48 RCX: 0000000000445759
[   2